VirtualBox

Opened 23 months ago

Closed 21 months ago

#20977 closed defect (fixed)

The natdnshostresolver DNS server may incorrectly answer NXDOMAIN instead of NOERROR for AAAA requests

Reported by: optaget Owned by:
Component: other Version: VirtualBox 6.1.34
Keywords: Cc:
Guest type: Windows Host type: Windows

Description

I am running a Windows guest on a Windows host. The guest thinks it has IPv6 connectivity (I need this for testing something on ::1) while the host does not think it has IPv6 connectivity.

If I run "dig aaaa wwww.dr.dk" in the host I get: 

; <<>> DiG 9.16.1-Ubuntu <<>> aaaa www.dr.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36226
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.dr.dk.                     IN      AAAA

;; ANSWER SECTION:
www.dr.dk.              3       IN      CNAME   www.dr.dk-v1.edgekey.net.
www.dr.dk-v1.edgekey.net. 330   IN      CNAME   e16198.dscb.akamaiedge.net.
e16198.dscb.akamaiedge.net. 7   IN      AAAA    2a02:26f0:3b:2bc::3f46
e16198.dscb.akamaiedge.net. 7   IN      AAAA    2a02:26f0:3b:295::3f46
e16198.dscb.akamaiedge.net. 7   IN      AAAA    2a02:26f0:3b:29c::3f46
e16198.dscb.akamaiedge.net. 7   IN      AAAA    2a02:26f0:3b:286::3f46
e16198.dscb.akamaiedge.net. 7   IN      AAAA    2a02:26f0:3b:2a2::3f46

;; Query time: 60 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 10 13:45:00 CEST 2022
;; MSG SIZE  rcvd: 253

If I run it in the guest I get: 

; <<>> DiG 9.16.28 <<>> aaaa www.dr.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2870
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fcdf863339a0e226 (echoed)
;; QUESTION SECTION:
;www.dr.dk.                     IN      AAAA

;; Query time: 0 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Fri Jun 10 11:45:18 Coordinated Universal Time 2022
;; MSG SIZE  rcvd: 50

The fact that the guest receives NXDOMAIN is problematic: If Windows thinks it has both IPv4 and IPv6 connectivity, it will make an A and an AAAA DNS lookup in parallel for a given hostname. However, if it first receives an NXDOMAIN for the AAAA request, it will immediately conclude that there are no A records either. In practice this means that DNS lookups often fail for me in the guest.

I believe the behavior of Windows is correct. See https://datatracker.ietf.org/doc/html/rfc2308.

Change History (2)

comment:1 by optaget, 22 months ago

I forgot a central piece of information: I use a VM configured with "--natdnshostresolver"

comment:2 by galitsyn, 21 months ago

Resolution: fixed
Status: newclosed

Thank you for reporting the issue. It should be fixed in VirtualBox 6.1.36. Please refer to https://www.virtualbox.org/wiki/Downloads page.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use