UDP DNS: Bind to specific IP is not retained

[jolakeng]

On MAC, we used the code

    dns.HandleFunc(".", handleDNSRequest)
    defer dns.HandleRemove(".")
    // start serverUDP
    serverUDP := &dns.Server{Addr: "127.0.0.1:53", Net: "udp"}
    go serverUDP.ListenAndServe()
    defer serverUDP.Shutdown()

It bound properly on specific IP and PORT as shown below:

udp4 0 0 127.0.0.1.53 .

But as soon as we write DNS response from handler function like

    msg.Authoritative = true
    domain := msg.Question[0].Name
    msg.Answer = append(msg.Answer, &dns.A{
        Hdr: dns.RR_Header{Name: domain, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 60},
        A:   net.ParseIP("1.2.3.4"),
    })
    w.WriteMsg(&msg)

Binding changes to as shown below:

udp4 0 0 *.53 .

This impacts other DNS server which is running on another interface.

I debugged the UDP DNS code and figured out that after the below line is executed the binding changes

conn.WriteMsgUDP(b, oob, session.raddr)

Please let me know any more information is required such that this great code can be useful in case we wanted to bind to specific IP address and retain the binding

cc: @fastest963

[miekg]

[ Quoting <notifications@github.com> in "[miekg/dns] UDP DNS: Bind to specif..." ]

On MAC, we used the code > dns.HandleFunc(".", handleDNSRequest) > defer dns.HandleRemove(".") > // start serverUDP > serverUDP := &dns.Server{Addr: "127.0.0.1:53", Net: "udp"} > go serverUDP.ListenAndServe() > defer serverUDP.Shutdown() It bound properly on specific IP and PORT as shown below: udp4 0 0 127.0.0.1.53 *.* But as soon as we write DNS response from handler function like > msg.Authoritative = true > domain := msg.Question[0].Name > msg.Answer = append(msg.Answer, &dns.A{ > Hdr: dns.RR_Header{Name: domain, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 60}, > A: net.ParseIP("1.2.3.4"), > }) > w.WriteMsg(&msg) Binding changes to as shown below: udp4 0 0 *.53 *.* This impacts other DNS server which is running on another interface. I debugged the UDP DNS code and figured out that after the below line is executed the binding changes > ServerConn.WriteMsgUDP(b, oob, raddr) Please let me know any more information is required such that this great code can be useful in case we wanted to bind to specific IP address and retain the binding

What does this break? I have no idea why this could be happening, and without more debugging I don't see a fix.

[jameshartig]

@jolakeng what IP address is the server receiving requests on? Is it 127.0.0.1? I assume so but maybe if it's receiving requests on something else and it tries to use a source IP that isn't 127.0.0.1 then Mac automatically changes the listen address? Seems insane, but that's all I can think of.

Can you try adding a print line to correctSource in udp.go and printing out the dst variable so we can see what it's trying to set the Src address to?

[jolakeng]

This issue is reproducible with below sample UDP program, which I made similar to what is been used in DNS code

package main

import (
"fmt"
"golang.org/x/net/ipv4"
"net"
"os"
)

func changeOOB(oob []byte) []byte {
var dst net.IP
cm4 := new(ipv4.ControlMessage)
if cm4.Parse(oob) == nil {
dst = cm4.Dst
cm4.Dst = cm4.Src
cm4.Src = dst
oob = cm4.Marshal()
}
return oob
}

func checkError(err error) {
if err != nil {
fmt.Println("Error: ", err)
os.Exit(0)
}
}

func main() {
ServerAddr, err := net.ResolveUDPAddr("udp", "127.0.0.1:53")
checkError(err)
ServerConn, err := net.ListenUDP("udp", ServerAddr)
checkError(err)
fmt.Println("listening on :127.0.0.1:53")

    ipv4.NewPacketConn(ServerConn).SetControlMessage(ipv4.FlagDst|ipv4.FlagInterface, true)
    defer ServerConn.Close()

    b := make([]byte, 1024)

    for {
            oob := make([]byte, 40)
            _, oobn, _, raddr, err := ServerConn.ReadMsgUDP(b, oob)
            checkError(err)
            fmt.Println("recieve OOB:", oob[:oobn])
            newOOB := changeOOB(oob[:oobn])
            fmt.Println("new OOB:", newOOB, " raddr:", raddr)
            _, _, err = ServerConn.WriteMsgUDP(b, newOOB, raddr)
            checkError(err)
    }

}

Output :

listening on :127.0.0.1:53
recieve OOB: [24 0 0 0 0 0 0 0 26 0 0 0 1 0 0 0 0 0 0 0 127 0 0 1]
new OOB: [24 0 0 0 0 0 0 0 26 0 0 0 1 0 0 0 127 0 0 1 0 0 0 0] raddr: 127.0.0.1:57731

Bind before:

udp4 0 0 127.0.0.1.53 .
Bind after:

udp4 0 0 *.53 .

If don't give newOOB to WriteMsgUDP then binding is retained.
So WriteMsgUDP with OOB is causing the issue.

[jolakeng]

Hi @james Hartig<mailto:notifications@github.com> I printed received OOB, DST and Changed OOB in correctSource, here is the output received OOB: [24 0 0 0 0 0 0 0 26 0 0 0 1 0 0 0 0 0 0 0 127 0 0 1] DST: 127.0.0.1 new OOB: [24 0 0 0 0 0 0 0 26 0 0 0 0 0 0 0 127 0 0 1 0 0 0 0] MAC is changing the binding once WriteMsgUDP is done with OOB. If OOB is nil, it’s not changing binding Is there an issue with OOB we are providing? Thanks Joju From: James Hartig <notifications@github.com> Reply-To: miekg/dns <reply@reply.github.com> Date: Thursday, August 16, 2018 at 10:19 PM To: miekg/dns <dns@noreply.github.com> Cc: "Olakengil, Joju" <jolakeng@akamai.com>, Mention <mention@noreply.github.com> Subject: Re: [miekg/dns] UDP DNS: Bind to specific IP is not retained (#724) correctSource

[tmthrgd]

WriteMsgUDP ends up in the sendmsg system call. I can find no mention of any darwin-specific bugs related to this system call.

I'll try and do some more testing on a darwin system shortly, but I'm kind of stumped. It sounds like maybe it's a kernel bug. 🤷‍♂️

[ghost]

Do you think this could be related to #743?

[miekg]

I don't believe this is an issue with this library, as such I'm closing this.