[Bug 1600000] Re: libnss-resolve treats two trailing dots on a domain name incorrectly

Dimitri John Ledkov launchpad at surgut.co.uk
Mon Oct 2 15:10:26 UTC 2017 

229-4ubuntu19
# systemd-resolve www.gnu.org..
www.gnu.org..: 208.118.235.148
               2001:4830:134:3::a
               (www.gnu.org)

-- Information acquired via protocol DNS in 1.8ms.
-- Data is authenticated: no

Which is BAD.

229-4ubuntu20
# systemd-resolve www.gnu.org..
www.gnu.org..: resolve call failed: Invalid hostname 'www.gnu.org..'

Which is GOOD and standards compliant.

** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1600000

Title:
  libnss-resolve treats two trailing dots on a domain name incorrectly

Status in systemd:
  New
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Fix Committed

Bug description:
  [Impact]
  libnss-resolve is an optional component not used by default in xenial. However it treats doubledot incorrectly, meaning it gets resolved when it shouldn't.

  [Fix]
  Cherrypick upstream patch to resolve this issue.

  [Testcase]

  * Enable resolve nss module
  * attempt resolving www.gnu.org..
  * It should fail to resolve

  (base)adconrad at nosferatu:~$ getent ahostsv4 www.gnu.org..
  208.118.235.148 STREAM wildebeest.gnu.org
  208.118.235.148 DGRAM
  208.118.235.148 RAW
  (base)adconrad at nosferatu:~$ sudo sed -i -e 's/ resolve dns/ dns/' /etc/nsswitch.conf
  (base)adconrad at nosferatu:~$ getent ahostsv4 www.gnu.org..
  (base)adconrad at nosferatu:~$ sudo sed -i -e 's/ dns/ resolve dns/' /etc/nsswitch.conf
  (base)adconrad at nosferatu:~$ getent ahostsv4 www.gnu.org..
  208.118.235.148 STREAM wildebeest.gnu.org
  208.118.235.148 DGRAM
  208.118.235.148 RAW
  (base)adconrad at nosferatu:~$

  This is responsible for the new regression in glibc:

  ----------
  FAIL: posix/tst-getaddrinfo5
  original exit status 1
  resolving "localhost." worked, proceeding to test
  resolving "localhost.." failed, test passed
  resolving "www.gnu.org." worked, proceeding to test
  resolving "www.gnu.org.." worked, test failed
  ----------

  [Regression potential]
  Minimal, since this component is not used by default. However, systems that have this enabled exhibit standards non-compliant behavior. It is not expected for anybody to depend on this broken behavior.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1600000/+subscriptions

More information about the foundations-bugs mailing list