subject:"\[systemd\-devel\] Regression in ipv6 resolutions in systemd\-resolved with AF

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

2016-02-24 Thread Mantas Mikulėnas

On Wed, Feb 24, 2016 at 2:04 PM, Yuriy M. Kaminskiy 
wrote:

> On 19.02.2016 18:26, Lennart Poettering wrote:
>
>> Note that resolved will not look up IPv6 addresses if this isn't
>> explicitly requested if there are no local routable IPv6 addresses
>> configured. And vice versa, it won't look for IPv4 addresses if this
>>
>
> Maybe I'm missing something, but That looks ...problematic. To extreme.
> So, I cannot
>
> getent ahosts www.freedesktop.org | while read a rest; do
>case $a in
>*:*) ip6tables -A OUTPUT -d $a -j REJECT;;
>*.*) iptables -A OUTPUT -d $a -j REJECT;;
>esac
> done
>
> *before* I've got my ipv6 connectivity up and running?


getent ahostsv4 www.freedesktop.org | while read a rest; do
iptables -A OUTPUT -d $a -j REJECT
done
getent ahostsv6 www.freedesktop.org | while read a rest; do
ip6tables -A OUTPUT -d $a -j REJECT
done


I'm not sure I like the feature myself – the last time I had to deal with
libc's equivalent, AI_ADDRCONF, it would even prevent programs from
resolving _localhost_ when the system wasn't online... But, I guess it can
improve things in certain situations.

-- 
Mantas Mikulėnas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

2016-02-24 Thread Yuriy M. Kaminskiy


On 19.02.2016 18:26, Lennart Poettering wrote:

On Fri, 19.02.16 15:43, Sébastien Luttringer (se...@seblu.net) wrote:


Hello,

Since systemd v229, I have one server which no more resolve ipv6 adresses when
it use nss-resolve and AF_UNSPEC.

This issue seems to be linked with the DNS resolver used on its network. This
resolved is provided by a french FAI box (SFR).

I'm currently not able to understand precisely where is the issue, but opening
the socket with AF_UNSPEC does not resolve ipv6 and with AF_INET6
does.


Note that resolved will not look up IPv6 addresses if this isn't
explicitly requested if there are no local routable IPv6 addresses
configured. And vice versa, it won't look for IPv4 addresses if this


Maybe I'm missing something, but That looks ...problematic. To extreme.
So, I cannot

getent ahosts www.freedesktop.org | while read a rest; do
   case $a in
   *:*) ip6tables -A OUTPUT -d $a -j REJECT;;
   *.*) iptables -A OUTPUT -d $a -j REJECT;;
   esac
done

*before* I've got my ipv6 connectivity up and running?


isn't explicitly requested and there are no local routable Ipv4
addresses configured. Basically, when doing lookups without specifying


Same, but if I have ipv6-only native connectivity and my ipv4 tunnel is 
not up yet?



what you want, we'll return something that you can actually talk
to. If during resolving you however specify what you want, then we'll
actually return that.

How precisely does your IP configuration look like? Do you use
per-interface DNS servers (i.e. configured via networkd), or do you
have global DNS servers configured via /etc/resolv.conf or via DNS= in
/etc/systemd/resolved.conf?

If you use per-interface DNS servers, do you have a routable IPv6
address on that interface? If you use global DNS servers instead, do
you have any routable Ipv6 address on any interface?



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

2016-02-23 Thread Lennart Poettering

On Fri, 19.02.16 15:43, Sébastien Luttringer (se...@seblu.net) wrote:

> Hello,
> 
> Since systemd v229, I have one server which no more resolve ipv6 adresses when
> it use nss-resolve and AF_UNSPEC.
> 
> This issue seems to be linked with the DNS resolver used on its network. This
> resolved is provided by a french FAI box (SFR).
> 
> I'm currently not able to understand precisely where is the issue, but opening
> the socket with AF_UNSPEC does not resolve ipv6 and with AF_INET6
> does.

Note that resolved will not look up IPv6 addresses if this isn't
explicitly requested if there are no local routable IPv6 addresses
configured. And vice versa, it won't look for IPv4 addresses if this
isn't explicitly requested and there are no local routable Ipv4
addresses configured. Basically, when doing lookups without specifying
what you want, we'll return something that you can actually talk
to. If during resolving you however specify what you want, then we'll
actually return that.

How precisely does your IP configuration look like? Do you use
per-interface DNS servers (i.e. configured via networkd), or do you
have global DNS servers configured via /etc/resolv.conf or via DNS= in
/etc/systemd/resolved.conf?

If you use per-interface DNS servers, do you have a routable IPv6
address on that interface? If you use global DNS servers instead, do
you have any routable Ipv6 address on any interface?

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

2016-02-19 Thread Sébastien Luttringer

Hello,

Since systemd v229, I have one server which no more resolve ipv6 adresses when
it use nss-resolve and AF_UNSPEC.

This issue seems to be linked with the DNS resolver used on its network. This
resolved is provided by a french FAI box (SFR).

I'm currently not able to understand precisely where is the issue, but opening
the socket with AF_UNSPEC does not resolve ipv6 and with AF_INET6 does.

I have the following nsswitch.conf
# grep hosts /etc/nsswitch.conf 
hosts: files resolve mymachines myhostname

With systemd v228 (precisely arch v228-4)
=
# systemctl --version 
systemd 228
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

# getent ahosts collectd.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW  

# ltrace getent ahosts collectd.seblu.net
...
getaddrinfo("collectd.seblu.net", nil, 0x7ffe7e8e7c70, 0x7ffe7e8e7c68)   = 0

# /usr/lib/systemd/systemd-resolve-host collectd.seblu.net
collectd.seblu.net: 2001:bc8:3173:281:be5f:f4ff:fe84:d75e
(black.seblu.net)

-- Information acquired via protocol DNS in 2.0ms.

With systemd v229 (precisely arch v229-2)
=

# systemctl --version
systemd 229
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

# getent ahosts collectd.seblu.net
# echo $?
2

# ltrace getent ahosts collectd.seblu.net 
...
getaddrinfo("collectd.seblu.net", nil, 0x7ffefda4d280, 0x7ffefda4d278)   = -2
+++ exited (status 2) +++

-2 is EAI_NONAME.

# systemd-resolve collectd.seblu.net 
collectd.seblu.net: resolve call failed: 'black.seblu.net' does not have any RR
of the requested type

Here is a debug enabled transaction in systemd-resolved. 
https://horus.seblu.net/~seblu/systemd/resolved_bug_collectd.txt

Fallback to nss-dns resolver allow resolution to work again
===

# systemctl stop systemd-resolved
# getent ahosts collectd.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d75e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW   

Force socket type to IF_INET6 make resolution to work
==
===
# getent ahostsv6 collectd.seblu.net
2001:bc8:3173:28
1:be5f:f4ff:fe84:d75e STREAM black.seblu.net
2001:bc8:3173:281:be5f:f4ff:fe84:d7
5e DGRAM  
2001:bc8:3173:281:be5f:f4ff:fe84:d75e RAW  

# systemd-resolve -6 collectd.seblu.net
collectd.seblu.net: 2001:bc8:3173:281:be5f:f4ff:fe84:d75e
(black.seblu.net)

-- Information acquired via protocol DNS in 2.0ms.
-- Data is authenticated: no


# python -c 'import socket; print(socket.getaddrinfo("collectd.seblu.net", 
None, socket.AF_UNSPEC))'
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3.5/socket.py", line 732, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known


# python -c 'import socket; print(socket.getaddrinfo("collectd.seblu.net", 
None, socket.AF_INET6))' 
[(, , 6, '', 
('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 0, 0, 0)), (, , 17, '', 
('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 0, 0, 0)), (, , 0, '', ('2001:bc8:3173:281:be5f:f4ff:fe84:d75e', 
0, 0, 0))]


Cheers,

-- 
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A



signature.asc
Description: This is a digitally signed message part
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

Re: [systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

[systemd-devel] Regression in ipv6 resolutions in systemd-resolved with AF_UNSPEC

4 matches

Site Navigation

Mail list logo

Footer information