Postgres Pro
Downloads
Home   >   mailing lists

Re: buildfarm server suddenly not talking to old SSL stacks? - Mailing list pgsql-www

From Tom Lane
Subject Re: buildfarm server suddenly not talking to old SSL stacks?
Date
Msg-id 31328.1531862982@sss.pgh.pa.us
Whole thread Raw
In response to Re: buildfarm server suddenly not talking to old SSL stacks?  (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>)
Responses Re: buildfarm server suddenly not talking to old SSL stacks?  (Steve Atkins <steve@blighty.com>)
Re: buildfarm server suddenly not talking to old SSL stacks?  (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>)
List pgsql-www
Tree view 
Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> On 07/17/2018 10:14 PM, Tom Lane wrote:
>> So for some reason, perl's https support is trying to bind to the IPv6
>> address of buildfarm.postgresql.org, even though no IPv6 support is
>> configured at all on this machine.  I wonder how long that's been going
>> on?  Has anything about the machine's DNS entries changed recently?
>> (Also, "ssh buildfarm.postgresql.org" binds to IPv4 just fine.)

> I dont think there have been any recent changes on (DNS) v6 for
> brentalia - afaiks in our internal revision control we have had v6 on
> that box for at least 2 years now.
> However could it be that whatever DNS resolver those boxes are using
> just started to return AAAAs as well (the strsize in the strace output
> is not large enough to see the actual response from the local resolver)

The nameserver is one I run locally, and the only change it's seen lately
is RHEL6's occasional security updates.  I don't think that's where the
issue came in.

The full nameserver interaction is

sendto(3,
"\x21\x86\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01",
42,MSG_NOSIGNAL, NULL, 0) = 42 

recvfrom(3,
"\x21\x86\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x06\xc1\x00\x10\x20\x01\x48\x00\x15\x01\x00\x01\x00\x00\x00\x00\x00\x00\x02\x17",
1024,0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 70 

I don't have anything handy like wireshark installed on this machine, but
I see the hex for buildfarm's IPv6 address in that response, and *not*
the hex for its IPv4 address.  Conversely, when I try the http: URL,
I see a different query and only the IPv4 address in the response:

sendto(3,
"\xa8\x93\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01",
42,MSG_NOSIGNAL, NULL, 0) = 42 

recvfrom(3,
"\xa8\x93\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x09\x62\x75\x69\x6c\x64\x66\x61\x72\x6d\x0a\x70\x6f\x73\x74\x67\x72\x65\x73\x71\x6c\x03\x6f\x72\x67\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x01\xd5\x00\x04\xae\x8f\x23\xd9",
1024,0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 58 

It looks like Perl is specifically asking for AAAA in preference to A
records, but only for https:.  Weird.

            regards, tom lane

pgsql-www by date:

Previous
From: Stefan Kaltenbrunner
Date:
Subject: Re: buildfarm server suddenly not talking to old SSL stacks?
Next
From: Steve Atkins
Date:
Subject: Re: buildfarm server suddenly not talking to old SSL stacks?