Opened 6 years ago
Closed 6 years ago
#18171 closed defect (fixed)
wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) => Fixed in SVN
| Reported by: | ncopa | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 5.2.22 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
The natdnshostresolver returns NOTIMP (rcode 4) on AAAA queries. This causes 5 seconds delays with musl libc, which similar to Go's stupresolver does both A and AAAA queries on hostname lookups. Problem was reported to Alpine Linux and to the musl libc mailing list, where the response was that this is is a bug in VirtualBox.
Example tcpdump:
22:34:45.724471 IP 10.0.2.15.52190 > 10.0.2.3.53: 27848+ A? www.google.com. (32) 22:34:45.724542 IP 10.0.2.15.52190 > 10.0.2.3.53: 28141+ AAAA? www.google.com. (32) 22:34:45.812045 IP 10.0.2.3.53 > 10.0.2.15.52190: 27848 1/0/0 A 216.58.194.164 (48) 22:34:45.812068 IP 10.0.2.3.53 > 10.0.2.15.52190: 28141 NotImp 0/0/0 (32) 22:34:48.228641 IP 10.0.2.15.52190 > 10.0.2.3.53: 28141+ AAAA? www.google.com. (32) 22:34:48.228965 IP 10.0.2.3.53 > 10.0.2.15.52190: 28141 NotImp 0/0/0 (32)
According RFC 1035:
OPCODE A four bit field that specifies kind of query in this message.
...
RCODE Response code - this 4 bit field is set as part of responses. The values have the following interpretation:
...
4 Not Implemented - The name server does not support the requested kind of query.
The fix is to return RCode_NXDomain instead of RCode_NotImp:
402 if ( qtype != Type_A
403 && qtype != Type_CNAME
404 && qtype != Type_PTR
405 && qtype != Type_ANY)
406 {
407 LogErr(("NAT: hostres: unsupported qtype %d\n", qtype));
408 return refuse(pData, m, RCode_NotImp);
409 }
Change History (4)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
A couple of solutions for this are stated below.
The code is in src/VBox/Devices/Network/slirp/hostres.c:517
if ( qtype != Type_A
&& qtype != Type_CNAME
&& qtype != Type_PTR
&& qtype != Type_ANY)
{
LogErr(("NAT: hostres: unsupported qtype %d\n", qtype));
return refuse(res, RCode_NotImp);
}
There are two possible fixes:
- Add a conditional above this code for Type_AAAA where the resolver returns RCode_NXDomain instead of RCode_NotImp:
if (qtype == Type_AAAA) {
LogErr(("NAT: hostres: cannot resolve qtype %d\n", qtype));
return refuse(res, RCode_NXDomain);
}
- Implement IPv6 resolution for AAAA records. The resolve() function at line 574 would need to be updated.
comment:3 by , 6 years ago
| Component: | network → network/NAT |
|---|---|
| Summary: | wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) → wrong RCODE from DNS AAAA query with --natdnshostresolver1 (with suggested fix) => Fixed in SVN |
Thanks for the report! I've changed all NotImps except the one for the opcode to either FormErr or NXDomain (for qclass/qtype). The fix should be in 6.0 and the next 5.2 dot-dot release.
comment:4 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |


This was also discussed here: https://nlnetlabs.nl/pipermail/unbound-users/2017-August/004866.html