Bug#915049: systemd-resolved has issues when the answer is over 512 bytes with EDNS disabled
Dan Streetman
dan.streetman at canonical.com
Thu Nov 29 19:43:03 GMT 2018
Package: systemd
Version: 239-14
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu disco ubuntu-patch
Dear Maintainer,
TCP stub is cutting down the payload to 512 bytes when EDNS is disabled. This makes non-EDNS clients (nslookup) receive a "shortened" answer even when UDP returns a truncated reply for a new TCP query. For instance,
- If the client supports EDNS:
$ dig +noall +answer testing.irongiantdesign.com @127.0.0.53 | wc -l
30
- If the client does not support EDNS:
$ dig +noedns +noall +answer testing.irongiantdesign.com @127.0.0.53 | wc -l
29
In the second case, no-EDNS, TCP should provide the complete answer, but it's capped at UDP's size.
This leads to complete failures for common dns lookups, e.g.:
telnet testing.irongiantdesign.com
telnet: could not resolve testing.irongiantdesign.com/telnet: Temporary failure in name resolution
-- Package-specific info:
Ubuntu bug for this is LP: #1804487
https://bugs.launchpad.net/systemd/+bug/1804487
upstream systemd bug is 10816
https://github.com/systemd/systemd/issues/10816
This was debugged and fixed upstream by Victor Tapia.
Thanks for considering the patch.
-- System Information:
Debian Release: buster/sid
APT prefers cosmic-updates
APT policy: (500, 'cosmic-updates'), (500, 'cosmic-security'), (500, 'cosmic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-11-generic (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.131ubuntu15
ii udev 239-7ubuntu10.4
-------------- next part --------------
diff -Nru systemd-239/debian/patches/debian/increase-TCP-stub-payload-size.patch systemd-239/debian/patches/debian/increase-TCP-stub-payload-size.patch
--- systemd-239/debian/patches/debian/increase-TCP-stub-payload-size.patch 1969-12-31 19:00:00.000000000 -0500
+++ systemd-239/debian/patches/debian/increase-TCP-stub-payload-size.patch 2018-11-29 09:42:01.000000000 -0500
@@ -0,0 +1,34 @@
+commit e6eed9445956cfa496e1db933bfd3530db23bfce
+Author: Victor Tapia <victor.tapia at canonical.com>
+Date: Wed Nov 21 14:01:04 2018 +0100
+
+ resolved: Increase size of TCP stub replies
+
+ DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to
+ 512 with EDNS off or 4096 with EDNS on, without checking the protocol
+ used. This makes TCP replies for clients without EDNS support to be
+ limited to 512, making the truncate flag useless if the query result is
+ bigger than 512 bytes.
+
+ This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX
+
+ Fixes: #10816
+
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -120,11 +120,14 @@
+
+ static inline uint16_t DNS_PACKET_PAYLOAD_SIZE_MAX(DnsPacket *p) {
+
+- /* Returns the advertised maximum datagram size for replies, or the DNS default if there's nothing defined. */
++ /* Returns the advertised maximum size for replies, or the DNS default if there's nothing defined. */
+
+ if (p->opt)
+ return MAX(DNS_PACKET_UNICAST_SIZE_MAX, p->opt->key->class);
+
++ if (p->ipproto == IPPROTO_TCP)
++ return DNS_PACKET_SIZE_MAX;
++
+ return DNS_PACKET_UNICAST_SIZE_MAX;
+ }
+
diff -Nru systemd-239/debian/patches/series systemd-239/debian/patches/series
--- systemd-239/debian/patches/series 2018-11-20 13:44:39.000000000 -0500
+++ systemd-239/debian/patches/series 2018-11-29 09:42:01.000000000 -0500
@@ -52,3 +52,4 @@
debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
debian/Revert-systemctl-when-removing-enablement-or-mask-symlink.patch
debian/Drop-seccomp-system-call-filter-for-udev.patch
+debian/increase-TCP-stub-payload-size.patch
More information about the Pkg-systemd-maintainers
mailing list