[systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

Fri Feb 19 14:43:56 UTC 2016

Hello,

Since systemd v229, I have one server which no more resolve ipv6 adresses when
it use nss-resolve and AF_UNSPEC.

This issue seems to be linked with the DNS resolver used on its network. This
resolved is provided by a french FAI box (SFR).

I'm currently not able to understand precisely where is the issue, but opening
the socket with AF_UNSPEC does not resolve ipv6 and with AF_INET6 does.

I have the following nsswitch.conf
# grep hosts /etc/nsswitch.conf 
hosts: files resolve mymachines myhostname

With systemd v228 (precisely arch v228-4)
=========================================
# systemctl --version 
systemd 228
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

# getent ahosts collectd.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW  

# ltrace getent ahosts collectd.seblu.net
...
getaddrinfo("collectd.seblu.net", nil, 0x7ffe7e8e7c70, 0x7ffe7e8e7c68)   = 0

# /usr/lib/systemd/systemd-resolve-host collectd.seblu.net
collectd.seblu.net: 2001:bc8:3173:281:be5f:f4ff:fe84:d75e
                    (black.seblu.net)

-- Information acquired via protocol DNS in 2.0ms.

With systemd v229 (precisely arch v229-2)
=========================================

# systemctl --version
systemd 229
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

# getent ahosts collectd.seblu.net            
# echo $?
2

# ltrace getent ahosts collectd.seblu.net 
...
getaddrinfo("collectd.seblu.net", nil, 0x7ffefda4d280, 0x7ffefda4d278)   = -2
+++ exited (status 2) +++

-2 is EAI_NONAME.

# systemd-resolve collectd.seblu.net 
collectd.seblu.net: resolve call failed: 'black.seblu.net' does not have any RR
of the requested type

Here is a debug enabled transaction in systemd-resolved. 
https://horus.seblu.net/~seblu/systemd/resolved_bug_collectd.txt

Fallback to nss-dns resolver allow resolution to work again
===========================================================

# systemctl stop systemd-resolved
# getent ahosts collectd.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW   

Force socket type to IF_INET6 make resolution to work
==========================
===========================
# getent ahostsv6 collectd.seblu.net
2001:bc8:3173:28
1:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d7
5e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW  

# systemd-resolve -6 collectd.seblu.net
collectd.seblu.net: 2001:bc8:3173:281:be5f:f4ff:fe84:d75e
                    (black.seblu.net)

-- Information acquired via protocol DNS in 2.0ms.
-- Data is authenticated: no

# python -c 'import socket; print(socket.getaddrinfo("collectd.seblu.net", None, socket.AF_UNSPEC))'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python3.5/socket.py", line 732, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

# python -c 'import socket; print(socket.getaddrinfo("collectd.seblu.net", None, socket.AF_INET6))' 
[(<AddressFamily.AF_INET6: 10>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 0, 0, 0)), (<AddressFamily.AF_INET6: 10>, <SocketKind.SOCK_DGRAM: 2>, 17, '', ('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 0, 0, 0)), (<AddressFamily.AF_INET6: 10>, <SocketKind.SOCK_RAW: 3>, 0, '', ('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 0, 0, 0))]

Cheers,

-- 
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160219/4dd2f592/attachment.sig>