If a TCP connection hangs to the configured name server, the name resolution functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo and related functions) will wait indefinitely and never return to the caller. We should apply the configured timeout to TCP connections as well (perhaps separately for connection establishment and the actual query). Not flagging as security because I don't see a way to exploit this for an attacker which already has far more potent means to disrupt DNS resolution because they are on the forwarding path for DNS packets.
*** Bug 19696 has been marked as a duplicate of this bug. ***