From: mcarpenter@... Date: 2021-02-26T09:38:05+00:00 Subject: [ruby-core:102615] [Ruby master Bug#17658] DNS resolution failure with multiple named resolvers Issue #17658 has been updated by mcarpenter (Martin Carpenter). I tested ruby 3.0.0 and it works fine so I guess something got fixed: ```ruby Resolv::DNS.new({nameserver: ['dns.google', 'one.one.one.one']}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=17981>] ``` (`ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [x86_64-linux]`) ---------------------------------------- Bug #17658: DNS resolution failure with multiple named resolvers https://bugs.ruby-lang.org/issues/17658#change-90602 * Author: mcarpenter (Martin Carpenter) * Status: Open * Priority: Normal * ruby -v: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] * Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN ---------------------------------------- ## Description I created a `Resolv::DNS` resolver with two nameservers described using their domain names. Calling `#getresources` on this for an `A` or `NS` (and possibly other resource types) of domain `example.com` returns an empty list (no results, no error). I expected it to return the corresponding resource record (IP of `example.com`). Instead if the `Resolv::DNS` instance is created with one resolver domain name or two resolvers' IP addresses then correct results are obtained. The error occurs only when more than two nameservers [or possibly more] are specified using their domain names. ## Testcases I used two well-known public DNS servers to test (they have funky but legitimate TLDs): * dns.google (8.8.4.4, 8.8.8.8) * one.one.one.one (1.1.1.1, 1.0.0.1) ### ��� Failing: two nameservers by name ```ruby require 'resolv' Resolv::DNS.new({nameserver: ['dns.google', 'one.one.one.one']}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [] ``` ### ��� Successful: one nameserver by name (either as a single-item list or a string) ```ruby Resolv::DNS.new({nameserver: 'dns.google'}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=16840>] Resolv::DNS.new({nameserver: ['one.one.one.one']}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=77160>] ``` ### ��� Successful: one nameserver by IP (either as a single-item list or a string) ```ruby Resolv::DNS.new({nameserver: ['8.8.4.4']}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=20931>] Resolv::DNS.new({nameserver: '1.1.1.1'}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=66081>] ``` ### ��� Successful: two nameservers by IP ```ruby Resolv::DNS.new({nameserver: ['8.8.4.4', '1.1.1.1']}).getresources('example.com', Resolv::DNS::Resource::IN::A) => [#, @ttl=20894>] ``` ## A little analysis I didn't get to the bottom of this but this may help: * When only one nameserver is used then a `Resolv::DNS::Requester::ConnectedUDP::Sender` is used; when two nameservers are used an `UnconnectedUDP::Sender` is used. * The code appears to be timing out and then retried even though correct requests are made and responses received. * In particular, if I packet trace 53/udp then the conversation is exactly as I would expect and near identical in both failing and successful cases. That is: * Request A record for first nameserver from local resolver * Receive IP of first nameserver * Request A record of `example.com` from first nameserver * Receive IP of `example.com` In the successful case, the conversation ends here. In the failing case, the code round-robins between the two nameservers until it finally returns `[]`. ## Test environment Tested ruby 2.5.0p0 on Red Hat 6 and rubies 2.7.1p83, 2.7.2p137 on Ubuntu 20 from two different networks with identical results. -- https://bugs.ruby-lang.org/ Unsubscribe: