Behavior change of nslookup with NXDOMAIN in 3.13 (#12358) · Issues · alpine / aports

Behavior change of nslookup with NXDOMAIN in 3.13

Hello,

I'm encountering a strange issue after switching to Alpine 3.13. I am running Alpine containers on LXD, and containers are unable to resolve local hostnames after upgrade.

After investigation, it looks like nslookup is now returning non-zero when unable to resolve IPv6 (NXDOMAIN received).

Is it expected? Does the problem come from LXD (which uses dnsmasq internally)? Thanks a lot for your help!

Here is the full log:

Alpine 3.12

~ # apk list -I
busybox-initscripts-3.2-r2 armhf {busybox-initscripts} (GPL-2.0-only) [installed]
musl-1.1.24-r10 armhf {musl} (MIT) [installed]
alpine-conf-3.9.0-r1 armhf {alpine-conf} (MIT) [installed]
busybox-suid-1.31.1-r19 armhf {busybox} (GPL-2.0-only) [installed]
zlib-1.2.11-r3 armhf {zlib} (Zlib) [installed]
apk-tools-2.10.5-r1 armhf {apk-tools} (GPL-2.0-only) [installed]
musl-utils-1.1.24-r10 armhf {musl} (MIT BSD GPL2+) [installed]
libssl1.1-1.1.1i-r0 armhf {openssl} (OpenSSL) [installed]
alpine-baselayout-3.2.0-r7 armhf {alpine-baselayout} (GPL-2.0-only) [installed]
alpine-keys-2.2-r0 armhf {alpine-keys} (MIT) [installed]
busybox-1.31.1-r19 armhf {busybox} (GPL-2.0-only) [installed]
scanelf-1.2.6-r0 armhf {pax-utils} (GPL-2.0-only) [installed]
alpine-base-3.12.3-r0 armhf {alpine-base} (MIT) [installed]
ca-certificates-bundle-20191127-r4 armhf {ca-certificates} (MPL-2.0 GPL-2.0-or-later) [installed]
libc-utils-0.7.2-r3 armhf {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
libtls-standalone-2.9.1-r1 armhf {libtls-standalone} (ISC) [installed]
ssl_client-1.31.1-r19 armhf {busybox} (GPL-2.0-only) [installed]
libcrypto1.1-1.1.1i-r0 armhf {openssl} (OpenSSL) [installed]
openrc-0.42.1-r11 armhf {openrc} (BSD-2-Clause) [installed]

~ # nslookup web
Server:         10.1.9.1
Address:        10.1.9.1:53

** server can't find web.moria2: NXDOMAIN

Name:   web.moria2
Address: 10.1.8.242

~ # echo $?
0

~ # ping web
PING web (10.1.8.242): 56 data bytes
64 bytes from 10.1.8.242: seq=0 ttl=64 time=1.240 ms
64 bytes from 10.1.8.242: seq=1 ttl=64 time=1.163 ms
64 bytes from 10.1.8.242: seq=2 ttl=64 time=1.078 ms
^C
--- web ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.078/1.160/1.240 ms

TCP Dump Log

10:37:15.615509 IP 10.1.9.16.49631 > 10.1.9.1.53: 31506+ A? web.moria2. (28)
10:37:15.616196 IP 10.1.9.16.49631 > 10.1.9.1.53: 36715+ AAAA? web.moria2. (28)
10:37:15.617189 IP 10.1.9.1.53 > 10.1.9.16.49631: 36715 NXDomain 0/0/0 (28)
10:37:15.619423 IP 10.1.9.1.53 > 10.1.9.16.49631: 31506* 1/0/0 A 10.1.8.242 (54)
10:37:15.619939 IP 10.1.9.16 > 10.1.8.242: ICMP echo request, id 15105, seq 0, length 64
10:37:15.621099 IP 10.1.8.242 > 10.1.9.16: ICMP echo reply, id 15105, seq 0, length 64
10:37:16.620249 IP 10.1.9.16 > 10.1.8.242: ICMP echo request, id 15105, seq 1, length 64
10:37:16.621303 IP 10.1.8.242 > 10.1.9.16: ICMP echo reply, id 15105, seq 1, length 64
10:37:17.620533 IP 10.1.9.16 > 10.1.8.242: ICMP echo request, id 15105, seq 2, length 64
10:37:17.621517 IP 10.1.8.242 > 10.1.9.16: ICMP echo reply, id 15105, seq 2, length 64

Alpine 3.13

~ # apk list -I
busybox-initscripts-3.2-r2 armhf {busybox-initscripts} (GPL-2.0-only) [installed]
musl-1.2.2-r0 armhf {musl} (MIT) [installed]
alpine-conf-3.11.0-r2 armhf {alpine-conf} (MIT) [installed]
busybox-suid-1.32.1-r2 armhf {busybox} (GPL-2.0-only) [installed]
zlib-1.2.11-r3 armhf {zlib} (Zlib) [installed]
apk-tools-2.12.1-r0 armhf {apk-tools} (GPL-2.0-only) [installed]
ifupdown-ng-0.10.2-r2 armhf {ifupdown-ng} (ISC) [installed]
musl-utils-1.2.2-r0 armhf {musl} (MIT BSD GPL2+) [installed]
libssl1.1-1.1.1i-r0 armhf {openssl} (OpenSSL) [installed]
alpine-baselayout-3.2.0-r8 armhf {alpine-baselayout} (GPL-2.0-only) [installed]
alpine-keys-2.2-r0 armhf {alpine-keys} (MIT) [installed]
busybox-1.32.1-r2 armhf {busybox} (GPL-2.0-only) [installed]
scanelf-1.2.8-r0 armhf {pax-utils} (GPL-2.0-only) [installed]
alpine-base-3.13.0-r0 armhf {alpine-base} (MIT) [installed]
ca-certificates-bundle-20191127-r5 armhf {ca-certificates} (MPL-2.0 AND MIT) [installed]
libc-utils-0.7.2-r3 armhf {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
libtls-standalone-2.9.1-r1 armhf {libtls-standalone} (ISC) [installed]
ssl_client-1.32.1-r2 armhf {busybox} (GPL-2.0-only) [installed]
libcrypto1.1-1.1.1i-r0 armhf {openssl} (OpenSSL) [installed]
openrc-0.42.1-r19 armhf {openrc} (BSD-2-Clause) [installed]

~ # nslookup web
Server:         10.1.9.1
Address:        10.1.9.1:53

** server can't find web.moria2: NXDOMAIN

Name:   web.moria2
Address: 10.1.8.242

~ # echo $?
1

~ # ping web
ping: bad address 'web'

TCP Dump Log

10:41:05.106448 IP 10.1.9.253.58333 > 10.1.9.1.53: 29384+ A? web.moria2 (28)
10:41:05.106530 IP 10.1.9.253.58333 > 10.1.9.1.53: 32342+ AAAA? web.moria2. (28)                                                    
10:41:05.107455 IP 10.1.9.1.53 > 10.1.9.253.58333: 32342 NXDomain 0/0/0 (28)     
10:41:05.109138 IP 10.1.9.1.53 > 10.1.9.253.58333: 29384* 1/0/0 A 10.1.8.242 (54)
10:41:05.109266 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)   
10:41:05.109320 IP 10.1.9.253.50466 > 10.1.9.1.53: 54585+ AAAA? web. (21)
10:41:05.109677 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:05.109778 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)
10:41:05.109794 IP 10.1.9.1.53 > 10.1.9.253.50466: 54585 ServFail 0/0/0 (21)
10:41:05.109828 IP 10.1.9.253.50466 > 10.1.9.1.53: 54585+ AAAA? web. (21)
10:41:05.110076 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:05.110129 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)
10:41:05.110172 IP 10.1.9.1.53 > 10.1.9.253.50466: 54585 ServFail 0/0/0 (21)
10:41:05.110216 IP 10.1.9.253.50466 > 10.1.9.1.53: 54585+ AAAA? web. (21)
10:41:05.110414 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:05.110521 IP 10.1.9.1.53 > 10.1.9.253.50466: 54585 ServFail 0/0/0 (21)
10:41:07.612186 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)
10:41:07.612296 IP 10.1.9.253.50466 > 10.1.9.1.53: 54585+ AAAA? web. (21)
10:41:07.613157 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:07.613324 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)
10:41:07.613494 IP 10.1.9.1.53 > 10.1.9.253.50466: 54585 ServFail 0/0/0 (21)
10:41:07.613807 IP 10.1.9.253.50466 > 10.1.9.1.53: 54585+ AAAA? web. (21)
10:41:07.614171 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:07.614320 IP 10.1.9.253.50466 > 10.1.9.1.53: 50960+ A? web. (21)
10:41:07.615134 IP 10.1.9.1.53 > 10.1.9.253.50466: 50960 ServFail 0/0/0 (21)
10:41:07.615427 IP 10.1.9.1.53 > 10.1.9.253.50466: 54585 ServFail 0/0/0 (21)

Edited Jan 27, 2021 by Lesterpig

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information