[Pkg-dns-devel] Bug#879079: knot-dnsutils: kdig +tls fails to call connect()
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 19 05:44:34 UTC 2017
Package: knot-dnsutils
Version: 2.6.0-1
Severity: normal
Control: notfound -1 2.5.4-2
I'm trying to use kdig to test DNS-over-TLS.
The command I'm testing is:
kdig +short +tls -p 853 @199.58.81.218 -t a www.ietf.org
With knot-dnsutils (and libzscanner1, libknot6, libdnssec4) 2.5.4-2,
the command works (it returns the expected data), i see these system
calls at the start of the connection:
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(853), sin_addr=inet_addr("199.58.81.218")}, 16) = -1 EINPROGRESS (Operation now in progress)
poll([{fd=3, events=POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}])
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\26\3\1\0\377\1\0\0\373\3\3Y\350:\262\345\344\253\261z\320\2\257k\33Yz\20\3550\355%"..., iov_len=260}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 260
recvfrom(3, 0x555d5781a0bb, 5, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
But with version 2.6.0-1, the command fails, and i see:
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\26\3\1\0\377\1\0\0\373\3\3Y\350:\267x\n\"\326\200\210\3575n\335\ni&\255\274\272\32"..., iov_len=260}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EPIPE (Broken pipe)
--- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=13905, si_uid=1000} ---
I note that there appears to be no attempt to call connect() with the
newer version -- no wonder it's not working!
It seems to work for TCP and UDP, fwiw. Just not for TLS.
(also, note that the "-p 853" shouldn't even be necessary in the above
command; i'd added it in there to see whether that would help the
testing, but i think it behaves the same way with or without it)
--dkg
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages knot-dnsutils depends on:
ii libc6 2.24-17
ii libdnssec4 2.6.0-1
ii libfstrm0 0.3.0-1+b1
ii libgnutls30 3.5.15-2
ii libidn2-0 2.0.2-5
ii libknot6 2.6.0-1
ii libprotobuf-c1 1.2.1-2
ii libzscanner1 2.6.0-1
knot-dnsutils recommends no packages.
knot-dnsutils suggests no packages.
-- no debconf information
More information about the pkg-dns-devel
mailing list