Bug 19646 - DNS lookup over TCP is unreliable
Summary: DNS lookup over TCP is unreliable
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.23
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-16 21:00 UTC by Mike Frysinger
Modified: 2016-02-18 14:49 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Frysinger 2016-02-16 21:00:10 UTC
as described by Carlos in resolv/res_send.c:

The send_vc function is responsible for sending a DNS query over TCP  to the nameserver numbered NS from the res_state STATP i.e. EXT(statp).nssocks[ns].  The function supports sending both IPv4 and IPv6 queries at the same serially on the same socket.

Please note that for TCP there is no way to disable sending both queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP and sends the queries serially and waits for the result after each sent query.  This implementation should be corrected to honor these options.

Please also note that for TCP we send both queries over the same socket one after another.  This technically violates best practice since the server is allowed to read the first query, respond, and then close the socket (to service another client).  If the server does this, then the remaining second query in the socket data buffer  will cause the server to send the client an RST which will arrive asynchronously and the client's OS will likely tear down the socket receive buffer resulting in a potentially short read and lost response data.  This will force the client to retry the query again, and this process may repeat until all servers and connection resets are exhausted and then the query will fail.  It's not known if this happens with any frequency in real DNS server implementations.  This implementation should be corrected to use two sockets by default for parallel queries.