Re: unwind: 'force autoconf' only works without DoT/forwarder

Florian Obser Sat, 13 Jan 2024 08:49:08 -0800

On 2024-01-13 15:57 UTC, Klemens Nanni <[email protected]> wrote:
> On Sat, Jan 13, 2024 at 04:29:55PM +0100, Florian Obser wrote:
>> On 2024-01-13 01:13 UTC, Klemens Nanni <[email protected]> wrote:
>> > The last unwind.conf(5) EXAMPLE does not work for me unless I remove all
>> > three of "DoT", "oDoT-forwarder" and "forwarder" from preferences; moving
>> > them to the end or "autoconf" to the front does not work.
>> 
>> What is "unwindctl status" showing?
>
> With just 'force autoconf { fritz.box }' as config:
>
>       $ unwindctl status
>       1. recursor        validating,  70ms   3. autoconf              dead,   
> N/A
>       2. oDoT-autoconf         dead,   N/A   4. stub                  dead,   
> N/A
>
> Adding 'preference { autoconf }' doesn't change it from dead, but
> resolving the forced name will work, still.
>
>       1. autoconf              dead,  15ms
>
>> setup_query in resolver.c has this:
>> 
>>         find_force(&resolver_conf->force, query_imsg->qname, &res);
>> 
>>         if (res != NULL && res->state != DEAD && res->state != UNKNOWN) {
>>                 rq->res_pref.len = 1;
>>                 rq->res_pref.types[0] = res->type;
>>         } else if (sort_resolver_types(&rq->res_pref) == -1) {
>>                 log_warn("mergesort");
>>                 free(rq->query_imsg);
>>                 free(rq);
>>                 return;
>>         }
>> 
>> Which suggests it will only use the force resolver and not consider
>> anything else. Unless the force resolver is not working. I.e. dead or 
>> unknown.
>> 
>> I suspect it's unknown.
>
> Here's the daemon log from startup over a few seconds of wait to
> 'host fritz.box. ::1' timing out.
>
> # echo 'force autoconf { fritz.box }' | unwind -dvf /dev/stdin 2>&1 | ts
> Jan 13 16:55:18 check_resolver_done: stub: ignoring late check result
> Jan 13 16:55:18 check_resolver_done: stub: dead
> Jan 13 16:55:18 check_resolver_done: autoconf: dead


I think we need to improve debug logging a bit, but I'm pretty sure you
are hitting

        } else
                checked_resolver->state = DEAD; /* we know the root exists */

on line 1588 in resolver.c. I.e. your fritz.box makes up some DNS
bullshit and isn't suitable as a resolver.

Out of idle curiosity, what's the result of

dig @fd00... . NS ?

> Jan 13 16:55:18 check_resolver_done: autoconf: ignoring late check result
> Jan 13 16:55:18 check_resolver_done: oDoT-autoconf: ignoring late check result
> Jan 13 16:55:18 check_resolver_done: recursor: unknown
> Jan 13 16:55:18 check_resolver_done: oDoT-autoconf rcode: SERVFAIL
> Jan 13 16:55:19 check_resolver_done: autoconf: dead
> Jan 13 16:55:20 check_resolver_done: oDoT-autoconf rcode: SERVFAIL
> Jan 13 16:55:20 check_resolver_done: stub: dead
> Jan 13 16:55:21 check_resolver_done: autoconf: dead
> Jan 13 16:55:22 check_resolver_done: oDoT-autoconf rcode: SERVFAIL
> Jan 13 16:55:23 check_resolver_done: stub: dead
> Jan 13 16:55:26 check_resolver_done: autoconf: dead
> Jan 13 16:55:27 check_resolver_done: oDoT-autoconf rcode: SERVFAIL
> Jan 13 16:55:28 check_resolver_done: stub: dead
> Jan 13 16:55:30 [::1]:38441: fritz.box. IN A ?
> Jan 13 16:55:30 find_force: fritz.box. -> fritz.box.[autoconf]
> Jan 13 16:55:30 try_next_resolver[+0ms]: recursor[validating] fritz.box. IN A
> Jan 13 16:55:30 resolve_done[recursor]: fritz.box. IN A rcode: NXDOMAIN[3], 
> elapsed: 74ms, running: 1
> Jan 13 16:55:30 find_force: fritz.box. -> fritz.box.[autoconf]
> Jan 13 16:55:30 resolve_done: doubt NXDOMAIN or BOGUS from recursor, network 
> change 12s ago
> Jan 13 16:55:30 try_next_resolver: could not find (any more) working resolvers
> Jan 13 16:55:34 check_resolver_done: autoconf: dead
> Jan 13 16:55:35 [::1]:38441: fritz.box. IN A ?
> Jan 13 16:55:35 find_force: fritz.box. -> fritz.box.[autoconf]
> Jan 13 16:55:35 try_next_resolver[+0ms]: recursor[validating] fritz.box. IN A
> Jan 13 16:55:35 resolve_done[recursor]: fritz.box. IN A rcode: NXDOMAIN[3], 
> elapsed: 0ms, running: 1
> Jan 13 16:55:35 find_force: fritz.box. -> fritz.box.[autoconf]
> Jan 13 16:55:35 resolve_done: doubt NXDOMAIN or BOGUS from recursor, network 
> change 17s ago
> Jan 13 16:55:35 try_next_resolver: could not find (any more) working resolvers
> Jan 13 16:55:35 check_resolver_done: oDoT-autoconf rcode: SERVFAIL
> Jan 13 16:55:36 check_resolver_done: stub: dead
> ^C
>

-- 
In my defence, I have been left unsupervised.

Re: unwind: 'force autoconf' only works without DoT/forwarder

Reply via email to