[systemd-devel] Will *.network replace resolv.conf? What about "Options single-request"?

Christian Brunotte cb at lathspell.de
Sat May 16 05:18:08 PDT 2015 

On Sat, 16 May 2015 15:52:49 +0500
"Alexander E. Patrakov" <patrakov at gmail.com> wrote:

> 16.05.2015 02:01, Christian Brunotte wrote:
> > The resolver can send one DNS request packet (IPv4 or IPv6 doesn't matter) that
> > contains
> > queries for both the A and AAAA entries and the resolver may answer them in
> > separate packets.
> 
> I would be very much interested in seeing such successful conversation 
> in a pcap file. Here is the reason why I don't really belive you: 
> Unbound contains code that marks all DNS packets with multiple records 
> in the query section as invalid. The code is in ./daemon/worker.c, 
> function worker_check_request():
> 
> >         if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) {
> >                 verbose(VERB_QUERY, "request wrong nr qd=%d",
> >                         LDNS_QDCOUNT(sldns_buffer_begin(pkt)));
> >                 return LDNS_RCODE_FORMERR;
> >         }

I've just captured one lookup (using "curl debian.netcologne.de").
You'll get the pcap separately, this is the text output:

# Without "single-request", both queries are made almost simultaneously
# and from the same UDP source port!
14:02:56.295863 IP james.intern.48045 > router.intern.domain: 20946+ A? debian.netcologne.de. (38)
14:02:56.295894 IP james.intern.48045 > router.intern.domain: 24543+ AAAA? debian.netcologne.de. (38)
14:02:56.296646 IP router.intern.domain > james.intern.48045: 20946* 2/0/0 CNAME mirror.netcologne.de., A 194.8.197.22 (75)
14:02:56.297064 IP router.intern.domain > james.intern.48045: 24543* 2/0/0 CNAME mirror.netcologne.de., AAAA 2001:4dd0:1234:1::deb (87)

# With "single-request", both queries still use the same source ports
# but are sent in order.
14:03:05.103876 IP james.intern.34759 > router.intern.domain: 19419+ A? debian.netcologne.de. (38)
14:03:05.104547 IP router.intern.domain > james.intern.34759: 19419* 2/0/0 CNAME mirror.netcologne.de., A 194.8.197.22 (75)
14:03:05.104671 IP james.intern.34759 > router.intern.domain: 37358+ AAAA? debian.netcologne.de. (38)
14:03:05.105246 IP router.intern.domain > james.intern.34759: 37358* 2/0/0 CNAME mirror.netcologne.de., AAAA 2001:4dd0:1234:1::deb (87)

So apparently the difference is not exactly as I described it but the
outcome is similar: The broken firewall appliance closes the UDP port after 
receiving the first answer packet and drops the second one.

I wonder why it didn't send both requests simultaneously but from
different UDP source ports, shouldn't that be fast and safe?

best regards,

-christian-

More information about the systemd-devel mailing list