Ubuntu
systemd package

[PATCH] systemd-resolved can't follow more than 8 CNAMEs

  1. Focal (20.04)
  2. Bug #2024009
Bug #2024009 reported by Vincent Renardias
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Fix Released
Low
Unassigned
Focal
Triaged
Low
Unassigned

Bug Description

[Impact]

Using systemd-resolved to resolve a hostname which has more than 8 CNAME redirects will fail because of the hard-coded limit. While this case is somewhat rare, the original reporter demonstrated a real-world scenario where this happened (although that particular hostname seems to be fixed now).

[Test Plan]

This test plan uses a LXC container to test systemd-resolved on Focal. If LXD has not been configured on your system, start with:

$ lxd init --auto

Then, create a Focal container with:

$ lxc launch ubuntu-daily:focal focal

Install dnsmasq-base if needed:

$ apt install dnsmasq-base

Stop other DNS servers:

$ systemctl stop systemd-resolved
$ kill -9 $(pgrep dnsmasq)

Now, on the host start a new DNS server that listens on lxdbr0, and sets up an A record, and many CNAME records which ultimately redirect to the A record:

$ dnsmasq \
--cname=test10.lan,test9.lan \
--cname=test9.lan,test8.lan \
--cname=test8.lan,test7.lan \
--cname=test7.lan,test6.lan \
--cname=test6.lan,test5.lan \
--cname=test5.lan,test4.lan \
--cname=test4.lan,test3.lan \
--cname=test3.lan,test2.lan \
--cname=test2.lan,test1.lan \
--cname=test1.lan,test0.lan \
-k -i lxdbr0 -z -I lo --host-record=test0.lan,$IP

where $IP is any host on your network.

Now, obtain a shell in the Focal container:

$ lxc exec focal bash

Attempt to resolve test10.lan:

$ resolvectl query test10.lan
test10.lan: resolve call failed: CNAME loop detected, or CNAME resolving disabled on 'test2.lan'

On an affected system, the above error will be seen. On a patched system, the hostname should be resolved.

[Where problems could occur]

The patch simply increases the maximum CNAME redirects that are allowed from 8 to 16, so a reasonable limit is still imposed. If an application specifically relied on systemd-resolved's limit being at 8, then that application would potentially see new behavior.

[Original Description]

On Ubuntu 20.04 (systemd v245.4-4ubuntu3.21), hostname resolution only follows 8 CNAME redirections maximum.

So when using a service like Azure Virtual Desktop that has between 9 and 12 redirections, name resolution fails.

$ host client.wvd.microsoft.com
Host client.wvd.microsoft.com not found: 2(SERVFAIL)
$ resolvectl query client.wvd.microsoft.com
client.wvd.microsoft.com: resolve call failed: CNAME loop detected, or CNAME resolving disabled on 'waws-prod-zrh-ff7172dd.sip.p.azurewebsites.windows.net'

On the other hand it's working fine on Ubuntu 20.04 because CNAME loop limit has been raised from 8 to 16.

$ host client.wvd.microsoft.com
client.wvd.microsoft.com is an alias for client.privatelink-global.wvd.microsoft.com.
client.privatelink-global.wvd.microsoft.com is an alias for client.privatelink.wvd.microsoft.com.
client.privatelink.wvd.microsoft.com is an alias for rdweb.wvd.microsoft.com.
rdweb.wvd.microsoft.com is an alias for rdweb.privatelink-global.wvd.microsoft.com.
rdweb.privatelink-global.wvd.microsoft.com is an alias for rdweb.privatelink.wvd.microsoft.com.
rdweb.privatelink.wvd.microsoft.com is an alias for rdweb-prod-geo.trafficmanager.net.
rdweb-prod-geo.trafficmanager.net is an alias for mrs-chnor1c101-rdweb-prod.wvd-ase-chnor1c101-prod.p.azurewebsites.net.
mrs-chnor1c101-rdweb-prod.wvd-ase-chnor1c101-prod.p.azurewebsites.net is an alias for waws-prod-zrh-63daa049.sip.p.azurewebsites.windows.net.
waws-prod-zrh-63daa049.sip.p.azurewebsites.windows.net is an alias for waws-prod-zrh-63daa049.cloudapp.net.
waws-prod-zrh-63daa049.cloudapp.net has address 51.107.69.35

Here's a quick fix that raises the max CNAME limit from 8 to 16 like it is in Ubuntu 22.04, it fixes the problem for me.

Best regards,
Vincent.

--- systemd-245.4.ORIG/src/resolve/resolved-dns-query.c 2023-06-15 16:58:25.454156663 +0200
+++ systemd-245.4/src/resolve/resolved-dns-query.c 2023-06-01 14:30:09.000000000 +0200
@@ -10,7 +10,7 @@
 #include "resolved-etc-hosts.h"
 #include "string-util.h"

-#define CNAME_MAX 8
+#define CNAME_MAX 16
 #define QUERIES_MAX 2048
 #define AUXILIARY_QUERIES_MAX 64

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: systemd 249.11-0ubuntu3.9 [modified: usr/lib/sysctl.d/50-default.conf]
ProcVersionSignature: Ubuntu 5.19.0-42.43~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-42-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 15 16:53:19 2023
InstallationDate: Installed on 2022-11-22 (205 days ago)
InstallationMedia: Error: [Errno 13] Permission denied: '/var/log/installer/media-info'
MachineType: Dell Inc. Latitude 5591
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.19.0-42-generic root=/dev/mapper/AmadeUbuntu22-root ro apparmor=1 security=apparmor audit=1 acpi_rev_override load_nvme=YES nouveau.modeset=0 dis_ucode_ldr quiet splash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/21/2022
dmi.bios.release: 1.25
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.25.0
dmi.board.name: 0DVVG1
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 10
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.25.0:bd11/21/2022:br1.25:svnDellInc.:pnLatitude5591:pvr:rvnDellInc.:rn0DVVG1:rvrA00:cvnDellInc.:ct10:cvr:sku0819:
dmi.product.family: Latitude
dmi.product.name: Latitude 5591
dmi.product.sku: 0819
dmi.sys.vendor: Dell Inc.
modified.conffile..etc.cron.daily.apport: [deleted]
mtime.conffile..etc.systemd.journald.conf: 2022-11-22T13:40:37.558934

See original description

Related branches

~enr0n/ubuntu/+source/systemd:ubuntu-focal
Lukas Märdian: Pending requested
Diff: 391 lines (+345/-0)
7 files modified
debian/changelog (+24/-0)
debian/patches/lp1837227-core-mount-adjust-deserialized-state-based-on-proc-self-m.patch (+119/-0)
debian/patches/lp1969365-Fall-back-to-kexec-when-no-kexec-binary-exists.patch (+28/-0)
debian/patches/lp2024009-dns-query-bump-CNAME_MAX-to-16.patch (+24/-0)
debian/patches/lp2029352-test-ignore-LXC-filesystem-when-checking-for-writable-loc.patch (+29/-0)
debian/patches/lp2037281-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switching-roo.patch (+116/-0)
debian/patches/series (+5/-0)
Revision history for this message
Vincent Renardias (tqag-uin4enl-c1ud) wrote :
tags: added: focal
removed: jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Nick Rosbrook (enr0n) wrote :

I confirmed this in a Focal container:

root@focal:~# resolvectl query client.wvd.microsoft.com
client.wvd.microsoft.com: resolve call failed: CNAME loop detected, or CNAME resolving disabled on 'waws-prod-yq1-4474575f.sip.p.azurewebsites.windows.net'

This limit has in fact been increased to 16 upstream, which is the case for Jammy and newer (https://github.com/systemd/systemd/blob/34c4496ef2711d2a924e6f88fe3ff31cda080115/src/resolve/resolved-dns-query.c#LL17C12-L17C12).

I don't think this will be prioritized, but I don't see why it can't be fixed in a future SRU.

Changed in systemd (Ubuntu Focal):
status: New → Triaged
importance: Undecided → Low
Changed in systemd (Ubuntu):
importance: Undecided → Low
status: Confirmed → Fix Released
tags: added: systemd-sru-next
Nick Rosbrook (enr0n)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.