The autotools rewrite in c-ares 1.25 might have broken detection
of __system_property_get() which is needed on Android versions
prior to v8 in order to read DNS server settings.
This might fix#907
Authored-By: Brad House (@bradh352)
Some DNS servers don't properly ignore unknown EDNS options as the spec says they must, and instead will return EFORMERR.
See discussion roughly starting here: https://github.com/alpinelinux/docker-alpine/issues/366#issuecomment-2462530681
In this case the DNS server is known to support EDNS in general (as version prior to c-ares 1.33 worked which used EDNS), but when adding the EDNS DNS Cookie extension, they return EFORMERR. This is in violation of [RFC6891 6.1.2](https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2):
> Any OPTION-CODE values not understood by a responder or requestor MUST be ignored.
The server in this example actual echo's back the EDNS record further causing confusion that makes you think they might understand the record.
We need to catch an EFORMERR and re-attempt the query without EDNS completely since they are really non-compliant with EDNS. We may support additional EDNS extensions in the future and don't want to have to probe each individual extension with a braindead server.
Fixes#911
Authored-By: Brad House (@bradh352)
TSAN is warning about a thread concurrency issue that doesn't actually matter if the operation isn't atomic as its an optimization in this code path to skip timeout processing if we're shutting down due to ares_destroy().
Fix By: Jiwoo Park (@jimmy-park)
We added an optimization to stop retries on other address classes
on failures if one address class was received successfully. In
production, however, some odd misconfigured use cases could mean
an ipv6 address would be returned but the host was really only
capable of connecting to ipv4 machines.
We want to modify this optimization now to continue retries on
ipv4 even if ipv6 was received, but NOT the other way around.
It was always more likely that ipv6 resolution would cause the
delays due to system issues, as the world still really only
runs on ipv4...
Authored-By: Brad House (@bradh352)
Due to the way record duplication works, we might sometimes get a
misleading error code. Rewrite the error code to make better
sense.
Authored-By: Brad House (@bradh352)
2 weeks ago
13 changed files with 326 additions and 48 deletions