Bug 2249223 - "search ." in /etc/resolv.conf breaks hostname resolution in c-ares (fixed in 1.20.0)
Summary: "search ." in /etc/resolv.conf breaks hostname resolution in c-ares (fixed in...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: c-ares
Version: 39
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Tom "spot" Callaway
QA Contact: Fedora Extras Quality Assurance
URL: https://github.com/c-ares/c-ares/issu...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-11-11 13:50 UTC by Sam Morris
Modified: 2023-12-01 01:09 UTC (History)
1 user (show)

Fixed In Version: c-ares-1.21.0-1.fc39 c-ares-1.21.0-1.fc38 c-ares-1.21.0-1.fc37
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-11-21 02:49:13 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Sam Morris 2023-11-11 13:50:18 UTC 
Please update c-ares to a newer version in order to fix the following bug. The fix is present in 1.20.0 however 1.20.1 was released shortly afterwards fixing a use-after-free issue so that version would be better. 1.21.0 is the latest version with no user-visible changes, only code cleanups and the replacement of hand written DNS parsing code with a new memory-safe parser.

The changes are all detailed in the release notes at <https://c-ares.org/changelog.html>.

The bug is: when there is no search line in /etc/resolv.conf but the systems' hostname contains a domain (e.g., the kernel hostname is literally mymachine.example.com), glibc behaves as if search example.com was written in /etc/resolv.conf.

In order to disable this behaviour, systemd-resolved writes search . in /etc/resolv.conf.

This causes name resolution with c-ares to fail with ARES_EBADNAME.

Among other impacts, this breaks sssd's ability to perform dynamic DNS updates: before it does an update it needs to resolve the system hostname in order to find out if an update is necessary; the c-ares bug prevents that from succeeding.

Reproducible: Always

Steps to Reproduce:
1. Configure a network connection without a DNS search domain
2. Confirm "search ." is present in /etc/resolv.conf
3. Compile the test program from https://github.com/SSSD/sssd/issues/6322#issuecomment-1697226764
4. Run ./ares-test anything
Actual Results:  
The following is logged:
ares_search -> Misformatted domain name (8)

Expected Results:  
./ares-test mymachine
dynamic DNS update should succeed shortly after sssd is started

To observe sssd's dynamic dns updates failing...

1. Join a FreeIPA (or possible Active Directory, untested) domain
2. Configure dyndns_update=True and dyndns_refresh_interval=30 in /etc/sssd.conf
3. Watch /var/log/sssd/sssd_<domain>.log and see dynamic dns updates fail; look for the following message:

[nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Input/output error, resolver returned: [8]: Misformatted domain name

More info at https://github.com/SSSD/sssd/issues/6322
Comment 1 Sam Morris 2023-11-11 13:51:13 UTC 
Alternatively this small patch could be backported: https://patch-diff.githubusercontent.com/raw/c-ares/c-ares/pull/546.patch
Comment 2 Fedora Update System 2023-11-15 21:05:02 UTC 
FEDORA-2023-7c2049d301 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c2049d301
Comment 3 Fedora Update System 2023-11-15 21:05:05 UTC 
FEDORA-2023-18d84cb696 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-18d84cb696
Comment 4 Fedora Update System 2023-11-15 21:05:07 UTC 
FEDORA-2023-96e8e725e3 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-96e8e725e3
Comment 5 Fedora Update System 2023-11-16 02:19:10 UTC 
FEDORA-2023-7c2049d301 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7c2049d301`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c2049d301

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2023-11-16 04:06:59 UTC 
FEDORA-2023-18d84cb696 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-18d84cb696`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-18d84cb696

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2023-11-16 04:14:19 UTC 
FEDORA-2023-96e8e725e3 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-96e8e725e3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-96e8e725e3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2023-11-21 02:49:13 UTC 
FEDORA-2023-96e8e725e3 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Fedora Update System 2023-11-30 03:33:58 UTC 
FEDORA-2023-18d84cb696 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2023-12-01 01:09:05 UTC 
FEDORA-2023-7c2049d301 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.