[PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT

Written from the glibc source and resolv.conf.5.

Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org> [1]

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136

Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
---
 man3/resolver.3 | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 81 insertions(+), 5 deletions(-)

diff --git a/man3/resolver.3 b/man3/resolver.3
index 19c4192..1b22708 100644
--- a/man3/resolver.3
+++ b/man3/resolver.3
@@ -204,7 +204,7 @@ implemented].
 Use TCP connections for queries rather than UDP datagrams.
 .TP
 .B RES_PRIMARY
-Query primary domain name server only.
+Query primary domain name server only. [Not currently implemented].
 .TP
 .B RES_IGNTC
 Ignore truncation errors.
@@ -238,10 +238,86 @@ domain and in parent domains.
 This option is used by
 .BR gethostbyname (3).
 [Enabled by default].
-.PP
-This list is not complete.
-You can find some other flags described in
-.BR resolv.conf (5).
+.TP
+.B RES_INSECURE1
+Accept a response from a wrong server and show it on stdout (for debug
+purpose only).
+.TP
+.B RES_INSECURE2
+Accept a response which contains a wrong query and show it on stdout (for
+debug purpose only).
+.TP
+.B RES_NOALIASES
+Disable usage of
+.B HOSTALIASES
+environment variable.
+.TP
+.B RES_USE_INET6
+Try a AAAA query before an A query inside the
+.BR gethostbyname ()
+function, and map IPv4 responses in IPv6 "tunneled form" if no AAAA
+records are found but an A record set exists.
+.TP
+.B RES_ROTATE
+Causes round-robin selection of name servers from among those listed. This
+has the effect of spreading the query load among all listed servers, rather
+than having all clients try the first listed server first every time.
+.TP
+.B RES_NOCHECKNAME
+Disable the modern BIND checking of incoming hostnames and mail names
+for invalid characters such as underscore (_), non-ASCII, or control
+characters. [Not currently implemented].
+.TP
+.B RES_KEEPTSIG
+Do not strip TSIG records. [Not currently implemented].
+.TP
+.B RES_BLAST
+When resolvers want to even out the load on their nameservers, following
+them. Note this option overrides
+.BR RES_ROTATE .
+.TP
+.B RES_USEBSTRING
+Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
+if this option is not set, then nibble format is used (since glibc 2.3.4).
+.TP
+.B RES_NOIP6DOTINT
+Use
+.I ip6.arpa
+zone in IPv6 reverse lookup instead of
+.I ip6.int
+which is deprecated since glibc 2.3.4. [Enabled by default].
+.TP
+.B RES_USE_EDNS0
+Enables support for the DNS extensions (EDNS0) described in RFC 2671 (since
+glibc 2.6).
+.TP
+.B RES_SNGLKUP
+By default, glibc performs IPv4 and IPv6 lookups in parallel since version
+2.9. Some appliance DNS servers cannot handle these queries properly and
+make the requests time out. This option disables the behavior and makes
+glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some
+slowdown of the resolving process) (since glibc 2.10).
+.TP
+.B RES_SNGLKUPREOP
+When
+.B RES_SNGLKUP
+option is enabled, opens a new socket for the each request.
+.TP
+.B RES_USE_DNSSEC
+Use DNSSEC with OK bit in OPT record. This option implies
+.BR RES_USE_EDNS0 .
+.TP
+.B RES_NOTLDQUERY
+Do not look up unqualified name as a TLD.
+.TP
+.B RES_DEFAULT
+Default option which implies:
+.BR RES_RECURSE ,
+.BR RES_DEFNAMES ,
+.BR RES_DNSRCH
+and
+.BR RES_NOIP6DOTINT .
+
 .SH RETURN VALUE
 The
 .BR res_init ()
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Michael Kerrisk (man-pages)]

Hi Stéphane,

Good stuff. See comments below. Coud you amend and resubmit.

On 03/07/2015 09:58 PM, Stéphane Aulery wrote:
> Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
> ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
> SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT
> 
> Written from the glibc source and resolv.conf.5.
> 
> Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org> [1]
> 
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
> 
> Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
> ---
>  man3/resolver.3 | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
>  1 file changed, 81 insertions(+), 5 deletions(-)
> 
> diff --git a/man3/resolver.3 b/man3/resolver.3
> index 19c4192..1b22708 100644
> --- a/man3/resolver.3
> +++ b/man3/resolver.3
> @@ -204,7 +204,7 @@ implemented].
>  Use TCP connections for queries rather than UDP datagrams.
>  .TP
>  .B RES_PRIMARY
> -Query primary domain name server only.
> +Query primary domain name server only. [Not currently implemented].

New sentence on new source line please. And (many) other instances below.

>  .TP
>  .B RES_IGNTC
>  Ignore truncation errors.
> @@ -238,10 +238,86 @@ domain and in parent domains.
>  This option is used by
>  .BR gethostbyname (3).
>  [Enabled by default].
> -.PP
> -This list is not complete.
> -You can find some other flags described in
> -.BR resolv.conf (5).
> +.TP
> +.B RES_INSECURE1
> +Accept a response from a wrong server and show it on stdout (for debug

s/stdout/standard output/
And other instances below.

> +purpose only).
> +.TP
> +.B RES_INSECURE2
> +Accept a response which contains a wrong query and show it on stdout (for
> +debug purpose only).
> +.TP
> +.B RES_NOALIASES
> +Disable usage of
> +.B HOSTALIASES
> +environment variable.
> +.TP
> +.B RES_USE_INET6
> +Try a AAAA query before an A query inside the

s/a AAAA/an AAAA/

> +.BR gethostbyname ()
> +function, and map IPv4 responses in IPv6 "tunneled form" if no AAAA
> +records are found but an A record set exists.
> +.TP
> +.B RES_ROTATE
> +Causes round-robin selection of name servers from among those listed. This

New sentence on new source line please.

> +has the effect of spreading the query load among all listed servers, rather
> +than having all clients try the first listed server first every time.
> +.TP
> +.B RES_NOCHECKNAME
> +Disable the modern BIND checking of incoming hostnames and mail names
> +for invalid characters such as underscore (_), non-ASCII, or control
> +characters. [Not currently implemented].
> +.TP
> +.B RES_KEEPTSIG
> +Do not strip TSIG records. [Not currently implemented].
> +.TP
> +.B RES_BLAST
> +When resolvers want to even out the load on their nameservers, following
> +them. 

I do not understand that last sentence. Could you clarify please.

> Note this option overrides
> +.BR RES_ROTATE .
> +.TP
> +.B RES_USEBSTRING
> +Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
> +if this option is not set, then nibble format is used (since glibc 2.3.4).

Does the "(since glibc 2.3.4)" apply to the option, or to the
"then nibble format is used"? It's not clear. If the former, then write

.BR RES_USEBSTRING " (since glibc 2.3.4)"

If the latter, then write

"then (since glibc 2.3.4) nibble format is used".

> +.TP
> +.B RES_NOIP6DOTINT
> +Use
> +.I ip6.arpa
> +zone in IPv6 reverse lookup instead of
> +.I ip6.int

s/.I ip6.int./IR ip6.int ,/

> +which is deprecated since glibc 2.3.4. [Enabled by default].
> +.TP
> +.B RES_USE_EDNS0
> +Enables support for the DNS extensions (EDNS0) described in RFC 2671 (since
> +glibc 2.6).

I think above, we want:

.TP
.BR RES_USE_EDNS0 " (since glibc 2.6)"

(This is the usual way that man-pages documents the release version 
for options.)

> +.TP
> +.B RES_SNGLKUP
> +By default, glibc performs IPv4 and IPv6 lookups in parallel since version
> +2.9. Some appliance DNS servers cannot handle these queries properly and
> +make the requests time out. This option disables the behavior and makes
> +glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some
> +slowdown of the resolving process) (since glibc 2.10).

.TP
.BR RES_SNGLKUP " (since glibc 2.10)"

?

> +.TP
> +.B RES_SNGLKUPREOP
> +When
> +.B RES_SNGLKUP
> +option is enabled, opens a new socket for the each request.
> +.TP
> +.B RES_USE_DNSSEC
> +Use DNSSEC with OK bit in OPT record. This option implies
> +.BR RES_USE_EDNS0 .
> +.TP
> +.B RES_NOTLDQUERY
> +Do not look up unqualified name as a TLD.

s/TLD/top-level domain (TLD)/

> +.TP
> +.B RES_DEFAULT
> +Default option which implies:
> +.BR RES_RECURSE ,
> +.BR RES_DEFNAMES ,
> +.BR RES_DNSRCH
> +and
> +.BR RES_NOIP6DOTINT .
> +
>  .SH RETURN VALUE
>  The
>  .BR res_init ()

Thanks,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Hi Michael,

I made another patch with all your remarks.

Le dimanche 08 mars 2015 à 09:20:18, Michael Kerrisk (man-pages) a écrit :
> 
> > +.TP
> > +.B RES_USE_INET6
> > +Try a AAAA query before an A query inside the
> 
> s/a AAAA/an AAAA/

This is a copy of resolv.conf.5. I will fix this too.


> > +.B RES_BLAST
> > +When resolvers want to even out the load on their nameservers, following
> > +them. 
> 
> I do not understand that last sentence. Could you clarify please.

I must admit that it's not clear to me either. I think this means that
server alias are swapped between each request. I have wrong? The word
"blast" leaves me skeptical.

What I found in code source:

From resolv.h:

#define RES_BLAST       0x00020000      /* blast all recursive servers */

Form res_send.c

/*
* Some resolvers want to even out the load on their nameservers.
* Note that RES_BLAST overrides RES_ROTATE.
*/
if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) &&
   (statp->options & RES_BLAST) == 0) {
      struct sockaddr_in6 *ina;
      unsigned int map;

      n = 0;
      while (n < MAXNS && EXT(statp).nsmap[n] == MAXNS)
         n++;
      if (n < MAXNS) {
         ina = EXT(statp).nsaddrs[n];
         map = EXT(statp).nsmap[n];
         for (;;) {
            ns = n + 1;
            while (ns < MAXNS
               && EXT(statp).nsmap[ns] == MAXNS)
               ns++;
            if (ns == MAXNS)
               break;
            EXT(statp).nsaddrs[n] = EXT(statp).nsaddrs[ns];
            EXT(statp).nsmap[n] = EXT(statp).nsmap[ns];
            n = ns;
         }
         EXT(statp).nsaddrs[n] = ina;
         EXT(statp).nsmap[n] = map;
      }
}


> > Note this option overrides
> > +.BR RES_ROTATE .
> > +.TP
> > +.B RES_USEBSTRING
> > +Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
> > +if this option is not set, then nibble format is used (since glibc 2.3.4).
> 
> Does the "(since glibc 2.3.4)" apply to the option, or to the
> "then nibble format is used"? It's not clear. If the former, then write

I don't no. I picked this from resolv.conf.5.
It should be for RES_USEBSTRING.

Regards,

-- 
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Michael Kerrisk (man-pages)]

Hello Stéphane,

On 03/08/2015 01:03 PM, Stéphane Aulery wrote:
> Hi Michael,
> 
> I made another patch with all your remarks.

Did you send it already. (No hurry--it's just that I wonder if I missed it.)

> Le dimanche 08 mars 2015 à 09:20:18, Michael Kerrisk (man-pages) a écrit :
>>
>>> +.TP
>>> +.B RES_USE_INET6
>>> +Try a AAAA query before an A query inside the
>>
>> s/a AAAA/an AAAA/
> 
> This is a copy of resolv.conf.5. I will fix this too.

Yup. Thanks.

>>> +.B RES_BLAST
>>> +When resolvers want to even out the load on their nameservers, following
>>> +them. 
>>
>> I do not understand that last sentence. Could you clarify please.
> 
> I must admit that it's not clear to me either. I think this means that
> server alias are swapped between each request. I have wrong? The word
> "blast" leaves me skeptical.
> 
> What I found in code source:
> 
>>From resolv.h:
> 
> #define RES_BLAST       0x00020000      /* blast all recursive servers */
> 
> Form res_send.c
> 
> /*
> * Some resolvers want to even out the load on their nameservers.
> * Note that RES_BLAST overrides RES_ROTATE.
> */
> if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) &&
>    (statp->options & RES_BLAST) == 0) {
>       struct sockaddr_in6 *ina;
>       unsigned int map;
> 
>       n = 0;
>       while (n < MAXNS && EXT(statp).nsmap[n] == MAXNS)
>          n++;
>       if (n < MAXNS) {
>          ina = EXT(statp).nsaddrs[n];
>          map = EXT(statp).nsmap[n];
>          for (;;) {
>             ns = n + 1;
>             while (ns < MAXNS
>                && EXT(statp).nsmap[ns] == MAXNS)
>                ns++;
>             if (ns == MAXNS)
>                break;
>             EXT(statp).nsaddrs[n] = EXT(statp).nsaddrs[ns];
>             EXT(statp).nsmap[n] = EXT(statp).nsmap[ns];
>             n = ns;
>          }
>          EXT(statp).nsaddrs[n] = ina;
>          EXT(statp).nsmap[n] = map;
>       }
> }

Okay -- I leave it to your discretion to choose what to do here.

>>> Note this option overrides
>>> +.BR RES_ROTATE .
>>> +.TP
>>> +.B RES_USEBSTRING
>>> +Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
>>> +if this option is not set, then nibble format is used (since glibc 2.3.4).
>>
>> Does the "(since glibc 2.3.4)" apply to the option, or to the
>> "then nibble format is used"? It's not clear. If the former, then write
> 
> I don't no. I picked this from resolv.conf.5.
> It should be for RES_USEBSTRING.

Okay.

Cheers,

Michael



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Le lundi 09 mars 2015 à 08:24:38, Michael Kerrisk (man-pages) a écrit :
> Hello Stéphane,
> 
> On 03/08/2015 01:03 PM, Stéphane Aulery wrote:
> > Hi Michael,
> > 
> > I made another patch with all your remarks.
> 
> Did you send it already. (No hurry--it's just that I wonder if I missed it.)

I was waiting your answers to the question bellow before.

> >>> +.B RES_BLAST
> >>> +When resolvers want to even out the load on their nameservers, following
> >>> +them. 
> >>
> >> I do not understand that last sentence. Could you clarify please.
> > 
> > I must admit that it's not clear to me either. I think this means that
> > server alias are swapped between each request. I have wrong? The word
> > "blast" leaves me skeptical.
> > 
> > What I found in code source:
> > 
> >>From resolv.h:
> > 
> > #define RES_BLAST       0x00020000      /* blast all recursive servers */
> > 
> > Form res_send.c
> > 
> > /*
> > * Some resolvers want to even out the load on their nameservers.
> > * Note that RES_BLAST overrides RES_ROTATE.
> > */
> > if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) &&
> >    (statp->options & RES_BLAST) == 0) {
> >       struct sockaddr_in6 *ina;
> >       unsigned int map;
> > 
> >       n = 0;
> >       while (n < MAXNS && EXT(statp).nsmap[n] == MAXNS)
> >          n++;
> >       if (n < MAXNS) {
> >          ina = EXT(statp).nsaddrs[n];
> >          map = EXT(statp).nsmap[n];
> >          for (;;) {
> >             ns = n + 1;
> >             while (ns < MAXNS
> >                && EXT(statp).nsmap[ns] == MAXNS)
> >                ns++;
> >             if (ns == MAXNS)
> >                break;
> >             EXT(statp).nsaddrs[n] = EXT(statp).nsaddrs[ns];
> >             EXT(statp).nsmap[n] = EXT(statp).nsmap[ns];
> >             n = ns;
> >          }
> >          EXT(statp).nsaddrs[n] = ina;
> >          EXT(statp).nsmap[n] = map;
> >       }
> > }
> 
> Okay -- I leave it to your discretion to choose what to do here.

No please, I need your help.

-- 
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Michael Kerrisk (man-pages)]

On 03/09/2015 08:54 AM, Stéphane Aulery wrote:
> Le lundi 09 mars 2015 à 08:24:38, Michael Kerrisk (man-pages) a écrit :
>> Hello Stéphane,
>>
>> On 03/08/2015 01:03 PM, Stéphane Aulery wrote:
>>> Hi Michael,
>>>
>>> I made another patch with all your remarks.
>>
>> Did you send it already. (No hurry--it's just that I wonder if I missed it.)
> 
> I was waiting your answers to the question bellow before.
> 
>>>>> +.B RES_BLAST
>>>>> +When resolvers want to even out the load on their nameservers, following
>>>>> +them. 
>>>>
>>>> I do not understand that last sentence. Could you clarify please.
>>>
>>> I must admit that it's not clear to me either. I think this means that
>>> server alias are swapped between each request. I have wrong? The word
>>> "blast" leaves me skeptical.
>>>
>>> What I found in code source:
>>>
>>> >From resolv.h:
>>>
>>> #define RES_BLAST       0x00020000      /* blast all recursive servers */
>>>
>>> Form res_send.c
>>>
>>> /*
>>> * Some resolvers want to even out the load on their nameservers.
>>> * Note that RES_BLAST overrides RES_ROTATE.
>>> */
>>> if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) &&
>>>    (statp->options & RES_BLAST) == 0) {
>>>       struct sockaddr_in6 *ina;
>>>       unsigned int map;
>>>
>>>       n = 0;
>>>       while (n < MAXNS && EXT(statp).nsmap[n] == MAXNS)
>>>          n++;
>>>       if (n < MAXNS) {
>>>          ina = EXT(statp).nsaddrs[n];
>>>          map = EXT(statp).nsmap[n];
>>>          for (;;) {
>>>             ns = n + 1;
>>>             while (ns < MAXNS
>>>                && EXT(statp).nsmap[ns] == MAXNS)
>>>                ns++;
>>>             if (ns == MAXNS)
>>>                break;
>>>             EXT(statp).nsaddrs[n] = EXT(statp).nsaddrs[ns];
>>>             EXT(statp).nsmap[n] = EXT(statp).nsmap[ns];
>>>             n = ns;
>>>          }
>>>          EXT(statp).nsaddrs[n] = ina;
>>>          EXT(statp).nsmap[n] = map;
>>>       }
>>> }
>>
>> Okay -- I leave it to your discretion to choose what to do here.
> 
> No please, I need your help.

Sorry -- the code is not clear to me, and I don't have the time 
to investigate deeper.

Google turns up this detail from the O'Reilly DNS and BIND
book:

    "Blast" all recursive servers by sending queries to 
    the simultaneously. Not implemented yet.

The first sentence makes sense. I'm not sure whether
the second is true for glibc or not. But, I just grepped
the entire C source code for Fedora 20, and found no users 
of RES_BLAST, so indeed maybe it is not implemented.

Thanks,

Michael



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Le lundi 09 mars 2015 à 10:49:55, Michael Kerrisk (man-pages) a écrit :
> On 03/09/2015 08:54 AM, Stéphane Aulery wrote:
> > Le lundi 09 mars 2015 à 08:24:38, Michael Kerrisk (man-pages) a écrit :
> > 
> >>>>> +.B RES_BLAST
> >>>>> +When resolvers want to even out the load on their nameservers, following
> >>>>> +them. 
> >>>>
> >>>> I do not understand that last sentence. Could you clarify please.
> >>>
> >>> I must admit that it's not clear to me either. I think this means that
> >>> server alias are swapped between each request. I have wrong? The word
> >>> "blast" leaves me skeptical.
> >>>
> >>> What I found in code source:
> >>>
> >>> Form res_send.c
> >>>
> >>> /*
> >>> * Some resolvers want to even out the load on their nameservers.
> >>> * Note that RES_BLAST overrides RES_ROTATE.
> >>> */
> >>> if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) &&
> >>>    (statp->options & RES_BLAST) == 0) {
> >>>       struct sockaddr_in6 *ina;
> >>>       unsigned int map;
> >>>
> >>>       n = 0;
> >>>       while (n < MAXNS && EXT(statp).nsmap[n] == MAXNS)
> >>>          n++;
> >>>       if (n < MAXNS) {
> >>>          ina = EXT(statp).nsaddrs[n];
> >>>          map = EXT(statp).nsmap[n];
> >>>          for (;;) {
> >>>             ns = n + 1;
> >>>             while (ns < MAXNS
> >>>                && EXT(statp).nsmap[ns] == MAXNS)
> >>>                ns++;
> >>>             if (ns == MAXNS)
> >>>                break;
> >>>             EXT(statp).nsaddrs[n] = EXT(statp).nsaddrs[ns];
> >>>             EXT(statp).nsmap[n] = EXT(statp).nsmap[ns];
> >>>             n = ns;
> >>>          }
> >>>          EXT(statp).nsaddrs[n] = ina;
> >>>          EXT(statp).nsmap[n] = map;
> >>>       }
> >>> }
> >>
> >> Okay -- I leave it to your discretion to choose what to do here.
> > 
> > No please, I need your help.
> 
> Sorry -- the code is not clear to me, and I don't have the time 
> to investigate deeper.

Thank you for your help.

> Google turns up this detail from the O'Reilly DNS and BIND
> book:
> 
>     "Blast" all recursive servers by sending queries to 
>     the simultaneously. Not implemented yet.
> 
> The first sentence makes sense. I'm not sure whether
> the second is true for glibc or not. But, I just grepped
> the entire C source code for Fedora 20, and found no users 
> of RES_BLAST, so indeed maybe it is not implemented.

Options not implemented are explicitly mentioned. [1]
So for me it is.

I propose:

    Send each query simultaneously and recursively to all servers.

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_debug.c;hb=95f386609f378063b35e0c4ede8c2d2ceea91f51#l564

Regards,

-- 
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT

Written from the glibc source and resolv.conf.5.

Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org>

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
---
 man3/resolver.3 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 91 insertions(+), 8 deletions(-)

diff --git a/man3/resolver.3 b/man3/resolver.3
index 19c4192..06704b1 100644
--- a/man3/resolver.3
+++ b/man3/resolver.3
@@ -197,19 +197,20 @@ which is not the default.
 Accept authoritative answers only.
 .BR res_send ()
 continues until
-it finds an authoritative answer or returns an error.  [Not currently
-implemented].
+it finds an authoritative answer or returns an error.
+[Not currently implemented].
 .TP
 .B RES_USEVC
 Use TCP connections for queries rather than UDP datagrams.
 .TP
 .B RES_PRIMARY
 Query primary domain name server only.
+[Not currently implemented].
 .TP
 .B RES_IGNTC
 Ignore truncation errors.
-Don't retry with TCP.  [Not currently
-implemented].
+Don't retry with TCP.
+[Not currently implemented].
 .TP
 .B RES_RECURSE
 Set the recursion desired bit in queries.
@@ -238,10 +239,92 @@ domain and in parent domains.
 This option is used by
 .BR gethostbyname (3).
 [Enabled by default].
-.PP
-This list is not complete.
-You can find some other flags described in
-.BR resolv.conf (5).
+.TP
+.B RES_INSECURE1
+Accept a response from a wrong server and show it on standard output
+(for debug purpose only).
+.TP
+.B RES_INSECURE2
+Accept a response which contains a wrong query and show it on standard
+output (for debug purpose only).
+.TP
+.B RES_NOALIASES
+Disable usage of
+.B HOSTALIASES
+environment variable.
+.TP
+.B RES_USE_INET6
+Try an AAAA query before an A query inside the
+.BR gethostbyname ()
+function, and map IPv4 responses in IPv6 "tunneled form" if no AAAA records
+are found but an A record set exists.
+.TP
+.B RES_ROTATE
+Causes round-robin selection of name servers from among those listed.
+This has the effect of spreading the query load among all listed servers,
+rather than having all clients try the first listed server first every
+time.
+.TP
+.B RES_NOCHECKNAME
+Disable the modern BIND checking of incoming hostnames and mail names
+for invalid characters such as underscore (_), non-ASCII,
+or control characters.
+[Not currently implemented].
+.TP
+.B RES_KEEPTSIG
+Do not strip TSIG records.
+[Not currently implemented].
+.TP
+.B RES_BLAST
+Send each query simultaneously and recursively to all servers.
+Note this option overrides
+.BR RES_ROTATE .
+.TP
+.BR RES_USEBSTRING " (since glibc 2.3.4)"
+Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
+if this option is not set, then nibble format is used.
+.TP
+.B RES_NOIP6DOTINT
+Use
+.I ip6.arpa
+zone in IPv6 reverse lookup instead of
+.IR ip6.int ,
+which is deprecated since glibc 2.3.4.
+[Enabled by default].
+.TP
+.BR RES_USE_EDNS0 " (since glibc 2.6)"
+Enables support for the DNS extensions (EDNS0) described in RFC 2671.
+.TP
+.BR RES_SNGLKUP " (since glibc 2.10)"
+By default, glibc performs IPv4 and IPv6 lookups in parallel since
+version 2.9.
+Some appliance DNS servers cannot handle these queries properly
+and make the requests time out.
+This option disables the behavior and makes glibc
+perform the IPv6 and IPv4 requests sequentially
+(at the cost of some slowdown of the resolving process).
+.TP
+.B RES_SNGLKUPREOP
+When
+.B RES_SNGLKUP
+option is enabled, opens a new socket for the each request.
+.TP
+.B RES_USE_DNSSEC
+Use DNSSEC with OK bit in OPT record.
+This option implies
+.BR RES_USE_EDNS0 .
+.TP
+.B RES_NOTLDQUERY
+Do not look up unqualified name as a top-level domain (TLD).
+.TP
+.B RES_DEFAULT
+Default option which implies:
+.BR RES_RECURSE ,
+.BR RES_DEFNAMES ,
+.BR RES_DNSRCH
+and
+.BR RES_NOIP6DOTINT .
+
 .SH RETURN VALUE
 The
 .BR res_init ()
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Michael Kerrisk (man-pages)]

On 03/09/2015 09:44 PM, Stéphane Aulery wrote:
> Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
> ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
> SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT
> 
> Written from the glibc source and resolv.conf.5.

Thanks Stéphane! Applied.

Cheers,

Michael


> Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org>
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
> Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
> ---
>  man3/resolver.3 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
>  1 file changed, 91 insertions(+), 8 deletions(-)
> 
> diff --git a/man3/resolver.3 b/man3/resolver.3
> index 19c4192..06704b1 100644
> --- a/man3/resolver.3
> +++ b/man3/resolver.3
> @@ -197,19 +197,20 @@ which is not the default.
>  Accept authoritative answers only.
>  .BR res_send ()
>  continues until
> -it finds an authoritative answer or returns an error.  [Not currently
> -implemented].
> +it finds an authoritative answer or returns an error.
> +[Not currently implemented].
>  .TP
>  .B RES_USEVC
>  Use TCP connections for queries rather than UDP datagrams.
>  .TP
>  .B RES_PRIMARY
>  Query primary domain name server only.
> +[Not currently implemented].
>  .TP
>  .B RES_IGNTC
>  Ignore truncation errors.
> -Don't retry with TCP.  [Not currently
> -implemented].
> +Don't retry with TCP.
> +[Not currently implemented].
>  .TP
>  .B RES_RECURSE
>  Set the recursion desired bit in queries.
> @@ -238,10 +239,92 @@ domain and in parent domains.
>  This option is used by
>  .BR gethostbyname (3).
>  [Enabled by default].
> -.PP
> -This list is not complete.
> -You can find some other flags described in
> -.BR resolv.conf (5).
> +.TP
> +.B RES_INSECURE1
> +Accept a response from a wrong server and show it on standard output
> +(for debug purpose only).
> +.TP
> +.B RES_INSECURE2
> +Accept a response which contains a wrong query and show it on standard
> +output (for debug purpose only).
> +.TP
> +.B RES_NOALIASES
> +Disable usage of
> +.B HOSTALIASES
> +environment variable.
> +.TP
> +.B RES_USE_INET6
> +Try an AAAA query before an A query inside the
> +.BR gethostbyname ()
> +function, and map IPv4 responses in IPv6 "tunneled form" if no AAAA records
> +are found but an A record set exists.
> +.TP
> +.B RES_ROTATE
> +Causes round-robin selection of name servers from among those listed.
> +This has the effect of spreading the query load among all listed servers,
> +rather than having all clients try the first listed server first every
> +time.
> +.TP
> +.B RES_NOCHECKNAME
> +Disable the modern BIND checking of incoming hostnames and mail names
> +for invalid characters such as underscore (_), non-ASCII,
> +or control characters.
> +[Not currently implemented].
> +.TP
> +.B RES_KEEPTSIG
> +Do not strip TSIG records.
> +[Not currently implemented].
> +.TP
> +.B RES_BLAST
> +Send each query simultaneously and recursively to all servers.
> +Note this option overrides
> +.BR RES_ROTATE .
> +.TP
> +.BR RES_USEBSTRING " (since glibc 2.3.4)"
> +Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
> +if this option is not set, then nibble format is used.
> +.TP
> +.B RES_NOIP6DOTINT
> +Use
> +.I ip6.arpa
> +zone in IPv6 reverse lookup instead of
> +.IR ip6.int ,
> +which is deprecated since glibc 2.3.4.
> +[Enabled by default].
> +.TP
> +.BR RES_USE_EDNS0 " (since glibc 2.6)"
> +Enables support for the DNS extensions (EDNS0) described in RFC 2671.
> +.TP
> +.BR RES_SNGLKUP " (since glibc 2.10)"
> +By default, glibc performs IPv4 and IPv6 lookups in parallel since
> +version 2.9.
> +Some appliance DNS servers cannot handle these queries properly
> +and make the requests time out.
> +This option disables the behavior and makes glibc
> +perform the IPv6 and IPv4 requests sequentially
> +(at the cost of some slowdown of the resolving process).
> +.TP
> +.B RES_SNGLKUPREOP
> +When
> +.B RES_SNGLKUP
> +option is enabled, opens a new socket for the each request.
> +.TP
> +.B RES_USE_DNSSEC
> +Use DNSSEC with OK bit in OPT record.
> +This option implies
> +.BR RES_USE_EDNS0 .
> +.TP
> +.B RES_NOTLDQUERY
> +Do not look up unqualified name as a top-level domain (TLD).
> +.TP
> +.B RES_DEFAULT
> +Default option which implies:
> +.BR RES_RECURSE ,
> +.BR RES_DEFNAMES ,
> +.BR RES_DNSRCH
> +and
> +.BR RES_NOIP6DOTINT .
> +
>  .SH RETURN VALUE
>  The
>  .BR res_init ()
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[walter harms]

Am 09.03.2015 21:44, schrieb Stéphane Aulery:
> Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
> ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
> SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT
> 
> Written from the glibc source and resolv.conf.5.
> 
> Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org>
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
> Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
> ---
>  man3/resolver.3 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
>  1 file changed, 91 insertions(+), 8 deletions(-)
> 
> diff --git a/man3/resolver.3 b/man3/resolver.3
> index 19c4192..06704b1 100644
> --- a/man3/resolver.3
> +++ b/man3/resolver.3
> @@ -197,19 +197,20 @@ which is not the default.
>  Accept authoritative answers only.
>  .BR res_send ()
>  continues until
> -it finds an authoritative answer or returns an error.  [Not currently
> -implemented].
> +it finds an authoritative answer or returns an error.
> +[Not currently implemented].
>  .TP
>  .B RES_USEVC
>  Use TCP connections for queries rather than UDP datagrams.
>  .TP
>  .B RES_PRIMARY
>  Query primary domain name server only.
> +[Not currently implemented].

pitpicking:
 the phrase is normally "not yet implemented"
perhaps you can add as comment what version you have tested to
give pple a hint where to look.



>  .TP
>  .B RES_IGNTC
>  Ignore truncation errors.
> -Don't retry with TCP.  [Not currently
> -implemented].
> +Don't retry with TCP.
> +[Not currently implemented].
>  .TP
>  .B RES_RECURSE
>  Set the recursion desired bit in queries.
> @@ -238,10 +239,92 @@ domain and in parent domains.
>  This option is used by
>  .BR gethostbyname (3).
>  [Enabled by default].
> -.PP
> -This list is not complete.
> -You can find some other flags described in
> -.BR resolv.conf (5).
> +.TP
> +.B RES_INSECURE1
> +Accept a response from a wrong server and show it on standard output
> +(for debug purpose only).

is there a debug mode switch or is this a compiletime option ?
this could be of interest for admins that do not want this.

just my 2 cents,
 wh

> +.TP
> +.B RES_INSECURE2
> +Accept a response which contains a wrong query and show it on standard
> +output (for debug purpose only).
> +.TP
> +.B RES_NOALIASES
> +Disable usage of
> +.B HOSTALIASES
> +environment variable.
> +.TP
> +.B RES_USE_INET6
> +Try an AAAA query before an A query inside the
> +.BR gethostbyname ()
> +function, and map IPv4 responses in IPv6 "tunneled form" if no AAAA records
> +are found but an A record set exists.
> +.TP
> +.B RES_ROTATE
> +Causes round-robin selection of name servers from among those listed.
> +This has the effect of spreading the query load among all listed servers,
> +rather than having all clients try the first listed server first every
> +time.
> +.TP
> +.B RES_NOCHECKNAME
> +Disable the modern BIND checking of incoming hostnames and mail names
> +for invalid characters such as underscore (_), non-ASCII,
> +or control characters.
> +[Not currently implemented].
> +.TP
> +.B RES_KEEPTSIG
> +Do not strip TSIG records.
> +[Not currently implemented].
> +.TP
> +.B RES_BLAST
> +Send each query simultaneously and recursively to all servers.
> +Note this option overrides
> +.BR RES_ROTATE .
> +.TP
> +.BR RES_USEBSTRING " (since glibc 2.3.4)"
> +Make reverse IPv6 lookups using the bit-label format described in RFC 2673;
> +if this option is not set, then nibble format is used.
> +.TP
> +.B RES_NOIP6DOTINT
> +Use
> +.I ip6.arpa
> +zone in IPv6 reverse lookup instead of
> +.IR ip6.int ,
> +which is deprecated since glibc 2.3.4.
> +[Enabled by default].
> +.TP
> +.BR RES_USE_EDNS0 " (since glibc 2.6)"
> +Enables support for the DNS extensions (EDNS0) described in RFC 2671.
> +.TP
> +.BR RES_SNGLKUP " (since glibc 2.10)"
> +By default, glibc performs IPv4 and IPv6 lookups in parallel since
> +version 2.9.
> +Some appliance DNS servers cannot handle these queries properly
> +and make the requests time out.
> +This option disables the behavior and makes glibc
> +perform the IPv6 and IPv4 requests sequentially
> +(at the cost of some slowdown of the resolving process).
> +.TP
> +.B RES_SNGLKUPREOP
> +When
> +.B RES_SNGLKUP
> +option is enabled, opens a new socket for the each request.
> +.TP
> +.B RES_USE_DNSSEC
> +Use DNSSEC with OK bit in OPT record.
> +This option implies
> +.BR RES_USE_EDNS0 .
> +.TP
> +.B RES_NOTLDQUERY
> +Do not look up unqualified name as a top-level domain (TLD).
> +.TP
> +.B RES_DEFAULT
> +Default option which implies:
> +.BR RES_RECURSE ,
> +.BR RES_DEFNAMES ,
> +.BR RES_DNSRCH
> +and
> +.BR RES_NOIP6DOTINT .
> +
>  .SH RETURN VALUE
>  The
>  .BR res_init ()
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] resolver.3: documents missing options used by _res structure defined in resolv.h and indicates defaults options

[Stéphane Aulery]

Hello walter,

Le mardi 10 mars 2015 à 11:46:33, walter harms a écrit :
> 
> Am 09.03.2015 21:44, schrieb Stéphane Aulery:
> > Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6,
> > ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0,
> > SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT
> > 
> > Written from the glibc source and resolv.conf.5.
> > 
> > Debian bug #527136 reported by Jakub Wilk <ubanus-iA+eEnwkJgzk1uMJSBkQmQ@public.gmane.org>
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
> > Signed-off-by: Stéphane Aulery <saulery-GANU6spQydw@public.gmane.org>
> > ---
> >  man3/resolver.3 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
> >  1 file changed, 91 insertions(+), 8 deletions(-)
> > 
> > diff --git a/man3/resolver.3 b/man3/resolver.3
> > index 19c4192..06704b1 100644
> > --- a/man3/resolver.3
> > +++ b/man3/resolver.3
> > @@ -197,19 +197,20 @@ which is not the default.
> >  Accept authoritative answers only.
> >  .BR res_send ()
> >  continues until
> > -it finds an authoritative answer or returns an error.  [Not currently
> > -implemented].
> > +it finds an authoritative answer or returns an error.
> > +[Not currently implemented].
> >  .TP
> >  .B RES_USEVC
> >  Use TCP connections for queries rather than UDP datagrams.
> >  .TP
> >  .B RES_PRIMARY
> >  Query primary domain name server only.
> > +[Not currently implemented].
> 
> pitpicking:
>  the phrase is normally "not yet implemented"

That's not me. We can change it ?

> perhaps you can add as comment what version you have tested to
> give pple a hint where to look.

I have not tested. It is written in code:

https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_debug.c;hb=44a6213c8eebf3f69712a5fba9a33bbb90a79023#l565

For that matter to seek versions, why not just give the version of this
that is implemented. This will be information that does not expires.

> >  .TP
> >  .B RES_IGNTC
> >  Ignore truncation errors.
> > -Don't retry with TCP.  [Not currently
> > -implemented].
> > +Don't retry with TCP.
> > +[Not currently implemented].
> >  .TP
> >  .B RES_RECURSE
> >  Set the recursion desired bit in queries.
> > @@ -238,10 +239,92 @@ domain and in parent domains.
> >  This option is used by
> >  .BR gethostbyname (3).
> >  [Enabled by default].
> > -.PP
> > -This list is not complete.
> > -You can find some other flags described in
> > -.BR resolv.conf (5).
> > +.TP
> > +.B RES_INSECURE1
> > +Accept a response from a wrong server and show it on standard output
> > +(for debug purpose only).
> 
> is there a debug mode switch or is this a compiletime option ?
> this could be of interest for admins that do not want this.
> 
> just my 2 cents,
>  wh

That's options are always available. The message display is subjected to the
simultaneous use of RES_DEBUG option. However, the commentary and option name
imply that it is to test security flaws, but at your own risk:

    /*
    * response from wrong server? ignore it.
    * XXX - potential security hazard could
    * be detected here.
    */

I realize that my description may not be entirely fair. It could be :

    Accept a response from a wrong server. Potential security hazard
    could be detected here, but you need to compile glibc with debugging
    enabled and use RES_DEBUG option.

Regards,

-- 
Stéphane Aulery
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html