DNS Lib Underscore Bug Bites Everyone's Favorite Init Tool, Blanks Netflix

Reader OneHundredAndTen writes and shares a report: Systemd doing what it does best. From a report on The Register: A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged over the weekend, when Gentoo user Dennis Schridde submitted a bug report to the Systemd project. Essentially, he described a failure within systemd-resolve, a Systemd component that turns human-readable domain names into IP addresses for software, like web browsers, to connect to. The Systemd resolver couldn't look up Netflix's servers for Schridde's web browser, according to the report. In his detailed post, Schridde said he expected this to happen: ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net gets resolved to 37.77.187.142 or 2a00:86c0:5:5::142. When in reality, that wasn't happening, so Netflix couldn't be reached on his box. His speculation that libidn2, which adds internationalised domain names support to the resolver, was at fault turned out to be accurate. Rebuilding Systemd without that library cleared the problem.

Not a bug

[arth1]

Underscores are not allowed in domain names. Some resolvers allow them for historical reasons, because they were common in Microsoft environments that defaulted to converting a space to an underscore when entering the hostname on initial configuration, back when Microsoft thought that everybody would be using Microsoft Network and not Internet.

But they're not legal, and should NOT resolve. My DNS servers do not have the ancient msdos compatibility turned on, and reject them as they should.

libidn (internationalized domain names, punycode) do not use them either, and if it rejects them, all the better.

Re:Not a bug

[aardvarkjoe]

But they're not legal, and should NOT resolve. My DNS servers do not have the ancient msdos compatibility turned on, and reject them as they should.

Although apparently the behavior that it has is to strip out the offending characters and then try to resolve the result, which doesn't make a whole lot of sense either.

From the bug, it looks like the problem is caused by linking with libidn2, and support for that was marked as "experimental" in systemd, so this really doesn't matter much. You shouldn't be enabling experimental features in software unless you're willing to deal with potential problems.

Re:Not a bug

[arth1]

Don't expect the hostname to match functionality. One of the companies I have to download patches from every now and then have their ftp server named wwwonly.

That said, and back to topic, underscores can be used in DNS, but not for hostnames, only for other services. Hostnames are restricted by rfc1123. So if it returned an SRV record or similar, it would be fine.
But don't name a host with an underscore.

Re:Blanks Netflix for a userbase edge case

I guess you expected the headline to explain everything to you in full detail and with absolute accuracy, that's a pity.

But users with systemd is NOT an 'edge case' really. In fact it's becoming more like users WITHOUT systemd would be the edge cases, within *nix.

The problem is systemd breaking unexpectedly

The real problem here isn't that a handful of Linux users couldn't use Netflix.

The real problem is that, yet again, systemd has been involved in critical functionality breaking in an unusual and unexpected way.

It doesn't matter if it was an external library that systemd used that's responsible. Systemd is responsible for the problem because it uses this flawed library.

There's no reason for systemd to be involved with resolving domain names. Linux got by just fine throughout the 1990s, the 2000s, and even a big part of the 2010s without systemd being involved. Yet now that systemd is involved, things are going to hell.

Long time Linux users will be very aware of how problematic systemd so often is in the dumbest of ways.

Maybe somebody who just started using Linux in the systemd era thinks it's acceptable for their system to sometimes not boot properly, or for the domain name resolution to break unexpectedly. But long time Linux users know it wasn't like that before systemd was forced on the Linux community, and they know that such breakage is just not acceptable.

This is just the latest in a long chain of problems involving systemd. It has gotten to the point where Linux's reliability is below that of the BSDs, of macOS, and as much as I hate to say it, even modern versions of Windows!

Systemd needs to go, at least from important distros like Debian and Ubuntu. If Fedora wants to screw around with systemd, then so be it. But the other distros should remove it immediately.

Re:The problem is systemd breaking unexpectedly

[AJWM]

Hear, hear!

Why the hell does an init system need a built-in DNS resolver anyway?

Re:The problem is systemd breaking unexpectedly

[squiggleslash]

No, the real problem is that a library, Libidn, that's used by resolver libraries including that apparently shipped with systemd has a bug in it. The library dates back to 2002, it's not even as if systemd was relying upon some bleeding edge library written specifically for it. And yes, it's best practices, when implementing something like international domains to use a respected third party library rather than trying to roll your own, so they haven't made an error in relying upon it.

This has nothing to do with systemd except for the fact the user happened to be using systemd at the time, and systemd happens to use this library. What next? A kernel bug gets blamed on systemd because systemd uses the kernel?

The submitter is trolling.

Re:The problem is systemd breaking unexpectedly

Great, now Poettering is going to take that as a death threat and write another livejournal about how mean the whole FOSS community is to him.

Re: The problem is systemd breaking unexpectedly

...which is an utterly retarded design.

Unix is a bunch of components by different authors, most with competitors, that use well-defined protocols to communicate. Unix works because stuff that sucks gets replaced, and no one person's vision defines what happens.

Systemd and Windows are defined by one small man's vision, not by protocols and competition. And when that man doesn't think usernames should have certain forms, well, fuck everyone else, right?

Re:Hey Poettering

[thegarbz]

Any explanation for this piece of shit problem, asshole?

Yes. libidn2 is not a default and is marked as experimental and not ready for use. Also libidn2 isn't maintained Poettering.

Now what would interest far more people is, do you have an explanation for being an unbearable cunt?

So let me get this straight

[thegarbz]

A bug was noted in an optional library that wasn't default for any release of systemd.
The following release of systemd downgraded support of the optional unused library libidn2 to experimental.
A pull requested was put in the bug tracker by the maintainer (not Poettering) to fix this in the future.
Some dude compiles a piece of software with an experimental library and ... wait for it, this is the best part ... he notices a bug.

It makes front page news and Slashdot users start frothing from their mouth in their stupor.

And you wonder why complaints aren't taken seriously by developers. *golfclap*

Re:Hey Poettering

[corychristison]

Underscores are not allowed in top level domains names, for example you can't register example_domain.com.

However, in sub-domains they are perfectly legal. For example: my_subdomain.example.com is perfectly valid.

Re: When's sshd getting incorporated?

[lordlod]

About a year ago I was joking that they would reimplement ntp any day now. Then I discovered systemd-timesyncd.