576667 – name resolving broken by glibc-2.11.1-4

Bug 576667 - name resolving broken by glibc-2.11.1-4

Summary: name resolving broken by glibc-2.11.1-4

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	glibc
Sub Component:
Version:	12
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Andreas Schwab
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-03-24 18:48 UTC by Jan Kratochvil
Modified:	2010-05-04 06:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:	glibc-2.11.1-6
Clone Of:
Environment:
Last Closed:	2010-05-04 06:13:59 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Kratochvil 2010-03-24 18:48:26 UTC

Description of problem:
glibc-2.11.1-4 is now in updates-testing.  Upgrade no longer resolves any DNS.

Version-Release number of selected component (if applicable):
glibc-2.11.1-4.x86_64
(glibc-2.11.1-1.x86_64 works)
bind-9.6.2-2.P1.fc12.x86_64

How reproducible:
Always.

Steps to Reproduce:
telnet www.google.com 80

Actual results:
telnet: www.google.com: No address associated with hostname
www.google.com: Unknown host

Expected results:
Trying 74.125.87.104...
Connected to www.google.com.
Escape character is '^]'.

Additional info:
Having /etc/resolv.conf "nameserver 127.0.0.1" and intact /etc/named.conf.

Also reproducible just on extracted rpm file:
./lib64/ld-linux-x86-64.so.2 --library-path $PWD/lib64 /usr/bin/telnet www.google.com

Command /usr/bin/host sure works with both glibc versions.
/bin/ping also works.

Comment 1 Andreas Schwab 2010-03-25 08:41:11 UTC

What do you get from dig aaaa www.google.com?

Comment 2 Jan Kratochvil 2010-03-25 08:52:10 UTC

I get the same output with both glibc-2.11.1-4.x86_64 and glibc-2.11.1-1.x86_64.
$ dig aaaa www.google.com

; <<>> DiG 9.6.2-P1-RedHat-9.6.2-2.P1.fc12 <<>> aaaa www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25542
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	AAAA

;; ANSWER SECTION:
www.google.com.		604733	IN	CNAME	www.l.google.com.

;; AUTHORITY SECTION:
l.google.com.		534	IN	SOA	ns2.google.com. dns-admin.google.com. 1410563 900 900 1800 60

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 25 09:46:38 2010
;; MSG SIZE  rcvd: 102


Machine has IPv6 (via sixxs.net).  If I use these records in /etc/named.conf I get valid AAAA.  But that is outside of the scope of this bug as the bug happens both with original /etc/named.conf and with Google-IPv6-DNS patched /etc/named.conf):
zone "google.com" IN {
        type forward;
        forwarders {
                // nscache.eu.sixxs.net;
                2001:b18:0:1000:2e0:81ff:fe61:ae0d;
                2001:1418:10:2::2;
                2001:14b8:0:3007::6;
                2001:16d8:aaaa:3::2;
                2001:41e0:ff00::5;
                2001:7b8:3:4f:202:b3ff:fe46:bec;
        };
        //forward only;
};


The problem happens with ANY site, incl. www.seznam.cz or www.heise.de - where no IPv6 / AAAA is available any way.

Comment 3 Jan Kratochvil 2010-03-25 08:52:31 UTC

FYI I do not run nscd.

Comment 4 Andreas Schwab 2010-03-25 10:02:30 UTC

Please run strace -s512 getent ahosts www.google.com.

Comment 5 Jan Kratochvil 2010-03-25 16:07:11 UTC

It is related to the content of /etc/nsswitch.conf.
my machine had:
hosts:     db files nisplus nis mdns4_minimal [NOTFOUND=return] dns
recent glibc installs:
hosts:      files dns

IIRC nis* entries were there from older glibcs; but this change looks as too old:
* Wed Feb 19 2003 Jakub Jelinek <jakub> 2.3.1-49
- remove nisplus and nis from the default nsswitch.conf (#67401, #9952)

The mdns4_minimal part is from mss-dns, it looks as offtopic here.

--------------------------------------------------------------------------------

The glibc-2.11.1-1.x86_64 -> glibc-2.11.1-4.x86_64 regression is reproducible by using:
hosts:      files nis [NOTFOUND=return] dns

Just guessing it is that: http://sourceware.org/bugzilla/show_bug.cgi?id=11000

Comment 6 Jan Kratochvil 2010-03-25 16:10:05 UTC

s/mss-dns/nss-mdns/ (offtopic)

Comment 7 Andreas Schwab 2010-03-25 16:43:10 UTC

Fix your config then.

Comment 8 Jan Kratochvil 2010-03-25 16:52:23 UTC

The glibc-2.11.1-1.x86_64 -> glibc-2.11.1-4.x86_64 regression is reproducible
by using:
hosts:      files nis [NOTFOUND=return] dns

# /etc/nsswitch.conf
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.

I do not have any NIS configured.  Therefore NIS should say UNAVAIL and not NOTFOUND.  It may break valid configurations out there.

Comment 9 Fedora Update System 2010-04-16 14:23:11 UTC

glibc-2.11.1-6 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/glibc-2.11.1-6

Comment 10 Fedora Update System 2010-04-20 13:01:22 UTC

glibc-2.11.1-6 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update glibc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/glibc-2.11.1-6

Comment 11 Fedora Update System 2010-05-04 06:13:49 UTC

glibc-2.11.1-6 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.