From 18758392daab79ecd7d9310a42c9758f60841fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 13 Nov 2018 14:31:18 +0100 Subject: [PATCH 1/2] Restore localhost fallback in bin/dig/dighost.c In BIND 9.11 and earlier, dig and similar tools used liblwres for parsing /etc/resolv.conf. After getting a list of servers from liblwres, a tool would check the address family of each server found and reject those unusable. When the resulting list of usable servers was empty, localhost addresses were queried as a fallback. When liblwres was removed in BIND 9.12, dig and similar tools were updated to parse /etc/resolv.conf using libirs instead. As part of that process, the localhost fallback was removed from bin/dig/dighost.c since the localhost fallback built into libirs was deemed to be sufficient. However, libirs only falls back to localhost if it does not find any name servers at all; if it does find any valid nameserver entry in /etc/resolv.conf, it just returns it to the caller because it is oblivious to whether the caller supports IPv4 and/or IPv6 or not. The code in bin/dig/dighost.c subsequently filters the returned list of servers in get_server_list() according to the requested address family restrictions. This may result in none of the addresses returned by libirs being usable, in which case a tool will attempt to work with an empty server list, causing a hang and subsequently a crash upon user interruption. Restore the localhost fallback in bin/dig/dighost.c to prevent the aforementioned hangs and crashes and ensure recent BIND versions behave identically to the older ones in the circumstances described above. --- bin/dig/dighost.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 410b63435b..5d35e79439 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1227,6 +1227,19 @@ create_search_list(irs_resconf_t *resconf) { } } +/*% + * Append 'addr' to the list of servers to be queried. This function is only + * called when no server addresses are explicitly specified and either libirs + * returns an empty list of servers to use or none of the addresses returned by + * libirs are usable due to the specified address family restrictions. + */ +static void +add_fallback_nameserver(const char *addr) { + dig_server_t *server = make_server(addr, addr); + ISC_LINK_INIT(server, link); + ISC_LIST_APPEND(server_list, server, link); +} + /*% * Setup the system as a whole, reading key information and resolv.conf * settings. @@ -1272,6 +1285,16 @@ setup_system(bool ipv4only, bool ipv6only) { get_server_list(resconf); } + /* If we don't find a nameserver fall back to localhost */ + if (ISC_LIST_EMPTY(server_list)) { + if (have_ipv6) { + add_fallback_nameserver("::1"); + } + if (have_ipv4) { + add_fallback_nameserver("127.0.0.1"); + } + } + irs_resconf_destroy(&resconf); #ifdef HAVE_SETLOCALE From 867bc3399bc4ecf9d7717b4ffd09b9ef7992161a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 13 Nov 2018 14:31:18 +0100 Subject: [PATCH 2/2] Add CHANGES entry 5089. [bug] Restore localhost fallback in dig and host which is used when no nameserver addresses present in /etc/resolv.conf are usable due to the requested address family restrictions. [GL #433] --- CHANGES | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index aba9093b7b..2c8a9b59f4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +5089. [bug] Restore localhost fallback in dig and host which is + used when no nameserver addresses present in + /etc/resolv.conf are usable due to the requested + address family restrictions. [GL #433] + 5088. [bug] dig/host/nslookup could crash when interrupted close to a query timeout. [GL #599]