strange results using src/lib/libc/resolv

Waitman Gobble gobble.wa at gmail.com
Tue Aug 11 18:29:11 UTC 2020 

I've noticed an issue with the PHP function dns_get_record(), on some
FreeBSD 12.1 servers it *always* returns "False" with no response, but
on other FreeBSD 12.1 servers it returns the correct results.

A simple example:

<?php
$h='google.com';
$x = dns_get_record($h);
var_dump($x);

on some servers it /*always*/ outputs: bool(false)  no matter what dns
name is searched.
on some servers it outputs the correct info:

 [0]=>
 array(5) {
   ["host"]=>
   string(10) "google.com"
   ["class"]=>
   string(2) "IN"
   ["ttl"]=>
   int(85496)
   ["type"]=>
   string(2) "NS"
   ["target"]=>
   string(14) "ns4.google.com"
 }
..... etc

On FreeBSD, PHP calls the function res_nsearch() which is defined in
/usr/include/resolv.h

On the servers without a response, res_nsearch returns -1 which is an
error condition, but the  error code set in herrno is 0, which is:
"Resolver Error 0 (no error)"

I created a basic C program which uses res_nsearch and have the same results.

https://gist.github.com/arduent/a33756d7e3ddfcf51a0eaca908612a16

# clang -o main main.c -I/usr/include

On some servers it returns errors:


# ./main
;; res_nquerydomain(google.com, <Nil>, 1, 255)
;; res_query(google.com, 1, 255)
;; res_nmkquery(QUERY, google.com, IN, ANY)
;; res_nopt()
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65018
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com, type = ANY, class = IN
; EDNS: version: 0, udp=65535, flags=0000
;; Querying server (# 1) address = 127.0.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65018
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com, type = ANY, class = IN
; EDNS: version: 0, udp=4096, flags=0000
;; rcode = (NOERROR), counts = an:0 ns:0 ar:1
;; res_nquerydomain(google.com, smq.io, 1, 255)
;; res_query(google.com.smq.io, 1, 255)
;; res_nmkquery(QUERY, google.com.smq.io, IN, ANY)
;; res_nopt()
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26844
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com.smq.io, type = ANY, class = IN
; EDNS: version: 0, udp=65535, flags=0000
;; Querying server (# 1) address = 127.0.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com.smq.io, type = ANY, class = IN
; EDNS: version: 0, udp=4096, flags=0000
;; rcode = (NOERROR), counts = an:0 ns:0 ar:1
Error occured during search.


But it works on other servers:


# ./main
;; res_nquerydomain(google.com, <Nil>, 1, 255)
;; res_query(google.com, 1, 255)
;; res_nmkquery(QUERY, google.com, IN, ANY)
;; res_nopt()
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44131
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com, type = ANY, class = IN
; EDNS: version: 0, udp=65535, flags=0000
;; Querying server (# 1) address = 127.0.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44131
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;;      google.com, type = ANY, class = IN
google.com.             23h36m53s IN NS  ns4.google.com.
google.com.             23h36m53s IN NS  ns3.google.com.
google.com.             23h36m53s IN NS  ns1.google.com.
google.com.             23h36m53s IN NS  ns2.google.com.
; EDNS: version: 0, udp=4096, flags=0000



Not sure what's going on. It doesn't seem to matter if 'search domain'
is set in resolv.conf, or options edns0 is set in resolv.conf.

Update: I did just notice that on the servers where it is failing, it
_DOES_ work if the nameserver is set to google 8.8.8.8 or 8.8.4.4, but
so far that's it. If it's set to localhost / unbound it fails. Or
cloudflares 1.1.1.1 it fails, ISP's nameservers it fails. That's
weird.

So on some machines res_nsearch() only works with google nameservers,
but on other machnines it works with any nameservers.

On the servers where it always gets the correct results, it doesn't
matter what nameserver is used.

Any help with this is appreciated.

-- 
Waitman Gobble

More information about the freebsd-questions mailing list