I dropped the verification-* as there were about the systemd SRU, while I'm preparing the dnsmasq one at the moment.
** Description changed: [Impact] - dnsmasq 2.79 and below omits EDNS0 OPT records when returning an empty answer for a domain it is authoritative for. systemd-resolved seems to get confused by this in certain circumstances; when using the stub resolver and requesting an address for which there are no AAAA records, there can sometimes be a five second hang in resolution. - [Fix] - This is fixed by upstream commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78 + dnsmasq 2.79 and below omits EDNS0 OPT records [1] when returning an + empty answer for a domain it is authoritative for. systemd-resolved + seems to get confused by this in certain circumstances; when using the + stub resolver and requesting an address for which there are no AAAA + records, there can sometimes be a five second hang in resolution. - Not sure if it is worth cherry picking? I imagine the most likely - trigger will be dnsmasq on routers which are not likely to be running - Ubuntu, but maybe just in case. + [1] https://en.wikipedia.org/wiki/Extension_Mechanisms_for_DNS - I also think there are some logic issues in systemd-resolved, upstream - bug filed: + [Test Plan] - https://github.com/systemd/systemd/issues/9785 + Test case for bionic: - [Test Case] - Simple-ish test case for bionic: - - --- + ----------------------------------------- IFACE=dummy0 SUBNET=10.0.0 ip link add $IFACE type dummy ifconfig $IFACE ${SUBNET}.1/24 dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 --server=/test/ & dig -t a test.test @10.0.0.1 | grep EDNS # should return "; EDNS ..." dig -t aaaa test.test @10.0.0.1 | grep EDNS # again, should return "; EDNS ..." but doesn't - --- + ----------------------------------------- - To reproduce the systemd-resolved side of the problem + [Where problems could occur] - --- - # as above, but - # now configure systemd-resolved to look at only 10.0.0.1, then + Problems may occur in case a client queries dnsmasq and relies on EDNS0 + not being available for behaving correctly. This covers cases where the + software querying dnsmasq is buggy or misconfigured. - systemd-resolve --reset-server-features - # should exhibit five second delay then connect, assuming sshd is running :) - ssh test.test - --- + [Development Fix] + Fixed upstream in dnsmasq >= 2.80. - More detailed test case for focal and later: + [Stable Fix] - install dnsmasq on a bionic system and start it, listening to an - interface that is externally reachable, e.g. for a normal libvirt vm - with interface name 'ens3': + Partial cherry-pick of upstream commit + http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78 - IFACE=ens3 - dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,1.2.3.4 --server=/test/ - - note that the '1.2.3.4' address doesn't matter, any addr is ok. - - then setup a test system that can reach the dnsmasq system, and - configure networkd to use the dnsmasq server, e.g. using config like: - - [Match] - Name=ens3 - - [Network] - DHCP=yes - DNS=DNSMASQ_IP_ADDRESS - Domains=test - - [DHCPv4] - UseDNS=no - UseDomains=no - - replace 'DNSMASQ_IP_ADDRESS' with the addr of the bionic system where - dnsmasq is running, and replace 'ens3' with whatever the test system - interface name is. Then restart systemd-networkd, and test: - - systemd-resolve --reset-server-features - systemd-resolve --flush-caches - host test.test - - The lookup using 'host' should complete immediately;. - - [Discussion] - ProblemType: Bug - DistroRelease: Ubuntu 18.04 - Package: dnsmasq-base 2.79-1 - ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18 - Uname: Linux 4.15.0-23-generic x86_64 - ApportVersion: 2.20.9-0ubuntu7.2 - Architecture: amd64 - Date: Sat Aug 4 11:33:56 2018 - InstallationDate: Installed on 2018-05-31 (64 days ago) - InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) - ProcEnviron: - TERM=xterm - PATH=(custom, no user) - LANG=en_GB.UTF-8 - SHELL=/bin/bash - SourcePackage: dnsmasq - UpgradeStatus: No upgrade log present (probably fresh install) + The cherry-pick is partial because half if it is already in the package + .diff we have in Bionic. ** Tags removed: verification-done verification-done-bionic verification-done-focal verification-done-groovy verification-done- hirsute ** Description changed: [Impact] dnsmasq 2.79 and below omits EDNS0 OPT records [1] when returning an empty answer for a domain it is authoritative for. systemd-resolved seems to get confused by this in certain circumstances; when using the stub resolver and requesting an address for which there are no AAAA records, there can sometimes be a five second hang in resolution. [1] https://en.wikipedia.org/wiki/Extension_Mechanisms_for_DNS [Test Plan] Test case for bionic: ----------------------------------------- IFACE=dummy0 SUBNET=10.0.0 ip link add $IFACE type dummy ifconfig $IFACE ${SUBNET}.1/24 dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 --server=/test/ & dig -t a test.test @10.0.0.1 | grep EDNS - # should return "; EDNS ..." + # returns "; EDNS ..." dig -t aaaa test.test @10.0.0.1 | grep EDNS - # again, should return "; EDNS ..." but doesn't + # again, should return "; EDNS ..." but doesn't. + # does so with the -proposed package. ----------------------------------------- [Where problems could occur] Problems may occur in case a client queries dnsmasq and relies on EDNS0 not being available for behaving correctly. This covers cases where the software querying dnsmasq is buggy or misconfigured. [Development Fix] Fixed upstream in dnsmasq >= 2.80. [Stable Fix] Partial cherry-pick of upstream commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78 The cherry-pick is partial because half if it is already in the package .diff we have in Bionic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1785383 Title: missing EDNS0 record confuses systemd-resolved Status in systemd: Fix Released Status in dnsmasq package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in dnsmasq source package in Bionic: In Progress Status in systemd source package in Bionic: Fix Released Status in dnsmasq source package in Focal: Fix Released Status in systemd source package in Focal: Fix Released Status in dnsmasq source package in Groovy: Fix Released Status in systemd source package in Groovy: Fix Released Status in dnsmasq source package in Hirsute: Fix Released Status in systemd source package in Hirsute: Fix Released Status in dnsmasq source package in Impish: Fix Released Status in systemd source package in Impish: Fix Released Bug description: [Impact] dnsmasq 2.79 and below omits EDNS0 OPT records [1] when returning an empty answer for a domain it is authoritative for. systemd-resolved seems to get confused by this in certain circumstances; when using the stub resolver and requesting an address for which there are no AAAA records, there can sometimes be a five second hang in resolution. [1] https://en.wikipedia.org/wiki/Extension_Mechanisms_for_DNS [Test Plan] Test case for bionic: ----------------------------------------- IFACE=dummy0 SUBNET=10.0.0 ip link add $IFACE type dummy ifconfig $IFACE ${SUBNET}.1/24 dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 --server=/test/ & dig -t a test.test @10.0.0.1 | grep EDNS # returns "; EDNS ..." dig -t aaaa test.test @10.0.0.1 | grep EDNS # again, should return "; EDNS ..." but doesn't. # does so with the -proposed package. ----------------------------------------- [Where problems could occur] Problems may occur in case a client queries dnsmasq and relies on EDNS0 not being available for behaving correctly. This covers cases where the software querying dnsmasq is buggy or misconfigured. [Development Fix] Fixed upstream in dnsmasq >= 2.80. [Stable Fix] Partial cherry-pick of upstream commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78 The cherry-pick is partial because half if it is already in the package .diff we have in Bionic. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1785383/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
