Bug #17658
closedDNS resolution failure with multiple named resolvers
Description
Description¶
I created a Resolv::DNS
resolver with two nameservers described using their domain names. Calling #getresources
on this for an A
or NS
(and possibly other resource types) of domain example.com
returns an empty list (no results, no error). I expected it to return the corresponding resource record (IP of example.com
).
Instead if the Resolv::DNS
instance is created with one resolver domain name or two resolvers' IP addresses then correct results are obtained. The error occurs only when more than two nameservers [or possibly more] are specified using their domain names.
Testcases¶
I used two well-known public DNS servers to test (they have funky but legitimate TLDs):
- dns.google (8.8.4.4, 8.8.8.8)
- one.one.one.one (1.1.1.1, 1.0.0.1)
✗ Failing: two nameservers by name¶
require 'resolv'
Resolv::DNS.new({nameserver: ['dns.google', 'one.one.one.one']}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> []
✓ Successful: one nameserver by name¶
(either as a single-item list or a string)
Resolv::DNS.new({nameserver: 'dns.google'}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> [#<Resolv::DNS::Resource::IN::A:0x000055ee95df9ad8 @address=#<Resolv::IPv4 93.184.216.34>, @ttl=16840>]
Resolv::DNS.new({nameserver: ['one.one.one.one']}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> [#<Resolv::DNS::Resource::IN::A:0x000055ee95517c80 @address=#<Resolv::IPv4 93.184.216.34>, @ttl=77160>]
✓ Successful: one nameserver by IP¶
(either as a single-item list or a string)
Resolv::DNS.new({nameserver: ['8.8.4.4']}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> [#<Resolv::DNS::Resource::IN::A:0x000055ee95e28d38 @address=#<Resolv::IPv4 93.184.216.34>, @ttl=20931>]
Resolv::DNS.new({nameserver: '1.1.1.1'}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> [#<Resolv::DNS::Resource::IN::A:0x000055ee95e41360 @address=#<Resolv::IPv4 93.184.216.34>, @ttl=66081>]
✓ Successful: two nameservers by IP¶
Resolv::DNS.new({nameserver: ['8.8.4.4', '1.1.1.1']}).getresources('example.com', Resolv::DNS::Resource::IN::A)
=> [#<Resolv::DNS::Resource::IN::A:0x000055ee95d62ea8 @address=#<Resolv::IPv4 93.184.216.34>, @ttl=20894>]
A little analysis¶
I didn't get to the bottom of this but this may help:
- When only one nameserver is used then a
Resolv::DNS::Requester::ConnectedUDP::Sender
is used; when two nameservers are used anUnconnectedUDP::Sender
is used. - The code appears to be timing out and then retried even though correct requests are made and responses received.
- In particular, if I packet trace 53/udp then the conversation is exactly as I would expect and near identical in both failing and successful cases. That is:
- Request A record for first nameserver from local resolver
- Receive IP of first nameserver
- Request A record of
example.com
from first nameserver - Receive IP of
example.com
In the successful case, the conversation ends here. In the failing case, the code round-robins between the two nameservers until it finally returns[]
.
Test environment¶
Tested ruby 2.5.0p0 on Red Hat 6 and rubies 2.7.1p83, 2.7.2p137 on Ubuntu 20 from two different networks with identical results.