glibc upgrade to 2-10.1-2 breaks dns for some programs

perseus · 2009-05-24 23:29:30

Sorry for the vagueness of the title.

An hour ago I did a pacman -Syu which (amongst other upgrades), upgraded glibc (2.9-7 -> 2.10.1-2). dns immediately stopped working in xchat and in the MUA sylpheed (which I self compile). It seemed to be ok in other programs such as firefox.

I don't understand of how glibc would cause the problem, but it seemed the most likely culprit so I rolled back - I also
had to roll back the binutils upgrade (2.19.1-2 -> 2.19.1-3) because it depends on the later glibc.

dns began to work again. I don't know if this is an issue specific to my system, or if I ought to file a bug report, and if so under which programs. For the sake of completeness I will show the full list of upgrades on that -Syu :

[2009-05-24 21:36] starting full system upgrade
[2009-05-24 21:54] upgraded kernel-headers (2.6.29.1-1 -> 2.6.29.3-1)
[2009-05-24 21:54] warning: /etc/locale.gen installed as /etc/locale.gen.pacnew
[2009-05-24 21:54] Generating locales...
[2009-05-24 21:54] en_GB.UTF-8... done
[2009-05-24 21:54] en_GB.ISO-8859-1... done
[2009-05-24 21:54] Generation complete.
[2009-05-24 21:54] upgraded glibc (2.9-7 -> 2.10.1-2)
[2009-05-24 21:54] upgraded binutils (2.19.1-2 -> 2.19.1-3)
[2009-05-24 21:54] upgraded dbus-core (1.2.4.6permissive-1 -> 1.2.14-1)
[2009-05-24 21:54] upgraded dbus (1.2.4.6permissive-1 -> 1.2.14-1)
[2009-05-24 21:54] upgraded gcc-libs (4.4.0-1 -> 4.4.0-2)
[2009-05-24 21:54] upgraded gcc (4.4.0-1 -> 4.4.0-2)
[2009-05-24 21:54] upgraded glib2 (2.20.1-1 -> 2.20.2-1)
[2009-05-24 21:54] upgraded gmp (4.2.4-1.1 -> 4.3.1-2)
[2009-05-24 21:54] upgraded man-pages (3.20-2 -> 3.21-1)
[2009-05-24 21:54] upgraded sqlite3 (3.6.14-1 -> 3.6.14.1-1)
[2009-05-24 21:54] upgraded subversion (1.6.2-2 -> 1.6.2-3)

bangkok_manouel · 2009-05-25 01:17:27

http://www.mail-archive.com/arch-dev-pu … 08010.html

yetanothergeek · 2009-05-25 06:52:57

I am having similar problems here. It seems that programs
that only use ipv4 still work fine, but programs that try
to use ipv6 fail. Firefox, curl and and wget all have
options to force ipv4, so I just enabled that for now,
until somebody comes up with a better solution.
But some programs (e.g. pidgin) are still not working.

I tried running nscd and enabling the "single-request"
option in /etc/resolv.conf as suggested at:
http://udrepper.livejournal.com/20948.htm
but neither of them made any difference.

Also, I don't really understand what Ulrich Drepper
means when he says: "For F11 I've added a work-around
for broken servers" does he mean he added the workaround
to glibc itself, or is this some patch that Fedora uses
and maybe Arch doesn't have it?

perseus · 2009-05-25 09:17:19

Thanks for the link bangkok_manouel.

I am totally confused though, and would very much appreciate help. Like yetanothergeek, I can't work out whether this fix is specific to Fedora, but it looks like it is. It says that the fix gives rise to a delay, once per process start, and explains ways to deal with that. My problem isn not delay, however, but a total lookup failure.

I dont understand very much about dns. I have an Alcatel SpeedTouch router (with firewall), on which I specify dns servers. Is the problem due to the dns / firewall on the router being broken? Is there anything I can do about that?

bangkok_manouel · 2009-05-25 10:10:17

I had this problem before and followed some advice from Jan to solve that issue.

JGC wrote:

I "fixed" this problem by installing pdns-recursor, binding it to 127.0.0.1 and pointing resolv.conf to this.

Now I've becomed tired of this issue and just switched all my machines to opendns. Works great.

perseus · 2009-05-25 10:44:57

Thanks bangkok_manouel - I can't say that I understand, but I guess I will play around a little.

I used to run pdnsd then one day dns failed and I found that I could fix the problem by not using it. I even posted here about it. I am beginning to think that it was due to a glibc upgrade too.

cb474 · 2009-05-26 08:14:01

I saw this problem in Debian and found it totally aggravating and was so happy to be rid of it when I came to Arch. But now it's back, sigh.

I also have found that the "options single-request" work-around in resolv.conf does not help. I don't really understand how to use nscd. At home at least, I've solved the problem by manually setting the DNS servers (for my IP) in my router. Of course, since I'm on a laptop, this does not necessarily help my when I'm in other locations, depending on whether their routers are set up properly or not.

It's hard for me to believe that this is considered an acceptable way for glibc to work. I understand that the root problem may be routers not being set up in an ideal fashion. But there are a lot of routers out there like this and dhcp ought to be able to automatically configure things and have it work.

Last edited by cb474 (2009-05-26 08:14:57)

bangkok_manouel · 2009-05-26 08:30:55

cb474 wrote:

Of course, since I'm on a laptop, this does not necessarily help my when I'm in other locations, depending on whether their routers are set up properly or not.

easiest solution, just use opendns and set this up system wise (see /etc/resolv.conf). if you're using netcfg for example, just point the DNS value to opendns servers. then, wherever you are/are connected to, you'll always use opendns and won't have any problem.

It's hard for me to believe that this is considered an acceptable way for glibc to work. I understand that the root problem may be routers not being set up in an ideal fashion. But there are a lot of routers out there like this and dhcp ought to be able to automatically configure things and have it work.

I guess you're mixing things a bit. It's not a matter of dhcp or routers but a matter of broken dns'.

Last edited by bangkok_manouel (2009-05-26 08:31:48)

cb474 · 2009-05-26 09:06:33

bangkok_manouel wrote:

I guess you're mixing things a bit. It's not a matter of dhcp or routers but a matter of broken dns'.

Maybe I'm getting it wrong, but my understanding from the explanation here (http://udrepper.livejournal.com/20948.html) is that this has to do with how DNS servers are set up in routers (mostly with cable/dsl modems). Ulrich Drepper explains:

The problem with this change was that there are broken DNS servers and broken firewall configurations which prevented the two results from being received successfully. Some broken DNS servers (especially those in cable modems etc) only send one reply.

Of cousre, it's not a problem if you set your DNS server manually, like using OpenDNS as you suggest. It's only a problem if you let dhcp configure your connection, because dhcp then generates the resolv.conf to assign DNS servers and depending on what information dhcp gets from the router this either works or doesn't. So it is a combination of circumstances of a minconfigured router and using dhcp that creates this problem. But maybe I'm missing something.

That said, I don't really like the OpenDNS solution. That's what I was doing on my Debian system. But I don't like OpenDNS and don't want to use it. What's more, it doesn't seem to me like glibc in order to work with dhcp should require eveyone to set their DNS servers to OpenDNS. That would de facto almost make OpenDNS the required DNS server of Linux, wouldn't it? There's just got to be a better solution. What confuses me, is why the "options single-request" work-around doesn't work for some people, such as myself.

Last edited by cb474 (2009-05-26 09:08:37)

bangkok_manouel · 2009-05-26 09:31:17

cb474 wrote:

bangkok_manouel wrote:
I guess you're mixing things a bit. It's not a matter of dhcp or routers but a matter of broken dns'.
Maybe I'm getting it wrong, but my understanding from the explanation here (http://udrepper.livejournal.com/20948.html) is that this has to do with how DNS servers are set up in routers (mostly with cable/dsl modems). Ulrich Drepper explains:
The problem with this change was that there are broken DNS servers and broken firewall configurations which prevented the two results from being received successfully. Some broken DNS servers (especially those in cable modems etc) only send one reply.
Of cousre, it's not a problem if you set your DNS server manually, like using OpenDNS as you suggest. It's only a problem if you let dhcp configure your connection, because dhcp then generates the resolv.conf to assign DNS servers and depending on what information dhcp gets from the router this either works or doesn't. So it is a combination of circumstances of a minconfigured router and using dhcp that creates this problem. But maybe I'm missing something.
That said, I don't really like the OpenDNS solution. That's what I was doing on my Debian system. But I don't like OpenDNS and don't want to use it. What's more, it doesn't seem to me like glibc in order to work with dhcp should require eveyone to set their DNS servers to OpenDNS. That would de facto almost make OpenDNS the required DNS server of Linux, wouldn't it? There's just got to be a better solution. What confuses me, is why the "options single-request" work-around doesn't work for some people, such as myself.

Again it's not a matter of using dhcp, I'm not using it and am having this issue. Then, openDNS won't be the standard for linux but an easy solution for linux users actually using _broken_ dns servers, many archers and linux users won't ever notice this problem. Lastly, even if I understand you'd like to solve it the other way, just FTR, there are many dns servers available other than openDNS.

edit/ I was trying to check Ulrich's workarounds but "single-request" doesn't seem to be a valid option according to man resolv.conf

Last edited by bangkok_manouel (2009-05-26 09:43:15)

cb474 · 2009-05-26 10:48:49

Okay, well I stand corrected, although I'm having trouble imagining how you're having this problem without using dhcp (I mean, I believe you, I just don't get it). Also do you understand in what sense the DNS server in my router or dsl modem is "broken" then? Since this worked fine with the old version of glibc and (for what it's worth) with Windows.

It still does seem to me since there is a whole world of "broken" dns servers in routers/cable-dsl modems out there, that having this not work without some sort of work-around like the OpenDNS trick is not really a great solution. Practically speaking the effect is more to make Linux seem broken, than the other way around. You can't make the whole world conform to how glibc would like it to be.

bangkok_manouel · 2009-05-26 11:05:19

except if you're running your own dns server, which i doubt because i guess you'd know it, it's your ISP dns servers that are broken, it has most likely nothing to do with your local network "setup" (router, etc...)

cb474 · 2009-05-26 11:11:41

Hmm, but I can fix the problem by manually assigning the DNS server of my IP either in resolv.conf or in my router (effectively doing the same thing I would do if I were going to use OpenDNS). If I do this it works fine with no other work-around. Doesn't this indicate there's nothing wrong with my IP's DNS server?

If I don't assign my IP's DNS server manually, dhcp configures resolv.conf to assign the DNS server as the address for my router, which in turn assigns the DNS server as the address for my dsl modem, which in turn contains the correct addresses for my IP DNS servers (and again that setup worked fine with the old version of glibc).

P.S. Also, isn't that what Ulrich says, that it's the DNS servers in cable modems that's the problem?

Last edited by cb474 (2009-05-26 11:14:57)

bangkok_manouel · 2009-05-26 11:24:00

cb474 wrote:

Hmm, but I can fix the problem by manually assigning the DNS server of my IP either in resolv.conf or in my router (effectively doing the same thing I would do if I were going to use OpenDNS). If I do this it works fine with no other work-around. Doesn't this indicate there's nothing wrong with my IP's DNS server?
If I don't assign my IP's DNS server manually, dhcp configures resolv.conf to assign the DNS server as the address for my router, which in turn assigns the DNS server as the address for my dsl modem, which in turn contains the correct addresses for my IP DNS servers

Aww ok, that's more clear. Well it looks like your ISP dns servers are ok and that, indeed, the problem may come from your setup and that means I have no idea how to help :-P

(and again that setup worked fine with the old version of glibc).

FTR, previous glibc version was patched to avoid this issue.

yetanothergeek · 2009-05-27 02:36:40

cb474 wrote:

I can fix the problem by manually assigning the DNS server
of my IP either in resolv.conf...

Excellent. I tried this and it works like a charm here!

Apparently the problem is not with the ISP's DNS servers, but my
DSL modem (a Motorola Netopia 2210) is acting as a "DNS proxy"
that is taking valid responses from the server and transforming
them into buggy responses for the client. Setting resolv.conf
to bypass the modem's internal DNS proxy solves the problem.

Thanks to all for the help!

Spider · 2009-05-30 19:07:05

Thanks. The solution with the internet provider DNS IPs in the /etc/resolv.conf did the trick for me.
Nerve-racking problem though, took me long time to figure it out as I had no roll back possibilites on my system.

ataraxia · 2009-05-30 23:15:49

I have this problem. It breaks with my Linksys box (a really old one from before they were a Cisco brand) and it also breaks when i go directly to my ISP's (Comcast) DNS servers. It works fine with the nice DNS servers used at work (Bind 9).

OpenDNS doesn't work for me since I have multiple search domains, and it returns its bogus "not found" IP after the resolver client tries the first search domain. I never get to look anything up in any of the rest of the search domains.

Setting "options single-request" in resolv.conf fixes it for me. For those of you who can't use this easily because DHCP clients overwrite resolv.conf, Dreppich gives two other suggestions:

- Run nscd. This is really nice and easy, since it comes in the glibc package and has an initscript. Just put "nscd" in DAEMONS and enjoy a properly working resolver that has the added bonus of caching lookups for you. You don't even have to tell it when you change resolv.conf any more - it will pickit up with inotify. Note that the very first DNS lookup that nscd does after you start it up will be slow - it has to test once before I figures out to use the "single-request" behavior.

- Run your own DNS server. Seems like overkill since nscd works so well, but Bind 9 is certainly available if you want to run it, and it does work right with the current resolver client.

yetanothergeek · 2009-05-30 23:44:32

ataraxia wrote:

For those of you who can't use this easily because DHCP clients overwrite resolv.conf...

Note also that for dhcpcd, you can prevent it from clobbering your resolv.conf by starting it manually with the "-C resolv.conf" option.
Or you can create a file named "/etc/resolv.conf.head" and add the "options single-request" to that file instead.

Arch Linux

#1 2009-05-24 23:29:30

glibc upgrade to 2-10.1-2 breaks dns for some programs

#2 2009-05-25 01:17:27

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#3 2009-05-25 06:52:57

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#4 2009-05-25 09:17:19

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#5 2009-05-25 10:10:17

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#6 2009-05-25 10:44:57

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#7 2009-05-26 08:14:01

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#8 2009-05-26 08:30:55

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#9 2009-05-26 09:06:33

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#10 2009-05-26 09:31:17

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#11 2009-05-26 10:48:49

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#12 2009-05-26 11:05:19

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#13 2009-05-26 11:11:41

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#14 2009-05-26 11:24:00

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#15 2009-05-27 02:36:40

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#16 2009-05-30 19:07:05

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#17 2009-05-30 23:15:49

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

#18 2009-05-30 23:44:32

Re: glibc upgrade to 2-10.1-2 breaks dns for some programs

Board footer