Ignores port in nameserver statement, always connect to port 1 #7
Comments
|
I've since discovered that specifying the port depend on c-ares/c-ares#19 , which isn't merged upstream and not included in the Debian package. |
|
I had a closer look, and suspect there might be another problem in addition to the missing port support. Valgrind reported use of uninitialized values which went away when I used memset(&options, 0, sizeof(options)); in nssrs_resolver_by_servers(), and now the port number always were zero in the connect() call. So I guess there is port support there, but not functioning port support. Checking the struct ares_options declaration in /usr/include/ares.h, I see both tcp_port and udp_port, and setting those to the ports used by the Tor daemon make DNS lookup succeed. So I guess the problem is in the ares_set_servers_csv() call. |
|
@petterreinholdtsen I tried to reproduce this issue but here it doesn't happen (I'm using Debian 8.2): # /etc/resolver/onion
nameserver 127.0.0.1:5300Then I started a $ dnsmasq --bind-interfaces -p 5300 --no-daemon --address=/onion/127.0.0.1Trying to ping: $ ping vwakviie2ienjx6t.onion
PING vwakviie2ienjx6t.onion (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.033 msSo, just checking: in order to build $ sudo apt-get update -y && sudo apt-get install clang scons wget make binutils;
$ sudo scons local-installIt will generate and install Then you have to update your $ sudo sed -i -re 's/^(hosts: .*files)(.*)$/\1 resolver\2/' /etc/nsswitch.confThen your i.e., Then you have to create a $ sudo mkdir -p /etc/resolver
$ echo "nameserver 127.0.0.1:5300" | sudo tee -a /etc/resolver/onionI recommend you to test it using $ sudo apt-get update && sudo apt-get install dnsmasq
$ dnsmasq --bind-interfaces -p 5300 --no-daemon --address=/onion/127.0.0.1Then, try to ping it: $ ping vwakviie2ienjx6t.onion
PING vwakviie2ienjx6t.onion (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.033 msIf you are able to ping it, the this is correct and your Please test it with your Tor daemon for DNS lookup as well and let me know if that works! :) |
Hi. I built libnss-resolver on Debian Jessie, using the libcmocka and libcares libraries included in Debian, as I hope to get the source in shape for an upload into Debian, but ran into a strange problem. I try to direct *.onion addresses to the Tor daemon for DNS lookup, but when I specify port 5300 in /etc/resolver/onion, it is ignored and the connection go to port 1 instead. When I change the Tor daemon to listen on port 1 instead, the lookup work. See this example:
root@minerva:/etc# ping vwakviie2ienjx6t.onion
[ DEBUG ] src/nssrs.c:79: Query libnss-resolver: /etc/resolver - vwakviie2ienjx6t.onion
[ DEBUG ] src/resolver.c:138: resolver file: /etc/resolver/onion
[ DEBUG ] src/files.c:105: cline: nameserver 127.0.0.1:5300 - size: 25
[ DEBUG ] src/resolver.c:141: resolver servers: 127.0.0.1:5300
[ DEBUG ] src/resolver.c:42: list size: 0
[ DEBUG ] src/resolver.c:42: list size: 1
[ DEBUG ] src/resolver.c:153: ip: 10.213.192.215
PING vwakviie2ienjx6t.onion (10.213.192.215) 56(84) bytes of data.
^C
--- vwakviie2ienjx6t.onion ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11088ms
root@minerva:/etc# strace ping vwakviie2ienjx6t.onion 2>&1 |grep connect
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_INET, sin_port=htons(1), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
connect(4, {sa_family=AF_INET, sin_port=htons(1025), sin_addr=inet_addr("10.213.192.215")}, 16) =0
^C
root@minerva:/etc#
Notice how the third connect() call is using sin_port 1, not 5300.
The text was updated successfully, but these errors were encountered: