bin/127591: [PATCH] [libc/net] spurious warning against DNAME RRs in getaddrinfo() and gethostby*()

Eugene M. Kim 20080111.freebsd.org at ab.ote.we.lv
Tue Sep 23 20:20:01 UTC 2008 

>Number:         127591
>Category:       bin
>Synopsis:       [PATCH] [libc/net] spurious warning against DNAME RRs in getaddrinfo() and gethostby*()
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 23 20:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Eugene M. Kim
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD purple.the-7.net 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Wed Sep 10 17:25:31 PDT 2008 ab at purple.the-7.net:/home/FreeBSD/build/RELENG_7/obj/home/FreeBSD/build/RELENG_7/src/sys/PURPLE i386

>Description:

DNS DNAME RRs (as defined in RFC 2672) provides a mechanism for
non-terminal name redirection.  For example, www.the-7.com does not
exist in DNS but the-7.com has a DNAME alias to the-7.net; looking up
www.the-7.com for an A record would return:

$ dig www.the-7.com IN A +noall +answer

; <<>> DiG 9.4.2-P1 <<>> www.the-7.com IN A +noall +answer
;; global options:  printcmd
the-7.com.		300	IN	DNAME	the-7.net.
www.the-7.com.		0	IN	CNAME	www.the-7.net.
www.the-7.net.		300	IN	CNAME	purple.the-7.net.
purple.the-7.net.	300	IN	A	64.71.156.34
$ 

(The nameserver, upon receiving a request that matches a DNAME,
returns the DNAME and a synthesized CNAME.)

When src/libc/net/{getaddrinfo,gethostbydns}.c examines this result,
they see the DNAME record and emits a warning over auth.notice syslog,
which shows up in /var/log/messages and /var/log/auth.log by default.

These warnings are benign (as the server returns a synthesized CNAME
that correctly leads to the targeted name), but on a heavy-loaded
server they add up quickly and bloats the log size.

>How-To-Repeat:

$ /sbin/ping www.the-7.com
...
^C
$ fgrep 'www.the-7.com' /var/log/messages | tail -1
Sep 23 12:18:43 purple ping: gethostby*.gethostanswer: asked for "www.the-7.com IN A", got type "DNAME"
$ 

>Fix:

$ patch -d /usr/src << 'ENDEND'
--- -	2008-09-23 12:53:26.119657584 -0700
+++ lib/libc/net/getaddrinfo.c	2008-09-23 12:23:00.143769940 -0700
@@ -1884,7 +1884,7 @@
 			}
 		} else if (type != qtype) {
 #ifdef DEBUG
-			if (type != T_KEY && type != T_SIG)
+			if (type != T_KEY && type != T_SIG && type != ns_t_dname)
 				syslog(LOG_NOTICE|LOG_AUTH,
 	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
 				       qname, p_class(C_IN), p_type(qtype),
--- -	2008-09-23 12:53:45.223733999 -0700
+++ lib/libc/net/gethostbydns.c	2008-09-23 12:22:03.243899560 -0700
@@ -294,7 +294,7 @@
 			continue;
 		}
 		if (type != qtype) {
-			if (type != T_SIG)
+			if (type != T_SIG && type != ns_t_dname)
 				syslog(LOG_NOTICE|LOG_AUTH,
 	"gethostby*.gethostanswer: asked for \"%s %s %s\", got type \"%s\"",
 				       qname, p_class(C_IN), p_type(qtype),
ENDEND
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list