Bug #905894: nss-mdns: Forward resolution takes 10 seconds looking for SOA record

Simon McVittie smcv at debian.org
Sat Aug 11 11:40:49 BST 2018 

On Sat, 11 Aug 2018 at 04:35:25 +0200, Matthijs van Duin wrote:
> > I suspect that you and Eduard might be experiencing different issues
> > that have the same high-level symptom
> 
> Oops, I think you're right.

I've cloned the bug and retitled both clones. Please send any further
correspondence about this issue to #905894, reserving #892854 for the
mdns{,4,6} module's effect on reverse resolution.

> > time host -t SOA debian.org.
> > time host -t SOA local.
> 
> The first works, the second hangs for 10 seconds until
> ;; connection timed out; no servers could be reached
> 
> However, I'm using systemd-resolved and /etc/resolv.conf points to its
> stub resolver.  If I ask the upstream dns server instead, I do get a
> prompt answer.  So, it would seem that the bug actually lies in
> systemd-resolved.

That sounds plausible. What versions of systemd and libnss-resolve do
you have?

Context for systemd maintainers: libnss-mdns contains a heuristic borrowed
from macOS (the de facto reference implementation of mDNS) which tries
to avoid interfering with a legacy unicast .local domain (which used to
be a popular choice for LANs that used an unregistered TLD) by disabling
itself if it detects unicast .local. It does this by resolving the SOA
record for local.; if it gets an answer, then there is a unicast .local,
so .local is not available for its RFC use as the mDNS domain. However,
systemd-resolved's stub resolver seems to cause a 10 second delay before
failing to resolve .local in this case.

I wonder whether this is systemd-resolved's support for LLMNR and mDNS
getting in the way? It should probably only try to resolve SOA records
via traditional unicast DNS, since a SOA record would be meaningless in
LLMNR or mDNS.

> I currently have:
> hosts:          files mymachines mdns_minimal resolve [!UNAVAIL=return] dns myhostname

FYI, the recommendation is for the mdns-related entry to be

    ... mdns4_minimal [NOTFOUND=return] ...

which makes mdns4_minimal authoritative for .local (missing .local names
are not looked up in systemd-resolved or DNS). Replace mdns4_minimal
with mdns_minimal if IPv6 .local is more important to you than quick
name resolution in legacy programs that call getaddrinfo() with AF_INET6
followed by getaddrinfo() with AF_INET (programs that correctly make a
single getaddrinfo() call with AF_UNSPEC are equally fast either way).

However, changing that entry to the recommended one is not going to
help you here.

    smcv

More information about the Pkg-systemd-maintainers mailing list