Bug#519774: libc6: causes many programs not to be able to resolve dns addresses
* Mark Kamichoff:
> Hi -
>
>> The problem is that the DNS server of your ISP does not conform to the
>> RFC and only answer to the AAAA query with a void answer. It never
>> answer to the A query, so the glibc resolver can only conclude the
>> whole query has no answer.
>
> Just a thought, many DNS ALGs on firewalls (eg, Juniper NetScreen) will
> close the UDP/53 session after one packet (response, presumably) is
> received, and drop any subsequent response packets.
This will break other clients, too. For instance, a BIND forwarder
without source port randomization, who happens to have multiple
queries in flight.
Has it been verified that the second DNS packet actually leaves the
box? I think there was word of a kernel bug leading to dropped UDP
packets which might cause this.
Reply to: