Project

General

Profile

Bug #410

plugin for resolvconf breaks dig and nslookup

Added by Noel Kuntze almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Category:
libhydra
Target version:
Start date:
11.09.2013
Due date:
Estimated time:
Affected version:
5.1.0
Resolution:
Fixed

Description

The formating of the entries in /etc/resolv.conf that are inserted by charon break dig and nslookup.
Example:
Server pushes 192.168.178.48 and 192.168.178.6 as dns resolvers to the VPN initiator.
This makes charon on the initiator side insert the following in /etc/resolv.conf:

nameserver 192.168.178.48
nameserver #
nameserver by
nameserver strongSwan,
nameserver from
nameserver nfs-server
nameserver 192.168.178.6

The strings in between the IPs break dig and nslookup.
"dig" says the following when you try to resolve any domain name:

$ dig google.de
dig: parse of /etc/resolv.conf failed

"nslookup" says something similiar:

$ nslookup google.de 
nslookup: parse of /etc/resolv.conf failed

How to Fix:

Remove the strings in between the IPs

Example:

proper content of /etc/resolv.conf:

nameserver 192.168.178.48
nameserver 192.168.178.6

$ dig google.de
dig google.de

; <<>> DiG 9.9.2-P2 <<>> google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28180
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 4, ADDITIONAL: 5
<Here more proper output>
 nslookup google.de
Server:        192.168.178.48
Address:    192.168.178.48#53

Non-authoritative answer:
Name:    google.de
Address: 109.193.193.45
<more proper output>

Associated revisions

Revision f5dcb38e (diff)
Added by Tobias Brunner almost 5 years ago

resolve: Remove comment when using resolvconf(8)

Since comments in resolv.conf are only valid at the beginning of a line
resolvconf(8) seems to have started treating any text after
'nameserver <ip>' as additional IP addresses for name servers.

Since it ignores comments, and we can easily remove the added servers
again, there is no point to add any.

Fixes #410.

History

#1 Updated by Tobias Brunner almost 5 years ago

nameserver 192.168.178.48
nameserver #
nameserver by
nameserver strongSwan,
nameserver from
nameserver nfs-server
nameserver 192.168.178.6

Hm, that looks very odd. man resolvconf says:

...the information must be provided to resolvconf on its standard input in the format of the resolv.conf(5) file. Each line in the file must be terminated by a newline.

What man resolv.conf has to say about comments is this:

Lines that contain a semicolon (;) or hash character (#) in the first column are treated as comments.

What we actually send to resolvconf is this (using your values):

nameserver 192.168.178.48   # by strongSwan, from nfs-server

So since comments at the end of a line are probably not valid, resolvconf might interpreted these as additional name servers.

The attached patch puts the comment on a separate line right before the nameserver directive. Hopefully, this fixes the issue.

#2 Updated by Noel Kuntze almost 5 years ago

The patch fixes the behaviour of both tools and resolv.conf contains

nameserver 192.168.178.48
nameserver 192.168.178.6

as expected.

#3 Updated by Tobias Brunner almost 5 years ago

  • Category changed from charon to libhydra
  • Status changed from Feedback to Closed
  • Target version set to 5.1.1
  • Resolution set to Fixed

Thanks for testing. Since comments seem to get ignored there is not really a point in adding any.

The associated commit fixes the issue.

Also available in: Atom PDF