Bug 1752133

Summary: glibc: Do not fail name resolution if CNAMEs involve aliases which are not host names
Product: Red Hat Enterprise Linux 8 Reporter: Rupesh Patel <rupatel>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED WONTFIX QA Contact: Martin Coufal <mcoufal>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.4CC: ashankar, codonell, cww, dj, fweimer, gdelross, glibc-bugzilla, mcoufal, mnewsome, pfrankli, qe-baseos-tools-bugs, sipoyare, skolosov, skrenger, ysoni
Target Milestone: rcKeywords: Bugfix, Patch, Triaged
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The glibc DNS stub resolver treats CNAME records with owner names that are not host names as DNS packet errors. Consequence: If the DNS stub resolver encounters such a bogus CNAME record, the DNS query is treated as failed, even though there are useful address records among the response. Fix: The glibc stub resolver now skips such invalid CNAME records, not extracting the associated alias information. Result: DNS lookups now succeed even if the server response includes a CNAME chain that contains a domain name that is not a host name.
 Story Points: ---
Clone Of: 1297099 Environment:
Last Closed: 2022-09-22 13:28:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1297099    
Bug Blocks: 1203710    

Comment 3 Florian Weimer 2022-08-10 09:36:00 UTC 
Upstream patches posted:

[PATCH 00/13] nss_dns: Fix handling of non-host CNAMEs (bug 12154)
https://sourceware.org/pipermail/libc-alpha/2022-August/141338.html
Comment 4 Florian Weimer 2022-08-30 08:21:27 UTC 
Upstream patches have been committed.
Comment 7 Carlos O'Donell 2022-09-22 13:28:05 UTC 
The Red Hat Enterprise Linux Platform Tools team has reviewed this bug with support from our Customer Experience & Engagement team and we have decided that this change is going to be too invasive for the current interfaces as they are implemented in RHEL8.

We will be reviewing fixing this for RHEL9 as part of https://bugzilla.redhat.com/show_bug.cgi?id=2129005.