On Sat, 4 Sep 2010 17:26:40 +0200, Benoit Panizzon paniz...@woody.ch said:
Hi all
I seam to quite often stumble over this bug and wonder if the router is buggy
or the client is buggy.
Most Motorola ADSL/VDSL Routers which Swisscom sent to their customers for
about the last two years or so, have a DNS proxy enabled by default. The dhcp
clients get the IP address of the router as DNS.
Now some resolvers (the linux glibc resolver at least), when resolving a
hostname first ask for and when no RR and no error is returned, they ask
for the A record.
Now when a host is resolved that way via a Motorola DNS Proxy, the query
does not result in:
- No Error, no RR returned.
But in
- Error 0011 = No such Name.
If the linux glibc receives Error 0011 it does not continue looking for an A
record, but return 'Hostname not found' or similar immediately. Thus making
hosts which have a valid IPv4 but first were asked for their address not
reachable from linux.
The workaround is to not use the DNS proxy on those routers.
Windowses do not seam to have this problem, even with ipv6 enabled.
So who is wrong? The linux glibc or the router?
The DNS proxy is clearly broken if it returns NXDomain instead of a
NoData response if the Name exists but the record at that name
doesn't. You'll also find that pretty much all DNS proxies out there
are broken when it comes to EDNS and/or DNSSEC. It's really a tragedy
that ISPs don't pay any attention to this when they select such
equipment.
It is correct for a stub resolver to stop looking for other records at
a name that it just learned doesn't exist (I assume you do have IPv6
connectivity, because otherwise the stub resolver should not look for
a record at all).
--
Alex
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
