LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-02-2016, 11:13 AM   #1
StirlingEngine
LQ Newbie
 
Registered: Jul 2014
Posts: 7

Rep: Reputation: Disabled
Problem with res_query and nameservers


I have an Apache server which has recently been moved behind a router. In order to access some blacklists (e.g., Tor) several loadable Apache modules need to know the server's internet-facing IP address.

gethostbyname worked when the system was connected directly to the internet, but now it returns the LAN address.

I've looked at solutions and the simplest one appears to be to use the resolver library and res_query, specifying a nameserver outside the LAN. Test program below ...

The problem is that the test program still appears to be using information from resolv.conf rather than the outside nameservers.

Fiddling with setting and clearing control bits in the _res structure has produced no progress. (Unfortunately, many of the control bits are defined, but have no effect.)

The author of the original program from which this one is adopted noted that it was necessary on his system to do a dummy call to res_query after res_init to get the new nameservers to work. This fix did not work on my system.

Any help will be greatly appreciated.

Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
#include <resolv.h>
#include <netdb.h>

#define N 4096

/* --------------------------------- */
/* CODE BEGINS                       */
/* --------------------------------- */

int main (int argc, char *argv[]) {
    u_char nsbuf[N];
    char dispbuf[N];
    ns_msg msg;
    ns_rr rr;
    int i, l;

    if (argc < 2) {
        printf ("Usage: %s <domain>\n", argv[0]);
        exit (1);
    }

/* Initialize to use the Google nameservers */
     res_init();
   l = res_query(argv[1], ns_c_any, ns_t_ns, nsbuf, sizeof(nsbuf));
     _res.nscount = 2;
     _res.nsaddr_list[0].sin_family = AF_INET;
     _res.nsaddr_list[0].sin_addr.s_addr = inet_addr("8.8.8.8");
     _res.nsaddr_list[0].sin_port = htons(53);
     _res.nsaddr_list[1].sin_family = AF_INET;
     _res.nsaddr_list[1].sin_addr.s_addr = inet_addr("8.8.4.4");
     _res.nsaddr_list[1].sin_port = htons(53);

    printf("Domain:   %s\n\n", argv[1]);

 /* Print the A record return or the error code */
    printf("A record(s):\n");

    l = res_query(argv[1], ns_c_any, ns_t_a, nsbuf, sizeof(nsbuf));
    if (l < 0) perror(argv[1]);
    ns_initparse(nsbuf, l, &msg);
    l = ns_msg_count(msg, ns_s_an);
    for (i = 0; i < l; i++) {
      ns_parserr(&msg, ns_s_an, i, &rr);
      ns_sprintrr(&msg, &rr, NULL, NULL, dispbuf, sizeof(dispbuf));
      printf("\t%s \n", dispbuf);
    }

    // NS RECORD
    printf("\nNS record(s):\n");
    l = res_query(argv[1], ns_c_any, ns_t_ns, nsbuf, sizeof(nsbuf));
    if (l < 0) perror(argv[1]);
    ns_initparse(nsbuf, l, &msg);
    l = ns_msg_count(msg, ns_s_an);
    for (i = 0; i < l; i++) {
      ns_parserr(&msg, ns_s_an, 0, &rr);
      ns_sprintrr(&msg, &rr, NULL, NULL, dispbuf, sizeof(dispbuf));
      printf("\t%s \n", dispbuf);
    }
    return 0;
}
Quote:
sysmgr@www:~$ ./a.out www.somewhere.com
Domain: www.somewhere.com

A record(s):
www.somewhere.com. 6H IN A 192.168.0.209

NS record(s):
www.somewhere.com. 6H IN NS localhost.
 
Old 09-05-2016, 11:23 AM   #2
gda
Member
 
Registered: Oct 2015
Posts: 130

Rep: Reputation: 27
Not sure I got your point fully so sorry if I misunderstood something...

It seems your domain is resolved by your local DNS in the private IP 192.168.0.209. Assuming this is really what you need (i.e. your Apache web server is accessible only from your internal LAN) the same name should not be resolved in any other public IP otherwise you may have inconsistency in the name resolution (as it seems you are having). I would configure your local DNS server (the one specified in the resolv.conf) to resolve the name of your Apache service to the public IP address of your router. In case it is not fixed (as I supposed in your case) you could implement dynamic DNS solution. Finally, on your router you should forward all the traffic on port 80 (or whatever is the port on which the Apache server is running) to 192.168.0.209.

I hope this helps!

Last edited by gda; 09-05-2016 at 11:27 AM.
 
Old 09-05-2016, 11:41 AM   #3
StirlingEngine
LQ Newbie
 
Registered: Jul 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks for your comment. Unfortunately, that is not feasible. Since the code is going into an Apache module that must work in many different configurations, tweaking this specific system's configuration is not a general solution.
 
Old 09-05-2016, 11:55 AM   #4
gda
Member
 
Registered: Oct 2015
Posts: 130

Rep: Reputation: 27
Ok I see. Anyway you have this problem only when the same name is resolved into two different IPs by two different DNS. Is this really useful? Would it be easier to use two different names?
 
Old 09-05-2016, 12:11 PM   #5
StirlingEngine
LQ Newbie
 
Registered: Jul 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by gda View Post
Would it be easier to use two different names?
I think the majority of web site maintainers would feel that an Apache module should not require changing the host system's name or resolver configuration.
 
Old 09-07-2016, 03:04 PM   #6
StirlingEngine
LQ Newbie
 
Registered: Jul 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Update: There is no solution to this problem other than correction of the Debian resolver library. The issue is therefore also present in (at least) Ubuntu.

The issue was introduced 10 years ago and was first reported in 2015.

Given that the bug is 10 years old, it took ten years to be noticed, the original report is now a year old and the bug priority has been reduced to "normal", it seems unlikely that there will be a solution in the near future.

The only workaround I see is to do a manual query of the desired nameservers, building the query from scratch and parsing it ditto.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Problem One or more of your nameservers did not respond nepalproxy Linux - Server 10 07-20-2012 11:40 AM
Missing nameservers reported by your nameservers sushantchawla2005 Linux - Server 6 02-02-2011 07:50 AM
[SOLVED] DNS problem - One or more of your nameservers did not respond zubinn Linux - Server 11 12-03-2010 03:38 AM
Problem with res_query() function. girish_hilage Linux - Networking 1 10-14-2004 10:03 AM
nameservers.... Config Linux - Networking 2 01-19-2003 06:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration