This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: gethostbyname() triggering duplicate DNS A queries when CNAMEresponse is received
- From: Jeroen van Bemmel <jvb127 at gmail dot com>
- To: Jeroen van Bemmel <jvb127 at gmail dot com>
- Cc: libc-help at sourceware dot org
- Date: Thu, 28 Jun 2012 17:11:59 -0600
- Subject: Re: gethostbyname() triggering duplicate DNS A queries when CNAMEresponse is received
- References: <CAOpSVYoDBg38XxCLvksLQOxC-1p3B+FUdnongpX4f9jj18eq3Q@mail.gmail.com>
After further investigation, it turns out it is not gethostbyname() which is showing this behavior, but rather getaddrinfo()
Using wget ( wget-1.12-4.fc16.x86_64 ) on a Fedora 16 machine ( Linux TouchPC.bemnet 3.4.2-1.fc16.x86_64 #1 SMP Thu Jun 14 20:17:26 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux ) with latest glibc glibc-2.14.90-24.fc16.7.x86_64 I can easily reproduce this:
in console 1: tcpdump -vvv -n -i eth0 udp port 53
in console 2: wget -4 http://www.gmail.com/
This results in:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:10:01.001394 IP (tos 0x0, ttl 64, id 5328, offset 0, flags [DF], proto UDP (17), length 59)
192.168.1.9.56632 > 8.8.8.8.domain: [udp sum ok] 65238+ A? www.gmail.com. (31)
17:10:01.050289 IP (tos 0x0, ttl 49, id 59730, offset 0, flags [none], proto UDP (17), length 144)
8.8.8.8.domain > 192.168.1.9.56632: [udp sum ok] 65238 q: A? www.gmail.com. 4/0/0 www.gmail.com. [23h58m16s] CNAME mail.google.com., mail.google.com. [23h58m16s] CNAME googlemail.l.google.com., googlemail.l.google.com. [3m16s] A 74.125.226.21, googlemail.l.google.com. [3m16s] A 74.125.226.22 (116)
17:10:01.050602 IP (tos 0x0, ttl 64, id 5377, offset 0, flags [DF], proto UDP (17), length 59)
192.168.1.9.40897 > 8.8.8.8.domain: [udp sum ok] 45628+ A? www.gmail.com. (31)
17:10:01.100292 IP (tos 0x0, ttl 49, id 54961, offset 0, flags [none], proto UDP (17), length 144)
8.8.8.8.domain > 192.168.1.9.40897: [udp sum ok] 45628 q: A? www.gmail.com. 4/0/0 www.gmail.com. [23h58m15s] CNAME mail.google.com., mail.google.com. [23h58m15s] CNAME googlemail.l.google.com., googlemail.l.google.com. [3m15s] A 74.125.226.21, googlemail.l.google.com. [3m15s] A 74.125.226.22 (116)
17:10:01.206856 IP (tos 0x0, ttl 64, id 5533, offset 0, flags [DF], proto UDP (17), length 61)
192.168.1.9.33525 > 8.8.8.8.domain: [udp sum ok] 6412+ A? mail.google.com. (33)
17:10:01.257041 IP (tos 0x0, ttl 49, id 60957, offset 0, flags [none], proto UDP (17), length 120)
8.8.8.8.domain > 192.168.1.9.33525: [udp sum ok] 6412 q: A? mail.google.com. 3/0/0 mail.google.com. [23h57m44s] CNAME googlemail.l.google.com., googlemail.l.google.com. [2m44s] A 74.125.226.22, googlemail.l.google.com. [2m44s] A 74.125.226.21 (92)
17:10:01.257325 IP (tos 0x0, ttl 64, id 5584, offset 0, flags [DF], proto UDP (17), length 61)
192.168.1.9.48033 > 8.8.8.8.domain: [udp sum ok] 38166+ A? mail.google.com. (33)
17:10:01.306068 IP (tos 0x0, ttl 49, id 36554, offset 0, flags [none], proto UDP (17), length 120)
8.8.8.8.domain > 192.168.1.9.48033: [udp sum ok] 38166 q: A? mail.google.com. 3/0/0 mail.google.com. [23h57m44s] CNAME googlemail.l.google.com., googlemail.l.google.com. [2m44s] A 74.125.226.22, googlemail.l.google.com. [2m44s] A 74.125.226.21 (92)
17:10:01.412297 IP (tos 0x0, ttl 64, id 5739, offset 0, flags [DF], proto UDP (17), length 65)
192.168.1.9.57410 > 8.8.8.8.domain: [udp sum ok] 40561+ A? accounts.google.com. (37)
17:10:01.460874 IP (tos 0x0, ttl 49, id 59731, offset 0, flags [none], proto UDP (17), length 106)
8.8.8.8.domain > 192.168.1.9.57410: [udp sum ok] 40561 q: A? accounts.google.com. 2/0/0 accounts.google.com. [23h58m44s] CNAME accounts.l.google.com., accounts.l.google.com. [3m44s] A 209.85.225.84 (78)
17:10:01.461344 IP (tos 0x0, ttl 64, id 5788, offset 0, flags [DF], proto UDP (17), length 65)
192.168.1.9.42570 > 8.8.8.8.domain: [udp sum ok] 24812+ A? accounts.google.com. (37)
17:10:01.515358 IP (tos 0x0, ttl 49, id 2719, offset 0, flags [none], proto UDP (17), length 106)
8.8.8.8.domain > 192.168.1.9.42570: [udp sum ok] 24812 q: A? accounts.google.com. 2/0/0 accounts.google.com. [23h58m44s] CNAME accounts.l.google.com., accounts.l.google.com. [3m44s] A 209.85.225.84 (78)
Note that the DNS queries use different source ports and different transaction ids
Regards,
Jeroen
On Thu, 28 Jun 2012 14:42:08 -0600
Jeroen van Bemmel <jvb127@gmail.com> wrote:
> Hi,
>
> When creating a network visualization tool I noticed that multiple
> identical DNS queries were being generated on a CentOS machine
> ( Linux version 2.6.18-274.3.1.el5 (mockbuild@builder10.centos.org)
> (gcc version 4.1.2 20080704) with glibc-2.5-81.el5_8.2 )
>
> Specifically, this happens when I ping a hostname for which a CNAME
> record is available in DNS. The sequence I get is the following:
>
> 1. DNS Query A hostname
> 2. DNS response with 2 replies: CNAME someotherhost, someotherhost A
> <ipv4 address of someotherhost>
> 3. DNS Query A hostname (different transaction id)
> 4. DNS response with 2 replies: CNAME someotherhost, someotherhost A
> <ipv4 address of someotherhost>
>
> Query #3 happens about 1ms after having received the response #2
>
> I wrote a small wrapper library to catch calls to "gethostbyname",
> returning a fixed response for "hostname". I then verified that
> LD_PRELOAD <mywrapperlibrary> ping hostname calls gethostbyname() once
> and no longer generates any DNS traffic on the network.
>
> Based on the above, it looks like a single call to gethostbyname() can
> trigger 2 identical DNS requests, which is undesired behaviour.
>
> Has anyone else observed this before, any ideas on what might be going on here?
>
> Thanks,
> Jeroen
--
Jeroen van Bemmel <jvb127@gmail.com>