Skip to content

resolv.conf parsing eats lines if more than 3 nameservers set

Summary

The resolv.conf parsing used in nslookup eats the lines of resolv.conf if there are more than 3 nameservers defined in resolv.conf. This means that if there is an even number of nameservers defined, the first line following the nameservers gets silently eaten and ignored.

BIND version used

Identified on CentOS 9 stream, confirmed from git on gentoo:

BIND 9.19.14-dev (Development Release) <id:562697e>
running on Linux x86_64 6.2.9-gentoo #2 SMP PREEMPT_DYNAMIC Mon May  1 09:27:12 BST 2023
built by make with default
compiled by GCC 13.1.0
compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.14.0
compiled with libnghttp2 version: 1.52.0
linked to libnghttp2 version: 1.52.0
compiled with libxml2 version: 2.11.3
linked to libxml2 version: 21103
compiled with json-c version: 0.16
linked to json-c version: 0.16
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): no

default paths:
  named configuration:  /usr/local/etc/named.conf
  rndc configuration:   /usr/local/etc/rndc.conf
  nsupdate session key: /usr/local/var/run/named/session.key
  named PID file:       /usr/local/var/run/named/named.pid
  named lock file:      /usr/local/var/run/named/named.lock

Steps to reproduce

Create resolv.conf with 4/6/8 nameserver entries, and a search line immediately after the last nameserver entry, e.g.:

nameserver 8.8.8.8
nameserver 8.8.8.8
nameserver 8.8.8.8
nameserver 8.8.8.8
search google.com

Run nslookup for a name that relies on the search line.

nslookup www

What is the current bug behavior?

nslookup returns NXDOMAIN (typically)

# nslookup www
Server:		8.8.8.8
Address:	8.8.8.8#53

** server can't find www: NXDOMAIN

What is the expected correct behavior?

nslookup should search the domains and find the relevant record

$ ./bin/dig/nslookup www
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	www.google.com
Address: 172.217.16.228
Name:	www.google.com
Address: 2a00:1450:4009:820::2004

Relevant configuration files

/etc/resolv.conf posted above

Relevant logs and/or screenshots

Possible fixes

Edited by Robert Bridge
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information