Please update c-ares to a newer version in order to fix the following bug. The fix is present in 1.20.0 however 1.20.1 was released shortly afterwards fixing a use-after-free issue so that version would be better. 1.21.0 is the latest version with no user-visible changes, only code cleanups and the replacement of hand written DNS parsing code with a new memory-safe parser. The changes are all detailed in the release notes at <https://c-ares.org/changelog.html>. The bug is: when there is no search line in /etc/resolv.conf but the systems' hostname contains a domain (e.g., the kernel hostname is literally mymachine.example.com), glibc behaves as if search example.com was written in /etc/resolv.conf. In order to disable this behaviour, systemd-resolved writes search . in /etc/resolv.conf. This causes name resolution with c-ares to fail with ARES_EBADNAME. Among other impacts, this breaks sssd's ability to perform dynamic DNS updates: before it does an update it needs to resolve the system hostname in order to find out if an update is necessary; the c-ares bug prevents that from succeeding. Reproducible: Always Steps to Reproduce: 1. Configure a network connection without a DNS search domain 2. Confirm "search ." is present in /etc/resolv.conf 3. Compile the test program from https://github.com/SSSD/sssd/issues/6322#issuecomment-1697226764 4. Run ./ares-test anything Actual Results: The following is logged: ares_search -> Misformatted domain name (8) Expected Results: ./ares-test mymachine dynamic DNS update should succeed shortly after sssd is started To observe sssd's dynamic dns updates failing... 1. Join a FreeIPA (or possible Active Directory, untested) domain 2. Configure dyndns_update=True and dyndns_refresh_interval=30 in /etc/sssd.conf 3. Watch /var/log/sssd/sssd_<domain>.log and see dynamic dns updates fail; look for the following message: [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Input/output error, resolver returned: [8]: Misformatted domain name More info at https://github.com/SSSD/sssd/issues/6322
Alternatively this small patch could be backported: https://patch-diff.githubusercontent.com/raw/c-ares/c-ares/pull/546.patch
FEDORA-2023-7c2049d301 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c2049d301
FEDORA-2023-18d84cb696 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-18d84cb696
FEDORA-2023-96e8e725e3 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-96e8e725e3
FEDORA-2023-7c2049d301 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7c2049d301` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c2049d301 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-18d84cb696 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-18d84cb696` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-18d84cb696 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-96e8e725e3 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-96e8e725e3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-96e8e725e3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-96e8e725e3 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-18d84cb696 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-7c2049d301 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.