Some DNS Lookups Fail on Jammy Stemcells
search cancel

Some DNS Lookups Fail on Jammy Stemcells

book

Article ID: 394678

calendar_today

Updated On:

Products

VMware Tanzu Platform VMware Tanzu Application Service for VMs

Issue/Introduction

Applications and other processes running on Jammy stemcells might not be able to resolve certain DNS names, even though tools such as dig and nslookup can resolve them successfully.

This issue has been observed with CNAME records that point to a wildcard (*) domain. It may also happen with other special characters.

Below is an example of a DNS name that nslookup can resolve, but nc returns a system error:

diego_cell/########-####-####-####-############:~$ nslookup test.example.com
Server:		#.#.#.#
Address:	#.#.#.#53

test.example.com	canonical name = *.example.com.
Name:	*.example.com
Address: 192.168.#.#

diego_cell/########-####-####-####-############:~$ nc -vzw2 test.example.com 443
nc: getaddrinfo for host "test.example.com" port 443: System error

Environment

Jammy Stemcells

Cause

This is caused by a bug in the getaddrinfo function in glibc v2.35, the version used by Ubuntu Jammy

It was fixed in the upstream version of glibc v2.35, but not in the Ubuntu version yet

Resolution

The fix is waiting on Ubuntu and there is no ETA currently.

Since the bug only seems to affect CNAME records that point to domains with a special character in them, you can work around the issue on your DNS server.

Below is an example bind9 config that will hit the bug (CNAME *.apps.example.com):

;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	example.com. root.example.com. (
			      4		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	example.com.
@	IN	A	192.168.#.#
@	IN	AAAA	::1
ns      IN      A       192.168.#.#
test.example.com.         IN      CNAME   *.apps.example.com.
*.apps.example.com.         IN      A  192.168.#.#

 

To work around the issue, change the CNAME wildcard record to something else that will work for your environment. Below is just an example of one way to get around the bug, the exact config will depend on your DNS server and network.

Working Example (changed CNAME *.apps.example.com to CNAME test.apps.example.com):

;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	example.com. root.example.com. (
			      4		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	example.com.
@	IN	A	192.168.#.#
@	IN	AAAA	::1
ns      IN      A       192.168.#.#
test.example.com.         IN      CNAME   test.apps.example.com.
*.apps.example.com.         IN      A  192.168.#.#

Additional Information

Powered by Wolken Software