resolv: Implement no-aaaa stub resolver option

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

NEWS

@@ -29,6 +29,18 @@ Major new features:
   memory is carried out in the context of the caller, using the caller's
   CPU affinity, and priority with CPU usage accounted to the caller.
 
+* The “no-aaaa” DNS stub resolver option has been added.  System
+  administrators can use it to suppress AAAA queries made by the stub
+  resolver, including AAAA lookups triggered by NSS-based interfaces
+  such as getaddrinfo.  Only DNS lookups are affected: IPv6 data in
+  /etc/hosts is still used, getaddrinfo with AI_PASSIVE will still
+  produce IPv6 addresses, and configured IPv6 name servers are still
+  used.  To produce correct Name Error (NXDOMAIN) results, AAAA queries
+  are translated to A queries.  The new resolver option is intended
+  primarily for diagnostic purposes, to rule out that AAAA DNS queries
+  have adverse impact.  It is incompatible with EDNS0 usage and DNSSEC
+  validation by applications.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * Support for prelink will be removed in the next release; this includes

resolv/Makefile

@@ -51,6 +51,7 @@ routines := \
   nss_dns_functions \
   res-close \
   res-name-checking \
+  res-noaaaa \
   res-state \
   res_context_hostalias \
   res_enable_icmp \
@@ -92,6 +93,7 @@ tests += \
   tst-resolv-binary \
   tst-resolv-edns \
   tst-resolv-network \
+  tst-resolv-noaaaa \
   tst-resolv-nondecimal \
   tst-resolv-res_init-multi \
   tst-resolv-search \
@@ -265,6 +267,7 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
   $(shared-thread-library)
 $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \
   $(shared-thread-library)
+$(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
 $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
 $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
 $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)

resolv/nss_dns/dns-host.c

@@ -124,6 +124,14 @@ static enum nss_status gaih_getanswer (const querybuf *answer1, int anslen1,
 				       char *buffer, size_t buflen,
 				       int *errnop, int *h_errnop,
 				       int32_t *ttlp);
+static enum nss_status gaih_getanswer_noaaaa (const querybuf *answer1,
+					      int anslen1,
+					      const char *qname,
+					      struct gaih_addrtuple **pat,
+					      char *buffer, size_t buflen,
+					      int *errnop, int *h_errnop,
+					      int32_t *ttlp);
+
 
 static enum nss_status gethostbyname3_context (struct resolv_context *ctx,
 					       const char *name, int af,
@@ -369,17 +377,31 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
   int resplen2 = 0;
   int ans2p_malloced = 0;
 
+
   int olderr = errno;
-  int n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
+  int n;
+
+  if ((ctx->resp->options & RES_NOAAAA) == 0)
+    {
+      n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
 				host_buffer.buf->buf, 2048, &host_buffer.ptr,
 				&ans2p, &nans2p, &resplen2, &ans2p_malloced);
-  if (n >= 0)
-    {
-      status = gaih_getanswer (host_buffer.buf, n, (const querybuf *) ans2p,
-			       resplen2, name, pat, buffer, buflen,
-			       errnop, herrnop, ttlp);
+      if (n >= 0)
+	status = gaih_getanswer (host_buffer.buf, n, (const querybuf *) ans2p,
+				 resplen2, name, pat, buffer, buflen,
+				 errnop, herrnop, ttlp);
     }
   else
+    {
+      n = __res_context_search (ctx, name, C_IN, T_A,
+				host_buffer.buf->buf, 2048, NULL,
+				NULL, NULL, NULL, NULL);
+      if (n >= 0)
+	status = gaih_getanswer_noaaaa (host_buffer.buf, n,
+					name, pat, buffer, buflen,
+					errnop, herrnop, ttlp);
+    }
+  if (n < 0)
     {
       switch (errno)
 	{
@@ -1387,3 +1409,21 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
 
   return status;
 }
+
+/* Variant of gaih_getanswer without a second (AAAA) response.  */
+static enum nss_status
+gaih_getanswer_noaaaa (const querybuf *answer1, int anslen1, const char *qname,
+		       struct gaih_addrtuple **pat,
+		       char *buffer, size_t buflen,
+		       int *errnop, int *h_errnop, int32_t *ttlp)
+{
+  int first = 1;
+
+  enum nss_status status = NSS_STATUS_NOTFOUND;
+  if (anslen1 > 0)
+    status = gaih_getanswer_slice (answer1, anslen1, qname,
+				   &pat, &buffer, &buflen,
+				   errnop, h_errnop, ttlp,
+				   &first);
+  return status;
+}

resolv/res-noaaaa.c

@@ -0,0 +1,143 @@
+/* Implement suppression of AAAA queries.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <resolv.h>
+#include <string.h>
+#include <resolv-internal.h>
+#include <resolv_context.h>
+#include <arpa/nameser.h>
+
+/* Returns true if the question type at P matches EXPECTED, and the
+   class is IN.  */
+static bool
+qtype_matches (const unsigned char *p, int expected)
+{
+  /* This assumes that T_A/C_IN constants are less than 256, which
+     they are.  */
+  return p[0] == 0 && p[1] == expected && p[2] == 0 && p[3] == C_IN;
+}
+
+/* Handle RES_NOAAAA translation of AAAA queries.  To produce a Name
+   Error (NXDOMAIN) repsonse for domain names that do not exist, it is
+   still necessary to send a query.  Using question type A is a
+   conservative choice.  In the returned answer, it is necessary to
+   switch back the question type to AAAA.  */
+bool
+__res_handle_no_aaaa (struct resolv_context *ctx,
+                      const unsigned char *buf, int buflen,
+                      unsigned char *ans, int anssiz, int *result)
+{
+  /* AAAA mode is not active, or the query looks invalid (will not be
+     able to be parsed).  */
+  if ((ctx->resp->options & RES_NOAAAA) == 0
+      || buflen <= sizeof (HEADER))
+    return false;
+
+  /* The replacement A query is produced here.  */
+  struct
+  {
+    HEADER header;
+    unsigned char question[NS_MAXCDNAME + 4];
+  } replacement;
+  memcpy (&replacement.header, buf, sizeof (replacement.header));
+
+  if (replacement.header.qr
+      || replacement.header.opcode != 0
+      || replacement.header.rcode != 0
+      || ntohs (replacement.header.qdcount) != 1
+      || ntohs (replacement.header.ancount) != 0
+      || ntohs (replacement.header.nscount) != 0)
+    /* Not a well-formed question.  Let the core resolver code produce
+       the proper error.  */
+    return false;
+
+  /* Disable EDNS0.  */
+  replacement.header.arcount = htons (0);
+
+  /* Extract the QNAME.  */
+  int ret = __ns_name_unpack (buf, buf + buflen, buf + sizeof (HEADER),
+                              replacement.question, NS_MAXCDNAME);
+  if (ret < 0)
+    /* Format error.  */
+    return false;
+
+  /* Compute the end of the question name.  */
+  const unsigned char *after_question = buf + sizeof (HEADER) + ret;
+
+  /* Check that we are dealing with an AAAA query.  */
+  if (buf + buflen - after_question < 4
+      || !qtype_matches (after_question, T_AAAA))
+    return false;
+
+  /* Find the place to store the type/class data in the replacement
+     query.  */
+  after_question = replacement.question;
+  /* This cannot fail because __ns_name_unpack above produced a valid
+     domain name.  */
+  (void) __ns_name_skip (&after_question, &replacement.question[NS_MAXCDNAME]);
+  unsigned char *start_of_query = (unsigned char *) &replacement;
+  const unsigned char *end_of_query = after_question + 4;
+
+  /* Produce an A/IN query.  */
+  {
+    unsigned char *p = (unsigned char *) after_question;
+    p[0] = 0;
+    p[1] = T_A;
+    p[2] = 0;
+    p[3] = C_IN;
+  }
+
+  /* Clear the output buffer, to avoid reading undefined data when
+     rewriting the result from A to AAAA.  */
+  memset (ans, 0, anssiz);
+
+  /* Always perform the message translation, independent of the error
+     code.  */
+  ret = __res_context_send (ctx,
+                            start_of_query, end_of_query - start_of_query,
+                            NULL, 0, ans, anssiz,
+                            NULL, NULL, NULL, NULL, NULL);
+
+  /* Patch in the AAAA question type if there is room and the A query
+     type was received.  */
+  after_question = ans + sizeof (HEADER);
+  if (__ns_name_skip (&after_question, ans + anssiz) == 0
+      && ans + anssiz - after_question >= 4
+      && qtype_matches (after_question, T_A))
+    {
+      ((unsigned char *) after_question)[1] = T_AAAA;
+
+      /* Create an aligned copy of the header.  Hide all data except
+         the question from the response.  Put back the header.  There is
+         no need to change the response code.  The zero answer count turns
+         a positive response with data into a no-data response.  */
+      memcpy (&replacement.header, ans, sizeof (replacement.header));
+      replacement.header.ancount = htons (0);
+      replacement.header.nscount = htons (0);
+      replacement.header.arcount = htons (0);
+      memcpy (ans, &replacement.header, sizeof (replacement.header));
+
+      /* Truncate the reply.  */
+      if (ret <= 0)
+        *result = ret;
+      else
+        *result = after_question - ans + 4;
+    }
+
+  return true;
+}

resolv/res_debug.c

@@ -613,6 +613,7 @@ p_option(u_long option) {
 	case RES_NOTLDQUERY:	return "no-tld-query";
 	case RES_NORELOAD:	return "no-reload";
 	case RES_TRUSTAD:	return "trust-ad";
+	case RES_NOAAAA:	return "no-aaaa";
 				/* XXX nonreentrant */
 	default:		sprintf(nbuf, "?0x%lx?", (u_long)option);
 				return (nbuf);

resolv/res_init.c

@@ -695,6 +695,7 @@ res_setoptions (struct resolv_conf_parser *parser, const char *options)
             { STRnLEN ("no-reload"), 0, RES_NORELOAD },
             { STRnLEN ("use-vc"), 0, RES_USEVC },
             { STRnLEN ("trust-ad"), 0, RES_TRUSTAD },
+            { STRnLEN ("no-aaaa"), 0, RES_NOAAAA },
           };
 #define noptions (sizeof (options) / sizeof (options[0]))
           for (int i = 0; i < noptions; ++i)

resolv/res_query.c

@@ -204,10 +204,26 @@ __res_context_query (struct resolv_context *ctx, const char *name,
 			free (buf);
 		return (n);
 	}
-	assert (answerp == NULL || (void *) *answerp == (void *) answer);
-	n = __res_context_send (ctx, query1, nquery1, query2, nquery2, answer,
-				anslen, answerp, answerp2, nanswerp2, resplen2,
-				answerp2_malloced);
+
+	/* Suppress AAAA lookups if required.  __res_handle_no_aaaa
+	   checks RES_NOAAAA first, so avoids parsing the
+	   just-generated query packet in most cases.  nss_dns avoids
+	   using T_QUERY_A_AND_AAAA in RES_NOAAAA mode, so there is no
+	   need to handle it here.  */
+	if (type == T_AAAA && __res_handle_no_aaaa (ctx, query1, nquery1,
+						    answer, anslen, &n))
+	  /* There must be no second query for AAAA queries.  The code
+	     below is still needed to translate NODATA responses.  */
+	  assert (query2 == NULL);
+	else
+	  {
+	    assert (answerp == NULL || (void *) *answerp == (void *) answer);
+	    n = __res_context_send (ctx, query1, nquery1, query2, nquery2,
+				    answer, anslen,
+				    answerp, answerp2, nanswerp2, resplen2,
+				    answerp2_malloced);
+	  }
+
 	if (use_malloc)
 		free (buf);
 	if (n < 0) {

resolv/res_send.c

@@ -438,8 +438,13 @@ context_send_common (struct resolv_context *ctx,
       RES_SET_H_ERRNO (&_res, NETDB_INTERNAL);
       return -1;
     }
-  int result = __res_context_send (ctx, buf, buflen, NULL, 0, ans, anssiz,
-				   NULL, NULL, NULL, NULL, NULL);
+
+  int result;
+  if (__res_handle_no_aaaa (ctx, buf, buflen, ans, anssiz, &result))
+    return result;
+
+  result = __res_context_send (ctx, buf, buflen, NULL, 0, ans, anssiz,
+			       NULL, NULL, NULL, NULL, NULL);
   __resolv_context_put (ctx);
   return result;
 }

resolv/resolv-internal.h

@@ -85,6 +85,14 @@ int __res_context_send (struct resolv_context *, const unsigned char *, int,
                         int *, int *, int *);
 libc_hidden_proto (__res_context_send)
 
+/* Return true if the query has been handled in RES_NOAAAA mode.  For
+   that, RES_NOAAAA must be active, and the question type must be AAAA.
+   The caller is expected to return *RESULT as the return value.  */
+bool __res_handle_no_aaaa (struct resolv_context *ctx,
+                           const unsigned char *buf, int buflen,
+                           unsigned char *ans, int anssiz, int *result)
+  attribute_hidden;
+
 /* Internal function similar to res_hostalias.  */
 const char *__res_context_hostalias (struct resolv_context *,
                                      const char *, char *, size_t);

resolv/resolv.h

@@ -132,6 +132,7 @@ struct res_sym {
 					   as a TLD.  */
 #define RES_NORELOAD    0x02000000 /* No automatic configuration reload.  */
 #define RES_TRUSTAD     0x04000000 /* Request AD bit, keep it in responses.  */
+#define RES_NOAAAA      0x08000000 /* Suppress AAAA queries.  */
 
 #define RES_DEFAULT	(RES_RECURSE|RES_DEFNAMES|RES_DNSRCH)