Opened 6 years ago
Closed 6 years ago
#18171 closed defect (fixed)
wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) => Fixed in SVN
Reported by: | ncopa | Owned by: | |
---|---|---|---|
Component: | network/NAT | Version: | VirtualBox 5.2.22 |
Keywords: | Cc: | ||
Guest type: | other | Host type: | other |
Description
The natdnshostresolver returns NOTIMP (rcode 4) on AAAA queries. This causes 5 seconds delays with musl libc, which similar to Go's stupresolver does both A and AAAA queries on hostname lookups. Problem was reported to Alpine Linux and to the musl libc mailing list, where the response was that this is is a bug in VirtualBox.
Example tcpdump:
22:34:45.724471 IP 10.0.2.15.52190 > 10.0.2.3.53: 27848+ A? www.google.com. (32) 22:34:45.724542 IP 10.0.2.15.52190 > 10.0.2.3.53: 28141+ AAAA? www.google.com. (32) 22:34:45.812045 IP 10.0.2.3.53 > 10.0.2.15.52190: 27848 1/0/0 A 216.58.194.164 (48) 22:34:45.812068 IP 10.0.2.3.53 > 10.0.2.15.52190: 28141 NotImp 0/0/0 (32) 22:34:48.228641 IP 10.0.2.15.52190 > 10.0.2.3.53: 28141+ AAAA? www.google.com. (32) 22:34:48.228965 IP 10.0.2.3.53 > 10.0.2.15.52190: 28141 NotImp 0/0/0 (32)
According RFC 1035:
OPCODE A four bit field that specifies kind of query in this message.
...
RCODE Response code - this 4 bit field is set as part of responses. The values have the following interpretation:
...
4 Not Implemented - The name server does not support the requested kind of query.
The fix is to return RCode_NXDomain instead of RCode_NotImp:
402 if ( qtype != Type_A 403 && qtype != Type_CNAME 404 && qtype != Type_PTR 405 && qtype != Type_ANY) 406 { 407 LogErr(("NAT: hostres: unsupported qtype %d\n", qtype)); 408 return refuse(pData, m, RCode_NotImp); 409 }
Change History (4)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
A couple of solutions for this are stated below.
The code is in src/VBox/Devices/Network/slirp/hostres.c:517
if ( qtype != Type_A && qtype != Type_CNAME && qtype != Type_PTR && qtype != Type_ANY) { LogErr(("NAT: hostres: unsupported qtype %d\n", qtype)); return refuse(res, RCode_NotImp); }
There are two possible fixes:
- Add a conditional above this code for Type_AAAA where the resolver returns RCode_NXDomain instead of RCode_NotImp:
if (qtype == Type_AAAA) { LogErr(("NAT: hostres: cannot resolve qtype %d\n", qtype)); return refuse(res, RCode_NXDomain); }
- Implement IPv6 resolution for AAAA records. The resolve() function at line 574 would need to be updated.
comment:3 by , 6 years ago
Component: | network → network/NAT |
---|---|
Summary: | wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) → wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) => Fixed in SVN |
Thanks for the report! I've changed all NotImp
s except the one for the opcode to either FormErr
or NXDomain
(for qclass/qtype). The fix should be in 6.0 and the next 5.2 dot-dot release.
comment:4 by , 6 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
This was also discussed here: https://nlnetlabs.nl/pipermail/unbound-users/2017-August/004866.html