-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is 'unicast SOA heuristic' a problem for end users? #75
Comments
This is very interesting. I wonder if Apple software has other heuristics now, or if they have just stopped with SOA probing. What version of macOS are you testing? |
I wrote something wrong for MacOS: I think i did not see the initial SOA request due to internal caching. MacOS (Catalina 10.15.7) sends the SOA query, and then the A query to the DNS. If one fails, it fallbacks to mDNS this is a dump for ping myprinter.local from last MacOS after wi-fi disconnect and reconnect (to flush DNS/mDNS caches): MacOS case when SOA query to DNS gives an answer, but A query fails:
MacOS case when SOA query to DNS gives an answer, and DNS answer to A query too:
but with MacOS I'm still able to print without problems, despite I can see the same resolution request with bad A answer (192.168.56.4 is not a printer). No idea on how the magic works on these apple blackboxes... I'm still investigating. |
If you are able to figure out the Apple heuristic, there is a chance we can implement it. |
Oh yes, I'm an "end user" who spent several days to investigate mDNS not working after upgrading from Linux Mint 19 (≈Ubuntu 18.04) to Mint 20 (≈Ubuntu 20.04). I'm relatively new to Linux and mDNS, and had no idea which specific component is responsible for this issue. The only resource I found which seemed relatively relevant was from 2009, and setting Applying the solution from README fixed the issue for me, thanks for the info. But I still doubt that enabling unicast SOA heuristic by default was a good idea. Below I'll try to explain why.
Looking back after solving the issue, it's funny to see "zeroconf" not working without some configuration. ;) |
Great! 👍 I hope I will find some time to investigate on MacOS further, but I have no real idea now on how to find more info from it: is a kind of blackbox. And about 3: "Companies using ".local" domain in DNS do violate RFC 6762". Yes, I'm a sysadmin, using Active Directory. I admit that 12-13 years ago I setup a small company domain controller server with "xxx.local" DNS domain. I discovered the problem 6 years ago, and changed AD domain and all clients to another domain. Luckily, only 15 clients/servers were involved. |
I also spent several hours to investigate printing problems. I figured out that the mdns address resolution didn't worked after system upgrade. Finally I found this issue. Due to unknown reason my router / ISP answers with a SOA for the .local domain. For me it was easy to fix the issue by adding the |
I can say SOA heuristics also gave me headaches in #79 |
I'm another victim of the SOA heuristic trying to setup a new printer. I've seen a lot of forum messages when trying to diagnose this with people struggling with their printer setup as it is seen by avahi and then cups is unable to resolve the name. Most seem to end up hard coding the IP not realising what the problem was (though it could be mdns not being configured at all). I would imagine it is much more likely that a @agoode Why not just delete the heuristic altogether? The |
I implemented the heuristic based on the current guidance from Apple at the time (the now-deleted https://support.apple.com/en-us/HT201275). This was to fix crbug.com/626377. It may be the case that the heuristic causes more harm than good these days, and/or that nss-mdns is the only thing still implementing it. I'd like to know if Windows and Mac (and iOS) devices still implement the unicast SOA heuristic. If they don't, maybe we can drop it. If they use some other mechanism instead, maybe we'd need to implement that. I could try poking around but it would save time if others could do the investigation and post the results here. Basically, we need to know what happens when your DNS server returns records for |
I think this check has unfortunate implementation, which should be modified to something else. I understand it was implemented to avoid regressions on existing networks. What I think would be a better replacement is a quick mode. Current configuration is quite unusable when the searched name is not found in MDNS. It takes 5 seconds to timeout with mdns4_minimal. It takes 10 seconds with mdns_minimal, which provides also IPv6 addresses. That is too much. I think the primary reason for disabling .local domain when SOA exists is making unicast DNS responses usable. That requires two things:
On solid networks positive responses take up to 20ms, on worse netwoks it takes up to 100ms. I think we should instruct avahi to make faster query and abort sooner. Then it should not authoritatively say not found, but instead report unavail. That would make nss hosts module to continue to dns, where it can search also unicast space. If we waited just up to 500ms, it would still have enough time for retries, but not take too long to make it unusable for those having still records in .local unicast zone. And of course something should be done to speed up search for names on both IPv6 and IPv4 concurrently. |
I'm going to make a new release at some point to include #84. It would be good to see if this issue can then be closed. |
After years, unfortunately I'm no longer able to test that setup with the same ISP. So I'm closing this issue, in the hope that it has been fixed with #84 |
Take new linux desktop with nss-mdns 0.14 (Ubuntu 20.04, Ubuntu 20.10...). Put this desktop PC at home or in a small office where the ISP default DNS is serving a SOA record for ".local" domain.
Printing from that box to a local network printer will be impossible for the common end user, because printername.local resolution will never work due to SOA heuristic.
This is what the DNS for an Italian ISP, called WINDTRE (formerly known as WIND), returns when requesting the SOA record for "local" zone:
This, according to README.md on SOA heuristic, will prevent libnss-mdns to resolve hosts via mDNS.
And just to complete all the steps:
myprintername.local will then be resolved with that ISP advertisements webserver instead of NXDOMAIN, so CUPS will try to send your prints to your ISP.
I know that
but a standard user will never be able to track its problem to a SOA heuristic problem, come here, understand and fix as explained on the README.md
Also please note that current MacOS does not seem to be affected by this problem.
I can't see SOA queries when launching ping myprinntername.local, and the printer name is resolved locally with its private IP address.The text was updated successfully, but these errors were encountered: