| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: buildfarm server suddenly not talking to old SSL stacks? |
| Date: | 2018-07-17 21:29:42 |
| Message-ID: | 31328.1531862982@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> On 07/17/2018 10:14 PM, Tom Lane wrote:
>> So for some reason, perl's https support is trying to bind to the IPv6
>> address of buildfarm.postgresql.org, even though no IPv6 support is
>> configured at all on this machine. I wonder how long that's been going
>> on? Has anything about the machine's DNS entries changed recently?
>> (Also, "ssh buildfarm.postgresql.org" binds to IPv4 just fine.)
> I dont think there have been any recent changes on (DNS) v6 for
> brentalia - afaiks in our internal revision control we have had v6 on
> that box for at least 2 years now.
> However could it be that whatever DNS resolver those boxes are using
> just started to return AAAAs as well (the strsize in the strace output
> is not large enough to see the actual response from the local resolver)
The nameserver is one I run locally, and the only change it's seen lately
is RHEL6's occasional security updates. I don't think that's where the
issue came in.
The full nameserver interaction is
sendto(3, "\x21\x86\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01", 42, MSG_NOSIGNAL, NULL, 0) = 42
recvfrom(3, "\x21\x86\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x06\xc1\x00\x10\x20\x01\x48\x00\x15\x01\x00\x01\x00\x00\x00\x00\x00\x00\x02\x17", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 70
I don't have anything handy like wireshark installed on this machine, but
I see the hex for buildfarm's IPv6 address in that response, and *not*
the hex for its IPv4 address. Conversely, when I try the http: URL,
I see a different query and only the IPv4 address in the response:
sendto(3, "\xa8\x93\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01", 42, MSG_NOSIGNAL, NULL, 0) = 42
recvfrom(3, "\xa8\x93\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x01\xd5\x00\x04\xae\x8f\x23\xd9", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 58
It looks like Perl is specifically asking for AAAA in preference to A
records, but only for https:. Weird.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Atkins | 2018-07-17 22:05:19 | Re: buildfarm server suddenly not talking to old SSL stacks? |
| Previous Message | Stefan Kaltenbrunner | 2018-07-17 20:46:40 | Re: buildfarm server suddenly not talking to old SSL stacks? |