Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
net: pure go version of dnsclient does a DNS lookup of "localhost" qualified with the domain name. #32017
This bug is derived from this one I reported in Kubernetes.
What did you do?
On my DNS domain, someone decided it would be cute to create a hostname 'localhost.mydomain.com'.
Go's pure go DNS resolver, when looking up "localhost", tries "localhost.mydomain.com" first and ends up with an IP address from DNS, rather than resolving to 127.0.0.1 from /etc/hosts like you'd expect.
What did you expect to see?
I expected that a) there would be no DNS lookup, and b) to get a result of 127.0.0.1
What did you see instead?
Attempts to contact https://localhost/ end up being directed to the cutely-named system elsewhere in the network.
Looking in https://github.com/golang/go/blob/master/src/net/dnsclient_unix.go, it appears that the function
Dup of #22826? (net: add support for "let localhost be localhost")
But looks like https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 stalled (and actually expired).
Is our behavior actually wrong from a spec standpoint?
I personally agree with let-localhost-be-localhost for sanity/security reasons, but it looks like (from #22826) that we were waiting for that to become more official best practice.
"localhost" is supposed to go through name resolution. That's the mechanism for selecting whether it resolves to an IPv4 loopback address or an IPv6 one for that particular host.
However, "localhost" is not supposed to be qualified with the default domain name before that lookup happens. The implementation here checks "localhost.fulldomain.com" first, before it checks "localhost". If no such host exists, you won't notice an issue except perhaps an unnecessary delay. But if it does exist, you're in for a surprise.
I'm not able to reproduce this, though. I tried both the cgo and netgo resolvers, but neither attempts a DNS lookup.
Log of my repro attempt...
In the original circumstance that triggered the bug report, actually no mine is also set to "files dns". But looking at the code it looked like setting dns first would trigger the behavior I found in the code.
I confirmed it - if I set it to "dns files" and use your code, I see a DNS lookup of a FQDN first.
This may indicate I haven't correctly root caused my original issue, but I still see this behavior as an issue.
Yes, I see that too, but I also see that glibc does the same, so it seems like you get what you're asking for if you have your nsswitch.conf configured to do that.
So this bug seems like just a dup of #22826, which IIRC would just be special-casing the meaning in "localhost" in some places.
Closing for now, but let me know if I missed something.