14961 – nslookup prints one of A or AAAA records based on which was received first

Bug 14961 - nslookup prints one of A or AAAA records based on which was received first

Summary: nslookup prints one of A or AAAA records based on which was received first

Status:	NEW

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Networking (show other bugs)
Version:	1.34.x
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-08-12 02:14 UTC by Brandon Adams
Modified:	2022-08-12 02:14 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brandon Adams 2022-08-12 02:14:54 UTC

While troubleshooting some DNS issues I found that the nslookup utility would sometimes return only a set of IPv6 addresses. This behavior was inconsistent. Sometimes only IPv6 addresses would be printed, sometimes only IPv4, 

Being unfamiliar with Busybox, I pulled up the nslookup man page and saw that the default behavior was to lookup "A and then AAAA."

Based on that I thought that perhaps our DNS server was misbehaving and sporadically returning NXDOMAIN, or timing out, so fired up tcpdump to see what was happening. Here's an example dump where nslookup printed just the AAAA record:

------------
01:20:48.401951 IP 10.4.36.53.40450 > 172.20.0.10.domain: 18432+ A? purple.com. (28)
01:20:48.401997 IP 10.4.36.53.40450 > 10.4.59.5.domain: 18432+ A? purple.com. (28)
01:20:48.402026 IP 10.4.36.53.40450 > 172.20.0.10.domain: 18432+ AAAA? purple.com. (28)
01:20:48.402037 IP 10.4.36.53.40450 > 10.4.59.5.domain: 18432+ AAAA? purple.com. (28)
01:20:48.402465 IP 10.4.59.5.domain > 10.4.36.53.40450: 18432 2/0/0 AAAA 2606:4700::6812:1dca, AAAA 2606:4700::6812:1cca (104)
01:20:48.402482 IP 172.20.0.10.domain > 10.4.36.53.40450: 18432 2/0/0 AAAA 2606:4700::6812:1dca, AAAA 2606:4700::6812:1cca (104)
01:20:48.404806 IP 10.4.59.5.domain > 10.4.36.53.40450: 18432 2/0/0 A 104.18.29.202, A 104.18.28.202 (80)
01:20:48.404827 IP 172.20.0.10.domain > 10.4.36.53.40450: 18432 2/0/0 A 104.18.29.202, A 104.18.28.202 (80)
------------

You can see that on the Busybox side, 10.4.36.53, we send an A and then an AAAA query over the same socket. The resolver returns the AAAA record first, or at least, we receive it first -- UDP makes no ordering guarantees. When nslookup prints just A records I observe that the A record is returned first.

This reproduces easily for me. I first observed it Busybox 1.33.1 in a Kubernetes environment. I also reproduced it on Docker Desktop on an M1 Mac using the latest Busybox image, 1.34.1.

I can see this behavior was also observed in this bug: https://bugs.busybox.net/show_bug.cgi?id=11161#c4