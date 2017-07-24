Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


DNS Lib Underscore Bug Bites Everyone's Favorite Init Tool, Blanks Netflix

Posted by msmash from the duh dept.
Reader OneHundredAndTen writes and shares a report: Systemd doing what it does best. From a report on The Register: A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged over the weekend, when Gentoo user Dennis Schridde submitted a bug report to the Systemd project. Essentially, he described a failure within systemd-resolve, a Systemd component that turns human-readable domain names into IP addresses for software, like web browsers, to connect to. The Systemd resolver couldn't look up Netflix's servers for Schridde's web browser, according to the report. In his detailed post, Schridde said he expected this to happen: ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net gets resolved to 37.77.187.142 or 2a00:86c0:5:5::142. When in reality, that wasn't happening, so Netflix couldn't be reached on his box. His speculation that libidn2, which adds internationalised domain names support to the resolver, was at fault turned out to be accurate. Rebuilding Systemd without that library cleared the problem.

  • Headline implies that the scope of the problem is much bigger than it is. While I don't like systemd, it's not like systemd took out all of Netflix.

    • Re: (Score:1)

      by Anonymous Coward

      I guess you expected the headline to explain everything to you in full detail and with absolute accuracy, that's a pity.

      But users with systemd is NOT an 'edge case' really. In fact it's becoming more like users WITHOUT systemd would be the edge cases, within *nix.

      • This is not a comment to malign the horros of systemd. Rather, I would like to point out that a significant subset of /. readers DO expect the headline to explain everything so that reading the article becomes unnecessary.

        Just sayin'. But you know it's true.

        One has to wonder what other subtle bugs are in systemd. Purely unintentionally, of course. No TLAs would want an opportunity to widely disseminate new bugs into vast numbers of systems.

      • Re: (Score:2)

        by Nkwe ( 604125 )

        But users with systemd is NOT an 'edge case' really. In fact it's becoming more like users WITHOUT systemd would be the edge cases, within *nix.

        I believe the edge case is Netflix viewers running systemd, not just users with systemd. Sure many people view Netflix via Linux, but I doubt it is a significant portion of all Netflix viewers, thus an edge case. Offended by being referred to as an edge case? Perhaps "edge case" is a bit too much troll as the parent post is getting modded, "relatively minor case" may be more accurate.

        Any yeah, systemd still sucks, but doesn't warrant sensationalized headlines.

    • The real problem here isn't that a handful of Linux users couldn't use Netflix.

      The real problem is that, yet again, systemd has been involved in critical functionality breaking in an unusual and unexpected way.

      It doesn't matter if it was an external library that systemd used that's responsible. Systemd is responsible for the problem because it uses this flawed library.

      There's no reason for systemd to be involved with resolving domain names. Linux got by just fine throughout the 1990s, the 2000s, and even a

  • Not a bug (Score:3, Insightful)

    by arth1 ( 260657 ) on Monday July 24, 2017 @12:06PM (#54867451) Homepage Journal

    Underscores are not allowed in domain names. Some resolvers allow them for historical reasons, because they were common in Microsoft environments that defaulted to converting a space to an underscore when entering the hostname on initial configuration, back when Microsoft thought that everybody would be using Microsoft Network and not Internet.

    But they're not legal, and should NOT resolve. My DNS servers do not have the ancient msdos compatibility turned on, and reject them as they should.

    libidn (internationalized domain names, punycode) do not use them either, and if it rejects them, all the better.

    • If we're on the subject of what's wrong with this hostname, I'll add that they put "ipv6" in the hostname itself and yet it can resolve to an ipv4 address.

    • Re:Not a bug (Score:4, Insightful)

      by aardvarkjoe ( 156801 ) on Monday July 24, 2017 @12:11PM (#54867499)

      But they're not legal, and should NOT resolve. My DNS servers do not have the ancient msdos compatibility turned on, and reject them as they should.

      Although apparently the behavior that it has is to strip out the offending characters and then try to resolve the result, which doesn't make a whole lot of sense either.

      From the bug, it looks like the problem is caused by linking with libidn2, and support for that was marked as "experimental" in systemd, so this really doesn't matter much. You shouldn't be enabling experimental features in software unless you're willing to deal with potential problems.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Bullshit.

      Disallowing underscores violates RFC2782.

    • Re: (Score:2)

      by OzPeter ( 195038 )

      Underscores are not allowed in domain names.

      But .. but .. but .. systemd!!!!!!

    • Underscores are not allowed in domain names.

      That has not been the case and is not the case currently. RFC 2181 dictates differently and more specifically section 11 of said RFC. [ietf.org]

    • [This discussion](https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it) on StackOverflow seems to disagree with that statement. I don't really understand the specifics of it and don't really have time to delve into them right now, but the basics are that while using an underscore is illegal in a host name, it is not illegal to use one in a domain name (I'm not sure of how the difference is discerned here). I'm not saying you're wrong, but it seems like there is c

  • Does anyone know if they've settled on a timeline for pulling all SSH into systemd as well?

    • I hear that Poettering has declared ssh a "broken concept", and so he's going to pull telnetd into systemd instead and permanently block port 22.

    • Re: (Score:2)

      by zm ( 257549 )

      Does anyone know if they've settled on a timeline for pulling all SSH into systemd as well?

      I think right after they pull systemd into emacs.

      • This is exactly why emacs is inferior to vim.

        Anyone can figure out how to quit out of vim.

        Early emacs users were unable to quit out of emacs, and had to resort to rebuilding all OS and application functions using emacs lisp.
  • Lennart: CLOSED. WONTFIX.
    Slashdot: ..b-but its a bug!!
    Lennart: well yes I see how you could think that but once you use OpenRC it becomes very apparent that this bug disappears and is resolved, so of course, its not a bug.

  • So reading between the lines... (Score:3)

    by Balial ( 39889 ) on Monday July 24, 2017 @12:22PM (#54867569) Homepage

    "A Gentoo users ... recompiled a component... everything is working OK now".

    How is this not working as designed?

  • systemd = not-invented-here anti-UNIX botnet trash

  • I assume the poster wanted to be funny, right ?

    Or is it one of those "black is white", "up is down" orwellian thing ?

    Living in interesting times....

  • systemd network manager also does not do server stuff to well like bonding / bridging / etc.

  • The systemd fan club's response is that underscores are not allowed in DNS, and that this is ultimately a libidn2 bug.

    Both of these excuses are claptrap.

    Underscores are not valid in hostnames. They are valid in DNS labels.

    It is not the DNS resolver's job to translate internationalized domain names. It is the application's job to do so. The DNS resolver's job is to resolve the request. Full stop. Ten year old versions of bind will happily process, and pass on, internationalized domain name. This is because i

  • A bug was noted in an optional library that wasn't default for any release of systemd.
    The following release of systemd downgraded support of the optional unused library libidn2 to experimental.
    A pull requested was put in the bug tracker by the maintainer (not Poettering) to fix this in the future.
    Some dude compiles a piece of software with an experimental library and ... wait for it, this is the best part ... he notices a bug.

    It makes front page news and Slashdot users start frothing from their mouth in the

