View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006069 | GNUnet | other | public | 2020-01-30 11:32 | 2020-07-09 09:17 |
Reporter | rexxnor | Assigned To | schanzen | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.13.0 | Fixed in Version | 0.13.0 | ||
Summary | 0006069: dns2gns bridge weird behaviour (returning all A/AAAA records in every case) | ||||
Description | When using a dns2gns as a resolver to resolve records in GNS via regular DNS there are a few problems. I wrote a test script in src/gns/ in commit 015cd279b to highlight the issue. When executing the script there are a few nslookup commands being executed. I expect to see the adresses configured to appear once, however in some cases the dns2gns bridge returns the same address multiple times. It seems that nslookup does an A record lookup and gets all A records including AAAA records from the dns2gns server. nslookup does a separate AAAA lookup and again gets all A and AAAA records from the DNS server. Another thing I noticed was that the order in which the records are returned is always the same. Usually in DNS, the DNS server will return them in some kind of random order (so that round-robin DNS works). Furthermore the second test in the file resolves the record using another DNS server. Compared to the results of the GNS lookup, it only ever shows a single IPv4 and IPv6 address for a host. This is not the case for any resolved GNS record because of the issue above. Lastly, dig fails to resolve records entirely (see additional info). No idea why and I have not troubleshooted it. | ||||
Steps To Reproduce | Simple using the test: $ cd src/gns/ $ bash test_dns2gns.sh If you want to verify this in general: Add the following to your gnunet.conf file: [dns2gns] OPTIONS = -d 1.1.1.1 -p 5353 Start your GNUnet peer and start dns2gns with: $ gnunet-arm -I dns2gns Add a zone and a few records, then resolve using $ nslookup -port=5353 <label>.<zonename> 127.0.0.1 | ||||
Additional Information | From a running setup that made me notice the issue: $ gnunet-namestore -D -z foo www: A: 4.4.4.4 (1 h) PRIVATE A: 3.3.3.3 (1 h) PRIVATE A: 2.2.2.2 (1 h) PRIVATE AAAA: dead::beef (1 h) PUBLIC A: 1.1.1.1 (1 h) PUBLIC $ nslookup www.foo ::1 Server: ::1 Address: ::1#53 Non-authoritative answer: Name: www.foo Address: 4.4.4.4 Name: www.foo Address: 3.3.3.3 Name: www.foo Address: 2.2.2.2 Name: www.foo Address: dead::beef Name: www.foo Address: 1.1.1.1 Name: www.foo Address: 4.4.4.4 Name: www.foo Address: 3.3.3.3 Name: www.foo Address: 2.2.2.2 Name: www.foo Address: dead::beef Name: www.foo Address: 1.1.1.1 With host: $ host www.foo www.foo has address 4.4.4.4 www.foo has address 3.3.3.3 www.foo has address 2.2.2.2 www.foo has IPv6 address dead::beef www.foo has address 1.1.1.1 www.foo has address 4.4.4.4 www.foo has address 3.3.3.3 www.foo has address 2.2.2.2 www.foo has IPv6 address dead::beef www.foo has address 1.1.1.1 www.foo has address 4.4.4.4 www.foo has address 3.3.3.3 www.foo has address 2.2.2.2 www.foo has IPv6 address dead::beef www.foo has address 1.1.1.1 host with record type specified: $ $ host -t A www.foo www.foo has address 4.4.4.4 www.foo has address 3.3.3.3 www.foo has address 2.2.2.2 www.foo has IPv6 address dead::beef www.foo has address 1.1.1.1 $ host -t AAAA www.foo www.foo has address 4.4.4.4 www.foo has address 3.3.3.3 www.foo has address 2.2.2.2 www.foo has IPv6 address dead::beef www.foo has address 1.1.1.1 With dig: dig @127.0.0.1 www.foo ;; Warning: Message parser reports malformed message packet. ;; Truncated, retrying in TCP mode. ;; Connection to 127.0.0.1#53(127.0.0.1) for www.foo failed: connection refused. | ||||
Tags | No tags attached. | ||||
|
The behaviour for nslookup and host is to be expected. GNS always returns all records under the name _if_ the requested record type is among them. DNS allows to return any records from a query. You need to check/filter yourself usually. Now you could argue that the dns2gns server should filter the records according to type like gnunet-gns.c does. But I am not sure if this is a good idea. So the behaviour is different from most other name servers, but it still compliant. If you want, you could change this in the implementation. But sometimes you actually _want_ to also return other records in addition to the IP address. The dig thing might actually be a bug in dns2gns. Maybe it even crashed? As it ends with a "connection refused". |
|
As long as the behavior is still compliant it is fine in my book. I was not sure if that was compliant. About the dig thing: It seems as the message is too long for some reason (I have no idea how that is only a problem with dig) and it tries TCP which is not implemented in dns2gns. |
|
Is this still an issue? |
|
I think rexxnor is _probably_ right to call for randomizing the order and removing duplicate entries. I would not filter by record type, *unless* the client is _not_ on loopback and the resulting message would be too big for a single UDP packet. Here, we should ideally _also_ check the (E)DNS settings and if (E)DNS is not specified, stick to the 512-byte maximum (and first filter only DNSSEC Records if (E)DNS is not specified _and_ the reply gets too big). |
|
This is fixed in d6d7bf7df..612704d69 For the result filtering feature, I opened https://bugs.gnunet.org/view.php?id=6401 |
|
0.13.0 released |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-01-30 11:32 | rexxnor | New Issue | |
2020-02-03 13:40 | schanzen | Note Added: 0015303 | |
2020-02-03 13:40 | schanzen | Status | new => acknowledged |
2020-02-04 19:18 | rexxnor | Note Added: 0015304 | |
2020-04-24 10:31 | schanzen | Fixed in Version | => 0.13.0 |
2020-04-24 10:31 | schanzen | Target Version | => 0.13.0 |
2020-05-09 21:26 | schanzen | Assigned To | => schanzen |
2020-05-09 21:26 | schanzen | Status | acknowledged => feedback |
2020-05-09 21:26 | schanzen | Note Added: 0015872 | |
2020-06-01 00:49 |
|
Issue cloned: 0006293 | |
2020-06-01 00:52 |
|
Issue cloned: 0006334 | |
2020-06-03 10:38 | Christian Grothoff | Note Added: 0016226 | |
2020-06-21 22:18 | schanzen | Status | feedback => resolved |
2020-06-21 22:18 | schanzen | Resolution | open => fixed |
2020-06-21 22:18 | schanzen | Note Added: 0016331 | |
2020-07-09 09:17 | schanzen | Note Added: 0016414 | |
2020-07-09 09:17 | schanzen | Status | resolved => closed |