Re: buildfarm server suddenly not talking to old SSL stacks?
| От | Tom Lane |
|---|---|
| Тема | Re: buildfarm server suddenly not talking to old SSL stacks? |
| Дата | |
| Msg-id | 31328.1531862982@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: buildfarm server suddenly not talking to old SSL stacks? (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>) |
| Ответы |
Re: buildfarm server suddenly not talking to old SSL stacks?
Re: buildfarm server suddenly not talking to old SSL stacks? |
| Список | pgsql-www |
Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> On 07/17/2018 10:14 PM, Tom Lane wrote:
>> So for some reason, perl's https support is trying to bind to the IPv6
>> address of buildfarm.postgresql.org, even though no IPv6 support is
>> configured at all on this machine. I wonder how long that's been going
>> on? Has anything about the machine's DNS entries changed recently?
>> (Also, "ssh buildfarm.postgresql.org" binds to IPv4 just fine.)
> I dont think there have been any recent changes on (DNS) v6 for
> brentalia - afaiks in our internal revision control we have had v6 on
> that box for at least 2 years now.
> However could it be that whatever DNS resolver those boxes are using
> just started to return AAAAs as well (the strsize in the strace output
> is not large enough to see the actual response from the local resolver)
The nameserver is one I run locally, and the only change it's seen lately
is RHEL6's occasional security updates. I don't think that's where the
issue came in.
The full nameserver interaction is
sendto(3,
"\x21\x86\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01",
42,MSG_NOSIGNAL, NULL, 0) = 42
recvfrom(3,
"\x21\x86\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x06\xc1\x00\x10\x20\x01\x48\x00\x15\x01\x00\x01\x00\x00\x00\x00\x00\x00\x02\x17",
1024,0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 70
I don't have anything handy like wireshark installed on this machine, but
I see the hex for buildfarm's IPv6 address in that response, and *not*
the hex for its IPv4 address. Conversely, when I try the http: URL,
I see a different query and only the IPv4 address in the response:
sendto(3,
"\xa8\x93\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01",
42,MSG_NOSIGNAL, NULL, 0) = 42
recvfrom(3,
"\xa8\x93\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x01\xd5\x00\x04\xae\x8f\x23\xd9",
1024,0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 58
It looks like Perl is specifically asking for AAAA in preference to A
records, but only for https:. Weird.
regards, tom lane
В списке pgsql-www по дате отправления: