[EXT] Re: [dns-operations] CDS query issues (google issue?)

Jacques Latour Jacques.Latour at cira.ca
Mon Aug 21 19:13:58 UTC 2023 

Turns out it's a WSL v1 bug, not a dig bug, dig w/TCP for CDS works on WSL v2.

The CDS scanner uses https://pkg.go.dev/github.com/miekg/dns  and it failed for an unrelated reason. (sometimes 1+1 ... ;-)

There's over >100,00 CDS records on our first .CA preliminary scan.

Thanks all!




CLASSIFICATION:CONFIDENTIAL
-----Original Message-----
From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of Viktor Dukhovni
Sent: Monday, August 21, 2023 12:02 PM
To: dns-operations at dns-oarc.net
Subject: [EXT] Re: [dns-operations] CDS query issues (google issue?)

On Mon, Aug 21, 2023 at 02:56:58PM +0000, Jacques Latour via dns-operations wrote:

> We're getting an error when doing this CDS query over TCP?  Just me?
> Seems like a Google bug?
>
> $ dig ewmc.ca cds @ns-cloud-c4.googledomains.com. +tcp
> netmgr/tcpdns.c:302: fatal error: RUNTIME_CHECK(result == ISC_R_SUCCESS) failed
> Aborted (core dumped)

A quick look at the current (BIND 9.18) code for netmgr/tcpdns.c shows
that all the assertions of the form:

    RUNTIME_CHECK(result == ISC_R_SUCCESS)

are checking the success of basic socket API operations, and are
unrelated to the payload of DNS responses.  This was likly the case
also in the version of `dig` that ran into the failure.

            atomic_store(&sock->connecting, false);

            result = isc_sockaddr_fromsockaddr(&sock->peer, (struct sockaddr *)&ss);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --

            /* 2 minute timeout */
            result = isc__nm_socket_connectiontimeout(sock->fd, 120 * 1000);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --
            uv_os_sock_t sock;

            result = isc__nm_socket(sa_family, SOCK_STREAM, 0, &sock);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);
    --
            /* FIXME: set mss */

            result = isc__nm_socket_reuse(sock);
            RUNTIME_CHECK(result == ISC_R_SUCCESS);

            if (mgr->load_balance_sockets) {
                    result = isc__nm_socket_reuse_lb(sock);
                    RUNTIME_CHECK(result == ISC_R_SUCCESS);

Since you have a core dump, it may be possible to obtain a backtrace to
discern which operation failed.  Perhaps the system ran out of file
descriptors, or there's a per-user limit.

Is this by some chance part of a concurrent bulk scan for CDS records?
I wouldn't recommend `dig` as the tool for that task.

--
    Viktor.
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list