Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect addresses returned with interaction of static /etc/hosts with DNS64 #11770

Closed
davidsummers opened this issue Jul 8, 2022 · 5 comments
Closed

Incorrect addresses returned with interaction of static /etc/hosts with DNS64 #11770

davidsummers opened this issue Jul 8, 2022 · 5 comments
Labels
rec
Milestone
rec-4.9.0

Comments

@davidsummers
Copy link

davidsummers commented Jul 8, 2022
edited by Habbie

  • Program: Recursor
  • Issue type: Bug report

When using both the options:

export-etc-hosts=yes

dns64-prefix=2001:db8:abcd:64::/96

I believe there is a missing test to see if the IPv6 address already exists for that host name and don't do the DNS64 processing to synthesize an IPv6 address if that host has an IPv6 address already configured in /etc/hosts.

Short description

It is returning the DNS64 synthesized address instead of the actual configured IPv6 address in the /etc/host file, even though the IPv6 address is configured in the /etc/hosts file.

DNS64 synthesized address should ONLY be generated if there is NOT a pre-configured IPv6 address for that host name in the /etc/hosts file.

Since the /etc/hosts was just recently fixed to add capability for IPv6 lookups in PDNS 4.8 (alpha) then this interaction may have been inadvertently overlooked.

Environment

  • Operating system: VyOS (Debian "Buster")
  • Software version: 1.3
  • Software source: PDNS 4.5 (compiled into VyOS 1.3)

Steps to reproduce

PDNS configuration file /run/powerdns/recursor.conf:

export-etc-hosts=yes
dns64-prefix=2001:db8:abcd:64::/96

Then when the /etc/hosts file has

10.1.10.51 myhost
2001:db8:abcd:10::51 myhost

Look up 'myhost' with:

$ host myhost

Expected behaviour

myhost has address 10.1.10.51
mhost has IPv6 address 2001:db8:abcd:10::51

Actual behaviour

myhost has address 10.1.10.51
mhost has IPv6 address 2001:db8:abcd:64::a01:a33

Other information

I just discovered that PDNS recursor just recently had code added to "export-etc-hosts" option to handle IPv6.

My theory is that the interaction between that and 'dns64-prefix' was overlooked.
@davidsummers davidsummers changed the title Incorrect values returned with interaction of static /etc/hosts with DNS64 Incorrect addresses returned with interaction of static /etc/hosts with DNS64 Jul 8, 2022
@omoerbeek
Copy link
Member

omoerbeek commented Jul 12, 2022
edited

The version you are running (4.5.x) does not handle v6 addresses in /etc/hosts at all. This new functionality is not yet in a released version, it will be in 4.8.0, to be released in a few months.

For 4.5.x, if you make an auth-zone with the mapping you need, things should work.

@davidsummers
Copy link
Author

Yes, sorry, I forgot to mention that I'm currently testing PDNS Recursor 4.8.0 ALPHA (unreleased) in VyOS 1.3.2 (unreleased) and that is where I noticed this problem.

If this problem could be resolved then I would have a complete DNS IPv6-only working system with just VyOS router (which uses PDNS Recursor) and no other software.

@omoerbeek
Copy link
Member

Ah, in that case I think you are hitting upon a limitation in the current implementation, see #11690
An auth-zone still could be used as a workaround. I'll see if I can reproduce and provide an example of the workaround I have in mind.

@omoerbeek
Copy link
Member

OK, indeed, as the log shows, the v6 entry is skipped because there is already an entry for myhost. That is exactly the subject of #11690.

For a workaround, create a zone file local.zone:

$TTL 300
@              IN SOA  local.  hostmaster.local. (
                       1000000000 ; Serial number
                       60         ; Refresh every 1 minutes
                       60         ; Retry every minute
                       432000     ; Expire in 5 days
                       60 )       ; negative caching ttl 1 minute
               IN NS   localhost.

@ IN A 10.1.10.51 
@ IN AAAA 2001:db8:abcd:10::51

And use in recursor.conf:

auth-zones=myhost=.../local.zone
#export-etc-hosts=yes

Replacing the automatic /etc/hosts loading by your zone for myhost.

Then (I'm running my test recursor on port 5301):

$ dig @127.0.0.1 -p 5301 myhost a

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 5301 myhost a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23015
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;myhost.				IN	A

;; ANSWER SECTION:
myhost.			271	IN	A	10.1.10.51

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5301(127.0.0.1)
;; WHEN: Wed Jul 13 10:23:22 CEST 2022
;; MSG SIZE  rcvd: 51

$ dig @127.0.0.1 -p 5301 myhost aaaa

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 5301 myhost aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;myhost.				IN	AAAA

;; ANSWER SECTION:
myhost.			272	IN	AAAA	2001:db8:abcd:10::51

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5301(127.0.0.1)
;; WHEN: Wed Jul 13 10:23:24 CEST 2022
;; MSG SIZE  rcvd: 63

@omoerbeek omoerbeek added the rec label Aug 17, 2022
@omoerbeek omoerbeek added this to the rec-4.9.0 milestone Nov 28, 2022
@omoerbeek
Copy link
Member

Should be fixed by #12203

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rec
Projects
None yet
Milestone
rec-4.9.0
Development

No branches or pull requests
2 participants
@omoerbeek @davidsummers