Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "release: consult resolved for host lookups" #3455

Merged
merged 1 commit into from
Sep 14, 2023
Merged

Revert "release: consult resolved for host lookups" #3455

merged 1 commit into from
Sep 14, 2023

Conversation

zmrow
Copy link
Contributor

@zmrow zmrow commented Sep 14, 2023
edited by bcressey
Loading

Issue number:
Fixes #3457

Description of changes:

    This reverts commit dfbf90b8615d237f6ccf774ba8af847cae2c4ae8.
    
    Go's netgo resolver doesn't understand the "resolve" directive in
    nsswitch.conf, so it falls back to cgo, which uses glibc to look up
    hosts.  The glibc lookup behaves differently in certain cases, such as
    multiple records for the same host in `/etc/hosts`.  Avoid the behavior
    change by using the previous order.  This still results in queries going
    through systemd-resolved, just not via the nss plugin.

Testing done:
Before the change:

bash-5.1# resolvectl statistics
DNSSEC supported by current servers: no

Transactions             
Current Transactions: 0
  Total Transactions: 756
                         
Cache                    
  Current Cache Size: 2
          Cache Hits: 305
        Cache Misses: 451
                         
DNSSEC Verdicts          
              Secure: 0
            Insecure: 0
               Bogus: 0
       Indeterminate: 0

After the change:

bash-5.1# resolvectl statistics
DNSSEC supported by current servers: no

Transactions             
Current Transactions: 0
  Total Transactions: 236
                         
Cache                    
  Current Cache Size: 10
          Cache Hits: 144
        Cache Misses: 92
                         
DNSSEC Verdicts          
              Secure: 0
            Insecure: 0
               Bogus: 0
       Indeterminate: 0

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@zmrow
Revert "release: consult resolved for host lookups"
275fdf6 
This reverts commit dfbf90b.

Go's netgo resolver doesn't understand the "resolve" directive in
nsswitch.conf, so it falls back to cgo, which uses glibc to look up
hosts.  The glibc lookup behaves differently in certain cases, such as
multiple records for the same host in `/etc/hosts`.  Avoid the behavior
change by using the previous order.  This still results in queries going
through systemd-resolved, just not via the nss plugin.
@zmrow
Copy link
Contributor Author

zmrow commented Sep 14, 2023

^ Update commit message (and fix a typo in said message)

@zmrow zmrow marked this pull request as ready for review September 14, 2023 17:11
@bcressey
Copy link
Contributor

If I repeat the test case in #3457 with this change, I get the expected output:

# GODEBUG=netdns=2 dns-test asdfasdfasfd.aws.dev
go package net: confVal.netCgo = false  netGo = false
go package net: dynamic selection of DNS resolver
go package net: hostLookupOrder(asdfasdfasfd.aws.dev) = files,dns
[10.0.10.1 10.0.10.2 10.0.10.3]

@zmrow zmrow merged commit 14d6d1d into bottlerocket-os:develop Sep 14, 2023
48 checks passed
@zmrow zmrow deleted the revert-nss branch September 14, 2023 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@stmcginnis stmcginnis stmcginnis approved these changes

@yeazelm yeazelm yeazelm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kubelet now uses cgo for all DNS queries
4 participants
@zmrow @bcressey @stmcginnis @yeazelm