Bug 2124414

Summary: aardvark-dns: Always return both A and AAAA records no matter what QTYPE is specified in DNS request
Product: Red Hat Enterprise Linux 8 Reporter: Sameer <snangare>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.6CC: arajan, bbaude, bhenders, dornelas, dwalsh, jligon, jnovy, lsm5, mheon, pthomas, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: aardvark-dns-1.2.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-16 08:20:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sameer 2022-09-06 04:45:08 UTC 
Description of problem:

  - The issue is observed on `aardvark-dns` package version 1.0.1-35, that no matter what QTYPE is specified in DNS request, it always returns both A and AAAA records.


Version-Release number of selected component (if applicable):

  - aardvark-dns-1.0.1-35

How reproducible:

  - 100%

Steps to Reproduce:

1. # Configuration
   
## Dual stack network
{
  "name": "dual",
  "id": "2697203bf4180da9e7a6d074e38cbafb2fad4c8a3436522bde4ac573c059caa6",
  "driver": "bridge",
  "network_interface": "podman1",
  "created": "2022-08-24T04:03:37.236675178-05:00",
  "subnets": [
    {
      "subnet": "192.168.227.0/24",
      "gateway": "192.168.227.1"
    },
    {
      "subnet": "fdf8:192:168:227::/120",
      "gateway": "fdf8:192:168:227::1"
    }
  ],
  "ipv6_enabled": true,
  "internal": false,
  "dns_enabled": true,
  "ipam_options": {
    "driver": "host-local"
  }
}

2.

  ## Two containers, foo and bar, both running Nginx, by following configuration, Nginx in foo forwards request to Nginx in bar.
        location /bar {
                resolver        192.168.227.1;
                set $upstream   bar.dns.podman;
                proxy_pass http://$upstream;
        }

# Issue observed
## The web request fails with 502 error.
[root@foo /]# curl -vvv http://localhost/bar
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 80 (#0)
> GET /bar HTTP/1.1
> Host: localhost
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway

## It's because Nginx fails to resolve hostname of "bar.dns.podman".
We can see Nginx error.log is filled up with plenty of the following errors:

2022/08/26 09:54:58 [error] 88#0: unexpected AAAA record in DNS response
2022/08/26 09:54:58 [error] 88#0: unexpected A record in DNS response


3. nslookup A and AAAA record and observe


Actual results:

  ## The root cause is because aardvark-dns always returns both A and AAAA records no matter what QTYPE is specified in DNS request.
[root@foo /]# nslookup -type=A bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5

[root@foo /]# nslookup -type=AAAA bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5

[root@foo /]# nslookup bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5



Expected results:

- aardvark-dns should return correct result based on QTYPE is specified in DNS request

Additional info:

- Link to original issue - https://github.com/containers/aardvark-dns/issues/203
This is being worked upon and it's almost fixed there. it's almost fixed there.
Comment 11 Joy Pu 2022-11-10 09:00:02 UTC 
Test with aardvark-dns-1.2.0-1.module+el8.8.0+16777+b77867ec.x86_64 and it works as expected. The nslook up command inside foo can get different output for -type=A and -type=AAAA. So move this to verified:
Details:
# podman exec -it foo sh
/ # nslookup -type=AAAA bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: fdf8:192:168:227::4

/ # nslookup -type=A bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.4

/ # exit
Comment 13 errata-xmlrpc 2023-05-16 08:20:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2758