[dns-operations] CDS query issues (google issue?)

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Aug 21 16:01:53 UTC 2023


On Mon, Aug 21, 2023 at 02:56:58PM +0000, Jacques Latour via dns-operations wrote:

> We're getting an error when doing this CDS query over TCP?  Just me?
> Seems like a Google bug?
> 
> $ dig ewmc.ca cds @ns-cloud-c4.googledomains.com. +tcp
> netmgr/tcpdns.c:302: fatal error: RUNTIME_CHECK(result == ISC_R_SUCCESS) failed
> Aborted (core dumped)

A quick look at the current (BIND 9.18) code for netmgr/tcpdns.c shows
that all the assertions of the form:

    RUNTIME_CHECK(result == ISC_R_SUCCESS)

are checking the success of basic socket API operations, and are
unrelated to the payload of DNS responses.  This was likly the case
also in the version of `dig` that ran into the failure.

            atomic_store(&sock->connecting, false);

            result = isc_sockaddr_fromsockaddr(&sock->peer, (struct sockaddr *)&ss);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --

            /* 2 minute timeout */
            result = isc__nm_socket_connectiontimeout(sock->fd, 120 * 1000);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --
            uv_os_sock_t sock;

            result = isc__nm_socket(sa_family, SOCK_STREAM, 0, &sock);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --
            /* FIXME: set mss */

            result = isc__nm_socket_reuse(sock);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);

            if (mgr->load_balance_sockets) {
                    result = isc__nm_socket_reuse_lb(sock);
                    RUNTIME_CHECK(result == ISC_R_SUCCESS);

Since you have a core dump, it may be possible to obtain a backtrace to
discern which operation failed.  Perhaps the system ran out of file
descriptors, or there's a per-user limit.

Is this by some chance part of a concurrent bulk scan for CDS records?
I wouldn't recommend `dig` as the tool for that task.

-- 
    Viktor.


More information about the dns-operations mailing list