https://bugzilla.novell.com/show_bug.cgi?id=447369
User mail@steffen-moser.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=447369#c2
Steffen Moser changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
Info Provider|mail@steffen-moser.de |
--- Comment #2 from Steffen Moser 2009-01-25 14:12:13 MST ---
In the meantime, I think I found an explanationfor this strange behavior...
Nevertheless, attached you'll find the requested files.
It seems that the problem is caused by the DNS forwarder which is running on my
ADSL router (Type: Siemens ADSL SL2-141-I, Firmware version: 3.63m). The
openSUSE-11.1 host uses the ADSL router's DNS forwarding services. As soon as I
put the IP address of a "real" DNS server (e.g. the one which my ADSL router
forwards to) into my "/etc/resolv.conf", everything works like it should.
So far, I found out the following:
- Preconditions:
- Having these entries in "/etc/resolv.conf":
| search home.invalid informatik.uni-ulm.de egu.schule.ulm.de
| nameserver 192.168.1.1
- This means: Using my ADSL router as a DNS forwarder
- Behavior:
- When typing "host www" (a host called "www" is existent within both
domains, "informatik.uni-ulm.de" and "egu.schule.ulm.de", but not within
"home.invalid"), the local resolver asks the ADSL router for the IP address of
"www.home.invalid" as "home.invalid" is the first search domain in
"/etc/resolv.conf".
"www.home.invalid" does, as stated, not exist.
- According to "wireshark", the ADSL router answers with the following flags
in its DNS query response:
Flags: 0x8100 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was
not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
[...]
- Of course, the DNS forwarder on the ADSL router doesn't deliver an IP
address for the queried host name (as such one doesn't exist).
- After then, the resolver on the host (openSUSE 11.1, for example) doesn't
continue asking the DNS forwarder for "www" within the other search domains
("www.egu.schule.ulm.de" and "www.informatik.uni-ulm.de"). Perhaps the host
thinks that the answer was "okay" ("No error").
That means in concrete: The host does ask for an "AAAA" and "MX" entry of
"www.home.invalid" (most probably because the "host" command likes to list
these, too), but the second and the third search domains are never used!
The resolver in SuSE 10.0, for example, behaves different. That one asked for
"www.egu.schule.ulm.de" - which can be resolved successfully.
After then I tried the following:
- Preconditions:
- Having these entries in "/etc/resolv.conf":
| search home.invalid informatik.uni-ulm.de egu.schule.ulm.de
| nameserver 217.237.150.188
- This means: I am using my ISP's DNS to resolve host names (and not the
ADSL router's DNS forwarder) this time. By the way: "217.237.150.188" is
exactly the nameserver which my ADSL router forwards its queries to (the one
which is assigned automatically when connecting via PPPoE to my ISP).
- Different Behavior:
- When typing "host www", the local resolver asks "217.237.150.188" for the
IP address of "www.home.invalid" as "home.invalid" is the first search domain
in "/etc/resolv.conf".
"www.home.invalid" does, as stated, still not exist.
- According to "wireshark", "217.237.150.188" answers with the following
flags in its DNS query response:
Flags: 0x8183 (Standard query response, No such name)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was
not authenticated by the server
.... .... .... 0011 = Reply code: No such name (3)
As you can see, the answer for exactly the same query looks totally different
when asking my ISP's DNS server instead of the DNS forwarder served by my ADSL
router. My ISP's DNS server states explicitly that the host name does not
exist. After then, openSUSE-11.1's resolver looks into the other search domains
(which is successful, of course).
Results:
- I suppose that my ADSL router's DNS forwarder behaves in a wrong way (I
haven't looked into the DNS RFCs to make sure that this assumption is right):
It says "No error" (instead of "No such name") if a given host name is not
resolvable.
- But it also seems that the resolver in former versions of SUSE Linux behaved
in a different way. At least SUSE-10.0 started the searches according the
"search" line in "/etc/resolv.conf" even when asking my (most probably buggy)
DNS forwarder that runs on my ADSL router.
This behavior has changed somewhere between SUSE 10.0 and openSUSE 10.3.
Therefore I thought it's an bug in openSUSE, but it seems that the problem is
my ADSL router, or especially the "dproxy" service which is running on it.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.