Bug 800148 - host and nslookup ignore valid responses that are non-recursive
Summary: host and nslookup ignore valid responses that are non-recursive
Keywords:
Status: CLOSED DUPLICATE of bug 734458
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind
Version: 6.2
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Adam Tkac
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-05 20:45 UTC by Damian Gerow
Modified: 2013-04-30 23:51 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-08 15:32:25 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Damian Gerow 2012-03-05 20:45:53 UTC 
Description of problem:
The 'host' and 'nslookup' utilities perform recursive queries by default.  If multiple nameservers are configured in /etc/resolv.conf, and these nameservers are configured as authoritative-only -- so no recursion is available -- then both the 'host' and 'nslookup' utilities will ignore the valid response returned by named, so long as more than one nameserver is configured in /etc/resolv.conf

Version-Release number of selected component (if applicable):
# lsb_release -a
LSB Version:	:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID:	RedHatEnterpriseServer
Description:	Red Hat Enterprise Linux Server release 6.2 (Santiago)
Release:	6.2
Codename:	Santiago
# rpm -q bind-utils
bind-utils-9.7.3-8.P3.el6_2.2.x86_64
# 

How reproducible:
100%

Steps to Reproduce:
1. Set 'recursion no;' in your named.conf.
2. Ensure that instance of bind is present in /etc/resolv.conf.
3. Add an additional, non-existat -- i.e. 127.0.0.2 -- nameserver to /etc/resolv.conf.
4. Attempt to look up a host for which the nameserver is authoritative.
  
Actual results:
With /etc/resolv.conf:
-----
domain example.com
search example.com
nameserver 127.0.0.1
nameserver 127.0.0.2
-----

# host foo.example.com.
;; connection timed out; no servers could be reached
#  

On the network:
-----
# tcpdump -i lo -lnp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
20:42:38.796690 IP 127.0.0.1.56421 > 127.0.0.1.domain: 63281+ A? foo.example.com. (46)
20:42:38.796938 IP 127.0.0.1.domain > 127.0.0.1.56421: 63281*- 1/3/3 A 192.168.0.100 (179)
20:42:38.797128 IP 127.0.0.2.37682 > 127.0.0.2.domain: 63281+ A? foo.example.com. (46)
20:42:43.797499 IP 127.0.0.2.37682 > 127.0.0.2.domain: 63281+ A? foo.example.com. (46)
-----

Expected results:
With /etc/resolv.conf:
-----
domain example.com
search example.com
nameserver 127.0.0.1
-----

# host foo.example.com.
foo.example.com has address 192.168.0.100
# 

On the network:
-----
20:43:53.702429 IP 127.0.0.1.37943 > 127.0.0.1.domain: 55233+ A? foo.example.com. (46)
20:43:53.702545 IP 127.0.0.1.domain > 127.0.0.1.37943: 55233*- 1/3/3 A 192.168.0.100 (179)
20:43:53.702841 IP 127.0.0.1.50849 > 127.0.0.1.domain: 16205+ AAAA? foo.example.com. (46)
20:43:53.702940 IP 127.0.0.1.domain > 127.0.0.1.50849: 16205*- 0/1/0 (93)
20:43:53.703047 IP 127.0.0.1.60328 > 127.0.0.1.domain: 23258+ MX? foo.example.com. (46)
20:43:53.703119 IP 127.0.0.1.domain > 127.0.0.1.60328: 23258*- 0/1/0 (93)
-----

Additional info:
Both 'host' and 'nslookup' provide workarounds for this: '-r' and '-norec', respectively.
Comment 1 Nalin Dahyabhai 2012-03-05 21:24:10 UTC 
Both commands are part of the bind-utils package, which is built from the bind source package; reassigning.
Comment 3 Adam Tkac 2012-03-08 15:32:25 UTC 

*** This bug has been marked as a duplicate of bug 734458 ***
Note You need to log in before you can comment on or make changes to this bug.