summaryrefslogtreecommitdiffstats
path: root/wiki/src/bugs/ttdnsd_broken.mdwn
blob: 910c7de66eb5f6ab51e8eace2e667bc7f512a51b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
This may involve several different issues with `ttdnsd`, `pdnsd`
and/or their configurations in Tails. This bug can be splitted once
we're sure what's really going on.

[[!toc levels=2]]

# the bugs

### `ttdnsd` can't resolve

Running:

    host -t A boum.org 127.0.0.2

produces the result:

    ;; connection timed out; no servers could be reached

In Tails' `ttdnsd` is configured to use Google's DNS server
(`8.8.8.8`) which seem to have started to block connections
originating from the Tor network. Configuring `ttdnsd` to use OpenDNS
(`208.67.2222.222`) instead fixes this issue.

### `ttdnsd` has concurrency issues, part 1 (upstream bug?)

In Tails, when Iceweasel starts, `ttdnsd` crashes. When Iceweasel
starts it concurrently does an A and AAAA query for several of the
search engines and the startpage. It seems like this is the cause of
`ttdnsd` crashing. A crash can reliably be reproduced the following
way:

    host -t A boum.org 127.0.0.2 &
    host -t AAAA boum.org 127.0.0.2 &

It has been verified via packet sniffing that ttdnsd indeed gets both
the A and AAAA queries sent by iceweasel (which is weird, see below),
which creates the same situation as running the two commands above.

Running ttdnsd with the `-c` option seems to prevent the crash, but
then no circuits are built, so `ttdnsd` is still useless.

It seems this crash only occurs when `ttdnsd` is configured to use a
DNS server that blocks the Tor network, like Google DNS. Switching to
OpenDNS prevents the crash, but...

### `ttdnsd` has concurrency issues, part 2 (upstream bug?)

When using OpenDNS, running:

    host -t A boum.org 127.0.0.2 &
    host -t AAAA boum.org 127.0.0.2 &

fails with the same old timeout error for both requests. It seems
`ttdnsd` can only handle one request at a time; if a request is made
while it handles another, **both** fails.

### `ttdnsd` gets A queries (it shouldn't)

A fine question is why `ttdnsd` gets both the A and AAAA
requests. Tails' system resolver, `pdnsd`, is configured to first use
Tor's resolver (i.e. `DNSPort`), which should work for A requests, and
fallback to `ttdnsd` only if the former failed, i.e. for all non-A
requests. Explicitly using the system resolver shows this expected
behaviour:

    host -t A boum.org 127.0.0.1 &
    host -t AAAA boum.org 127.0.0.1 &

i.e. Tor's resolver handles At and `ttdnsd` handles AAAA.

# solution

We decided (<85zk731slu.fsf@boum.org>) to pull ttdnsd out of the
"normal" DNS resolution loop, but leave it installed, configured
and running. Implementation in progress (intrigeri).

> Merged in devel, [[fixed|done]] in 0.13.