** Description changed: [impact] glibc's getaddrinfo() uses EDNS0 to talk to resolved, and it sets its payload limit to 1200. When the response is larger than 1200, resolved will limit the response and set the truncate flag. This causes getaddrinfo() to switch to TCP and request again, but glibc incorrectly keeps the EDNS0 RR opt, with the same 1200 payload limit. Most dns nameservers ignore EDNS0 payload limit for TCP, since per RFC it applies only to UDP, but resolved does not and again marks the response as truncated. This prevents getaddrinfo() from being able to resolve any records with a response over 1200 bytes. [test case] use ping or telnet, which use getaddrinfo(), to lookup an A record with a lot of results, like toomany100.ddstreet.org $ telnet toomany100.ddstreet.org telnet: could not resolve toomany100.ddstreet.org/telnet: Temporary failure in name resolution [regression potential] any regression would likely result in failure to correctly lookup a hostname or to provide the correct response to a local client. [other info] + + note that on Bionic, this also requires backporting TCP pipelining + support in the stub resolver.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849733 Title: resolved incorrectly limits TCP reply to edns0 payload To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1849733/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
