Welcome, Guest! Log In | Create Account

Share

dproxy - caching DNS proxy

Tracker: Bugs

5 dproxy-nexgen cache confused by IPv6 - ID: 1925234
Last Update: Comment added ( ken_yap )

dproxy-nexgen has a very serious bug when dealing with IPv6 and IPv4
addresses. When receiving an AAAA record, the daemon stores the first 4
bytes of the IPv6 address as a (totally false) IPv4 address into the
cache.

As a consequence, client operating system like Ubuntu, which ask for AAAA
records first, get afterwards a wrong A record and are not able to connect
to systems which already have IPv6 dns entries. This problem will probably
become even more important in the future, when other operating systems
switch their default to IPv6 as well, and more servers publish AAAA
records.

How to reproduce:
$ sudo /etc/init.d/dproxy start
$ dig @localhost AAAA ubuntuusers.de
--> answer: 2001:780:0:25::80 (correct)
$ dig @localhost A ubuntuusers.de
--> answer: 32.1.7.128 (wrong, should be 213.95.41.11)

32.1.7.12 are exactly the first four bytes of 2001:780:0:25::80.

dproxy.debug.log:
--------------------------------
[ 6998 ]: enter cache_purge()
[ 6998 ]: cache_add_hosts_entreies()
[ 6998 ]: cache_add_hosts_entreies(): done
[ 6998 ]: Dumping list:
[ 6998 ]: cache_lookup_name(ubuntuusers.de)
[ 6998 ]: .......... ubuntuusers.de ----
[ 6998 ]: Adding to list-> id: 2105
[ 6998 ]: Addr: 804e008
[ 6998 ]: Dumping list:
[ 6998 ]: ID: 2105 ... Name: ubuntuusers.de ---- IP:
[ 6998 ]: 1. Name: ubuntuusers.de .... 2105 --- 2. 2105
[ 6998 ]: Found query in list
[ 6998 ]: Replying with answer from 192.168.4.12
[ 6998 ]: Cache append: ubuntuusers.de ----> 32.1.7.128
[ 6998 ]: enter cache_purge()
[ 6998 ]: cache_add_hosts_entreies()
[ 6998 ]: cache_add_hosts_entreies(): done
[ 6998 ]: Dumping list:
[ 6998 ]: cache_lookup_name(ubuntuusers.de)
[ 6998 ]: .......... ubuntuusers.de ---- 32.1.7.128
[ 6998 ]: Cache hit
[ 6998 ]: enter cache_purge()
[ 6998 ]: cache_add_hosts_entreies()
[ 6998 ]: cache_add_hosts_entreies(): done

Nobody/Anonymous ( nobody ) - 2008-03-25 14:24

5

Open

None

Nobody/Anonymous

dproxy-nextgen

None

Public


Comment ( 1 )




Date: 2008-03-28 04:53
Sender: ken_yap


I wonder if this explains why an embedded router running dproxy returned
the address 1.0.0.0 for a lookup. This happened when I used Linux
(PuppyLinux and OpenSUSE) to access the Internet via the router, with the
DNS proxyied by the router. Unfortunately I have no access to the router
any more, or I would try disabling IPv6. I should also have taken note of
the router model, I only know that it was running busybox, so it was either
Linux or BSD.

When I tried to use dig to lookup a site, it returned an invalid
response.

Windows had no problems using the proxy, presumably it doesn't ask for
IPv6 information.

Also Firefox had no problem, maybe it doesn't go through the Linux
resolver libraries?

I worked around it by specifying the ISP's forwarders instead of using the
router's proxy. But this would explain why the common advice "disable IPv6"
works for people who have problems getting onto the Internet with Linux,
but not with Windows.

It's sad that this software has now been "hardwired" into so many routers
out there. If this bug is not going to be fixed, perhaps manufacturers of
routers should be encouraged to adopt a DNS proxy that does work. I think
dnsmasq does support IPv6 properly.

Log in to comment.

Attached File

No Files Currently Attached

Change

No changes have been made to this artifact.



About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use