"search ." in /etc/resolv.conf breaks hostname resolution

[yrro]

When there is no search line in /etc/resolv.conf but the systems' hostname contains a domain (e.g., the kernel hostname is literally mymachine.example.com), glibc behaves as if search example.com was written in /etc/resolv.conf.

In order to disable this behaviour, systemd-resolved writes search . in /etc/resolv.conf.

This causes resolution with c-ares to fail with ARES_EBADNAME:

$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search .

$ ./ares-test nxdomain.eeeeee
ares_search -> Misformatted domain name (8)

$ ./ares-test myhostname
ares_search -> Misformatted domain name (8)

If I remove the search line from /etc/resolv.conf then c-ares behaves as expected:

$ ./ares-test mymachine
ares_search -> Domain name not found (4)

$ ./ares-test nxdomain.eeeeee
ares_search -> Domain name not found (4)

The client can use the ARES_FLAG_NOSEARCH option to work around this bug.

This was discovered while investigating an SSSD bug.

Test program:

#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <errno.h>
#include <netdb.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>

#include <ares.h>

void cb(void *arg, int status, int timeouts, unsigned char *abuf, int alen) {
    if (status != 0) {
        fprintf(stderr, "ares_search -> %s (%d)\n", ares_strerror(status), status);
        return;
    }

    int r;
    struct hostent *host;
    int naddr = 4;
    struct ares_addrttl addr[naddr];
    if ((r = ares_parse_a_reply(abuf, alen, &host, addr, &naddr)) != 0) {
        fprintf(stderr, "ares_parse_a_reply: %s\n", ares_strerror(r));
        return;
    }

    for (int n = 0; n < naddr; n++) {
        printf("%s: %s\n", host->h_name, inet_ntoa(addr[n].ipaddr));
    }

    ares_free_hostent(host);
}

int main(int argc, char *argv[]) {
    int stat = 0;

    if (argc != 2) {
        fputs("provide a hostname\n", stderr);
        return 1;
    }
    const char *name = argv[1];

    int r;
    ares_channel chan;
    if ((r = ares_init(&chan)) != 0 ) {
        fprintf(stderr, "ares_init: %s\n", ares_strerror(r));
        return 1;
    }

    ares_search(chan, name, ns_c_in, ns_t_a, cb, NULL);
    for(;;) {
        int nfds;
        fd_set readers, writers;
        FD_ZERO(&readers);
        FD_ZERO(&writers);
        nfds = ares_fds(chan, &readers, &writers);
        if (nfds == 0)
            break;

        struct timeval tv, *tvp;
        tvp = ares_timeout(chan, NULL, &tv);

        if (select(nfds, &readers, &writers, NULL, tvp) == -1) {
            fprintf(stderr, "select: %s\n", strerror(errno));
            stat = 1;
            break;
        }
        ares_process(chan, &readers, &writers);
    }

    ares_destroy(chan);
    return stat;
}

// vim: ts=8 sts=4 sw=4 et

[bradh352]

Thanks for the report, we'll get a fix for this into the next release.

[yrro]

I had a go at fixing it myself & I added a couple of tests for ares__cat_domain.