bind8 resolver library search order and ndots issue

Ted_Rule at flextech.co.uk Ted_Rule at flextech.co.uk
Mon Dec 10 17:04:15 UTC 2001




Continuing to get to the bottom of the search order problem
as witnessed in the getaddrinfo() problem posted previously.

I've noticed that bind 8.2.5's own resolver library does this at the end of the
search suffix loop with res_nsearch(): ( in src/lib/resolv/res_query.c )

......

        /*
         * If the name has any dots at all, and no earlier 'as-is' query
         * for the name, and "." is not on the search list, then try an as-is
         * query now.
         */
        if (statp->ndots && !(tried_as_is || root_on_list)) {
                ret = res_nquerydomain(statp, name, NULL, class, type,
                                       answer, anslen);
                if (ret > 0)
                        return (ret);
        }

.....

There seems to be a discrepency between comment and code here, as "statp->ndots"
is not the number of dots in the name , its the value of the ndots option in
resolv.conf.
Since it is almost always >0, the first test is always true and more or less
redundant, and an
"as_is" lookup is thus always performed.

If the comment field is what was meant to be coded, I think this should actually
 read,
as below, so that a trailing as_is lookup is only performed if there are some
dots in the name.

      if (dots && !(tried_as_is || root_on_list)) {

Having the "root_on_list" variable means that one can always force backwards
compatibility
by appending "." to resolv.conf's search order.

This, again, would have fixed by getaddrinfo() problem by avoiding the root
level lookups which
hung whilst my internet connectivity was out of action.

The corresponding code in glibc's resolver library does this:

        /* if we have not already tried the name "as is", do that now.
         * note that we do this regardless of how many dots were in the
         * name or whether it ends with a dot.
         */
        if (!tried_as_is) {
                ret = res_querydomain(name, NULL, class, type, answer, anslen);
                if (ret > 0)
                        return (ret);
        }

which completely fails to allow one to ever disable the root level lookup.



Ted



***************************************************************************************************


This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.

If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.

If you have received this E-mail message in error, please contact the author and
 delete the message and any attachments from your computer.

You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
***************************************************************************************************




More information about the bind-workers mailing list