View Issue Details

IDProjectCategoryView StatusLast Update
0018040CentOS-8grub2public2021-01-28 17:03
Reporterchrismarget Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformUEFI x86_64OSCentOS 8OS Version8.3.2011
Product Version8.3.2011 
Summary0018040: Unreliable DNS resolution in grub2
DescriptionThere seems to be a DNS resolution problem with the grub binary found on the 8.3
iso image. MD5 checksums to clarify which iso and file I'm talking about:
40cadc677c5b5821473d852671d03d6e CentOS-8.3.2011-x86_64-boot.iso
d118f92abae15e7afa34ff8dcd28dfee /mnt/CentOS-8.3.2011-x86_64-boot/EFI/BOOT/grubx64.efi

When running `net_nslookup`, the system generates two DNS queries (A and AAAA)
in two different packets. That behavior is described here:
    https://bugzilla.redhat.com/show_bug.cgi?id=860829

Lookups of records that only have an A record (no AAAA) record are unreliable:

    grub> net_nslookup test-ipv6.com
    216.218.228.115
    grub> net_nslookup test-ipv6.com
    error: ../../grub-core/net/dns.c:673:no DNS record found.
    grub> net_nslookup test-ipv6.com
    216.218.228.115
    grub>

Two patterns appear on the wire with these queries.

If the A query's response (a usable answer) is the first one to arrive, exactly
four packets are observed on the wire, and the requested address is printed at
the grub CLI (the first and third example above):

    1 0.000000 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x0084 A test-ipv6.com
    2 0.000019 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x0084 AAAA test-ipv6.com
    3 0.089862 192.168.5.20 → 192.168.1.49 DNS 89 Standard query response 0x0084 A test-ipv6.com A 216.218.228.115
    4 0.096040 192.168.5.20 → 192.168.1.49 DNS 121 Standard query response 0x0084 AAAA test-ipv6.com SOA ns1.test-ipv6.com

If the AAAA query's response (no such record exists) is the first one to arrive,
sixteen packets appear on the wire as grub repeats the queries three more times.
The replies to the second, third and fourth queries can arrive in either order
without affecting the outcome. Eventually the error (second example above) is
printed to the grub CLI.

    1 0.000000 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c A test-ipv6.com
    2 0.000014 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c AAAA test-ipv6.com
    3 0.000320 192.168.5.20 → 192.168.1.49 DNS 121 Standard query response 0x008c AAAA test-ipv6.com SOA ns1.test-ipv6.com
    4 0.000327 192.168.5.20 → 192.168.1.49 DNS 89 Standard query response 0x008c A test-ipv6.com A 216.218.228.115
    5 0.187693 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c A test-ipv6.com
    6 0.187707 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c AAAA test-ipv6.com
    7 0.187979 192.168.5.20 → 192.168.1.49 DNS 121 Standard query response 0x008c AAAA test-ipv6.com SOA ns1.test-ipv6.com
    8 0.187986 192.168.5.20 → 192.168.1.49 DNS 89 Standard query response 0x008c A test-ipv6.com A 216.218.228.115
    9 0.375417 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c A test-ipv6.com
   10 0.375431 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c AAAA test-ipv6.com
   11 0.375768 192.168.5.20 → 192.168.1.49 DNS 89 Standard query response 0x008c A test-ipv6.com A 216.218.228.115
   12 0.375827 192.168.5.20 → 192.168.1.49 DNS 121 Standard query response 0x008c AAAA test-ipv6.com SOA ns1.test-ipv6.com
   13 0.563152 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c A test-ipv6.com
   14 0.563166 192.168.1.49 → 192.168.5.20 DNS 73 Standard query 0x008c AAAA test-ipv6.com
   15 0.563473 192.168.5.20 → 192.168.1.49 DNS 121 Standard query response 0x008c AAAA test-ipv6.com SOA ns1.test-ipv6.com
   16 0.563479 192.168.5.20 → 192.168.1.49 DNS 89 Standard query response 0x008c A test-ipv6.com A 216.218.228.115

I suspect that the same issue is behind unpredictable boot time failures when
attempting to fetch data from a specified-by-name HTTP location. The boot time
error looks like:

    error: ../../grub-core/net/dns.c:633:no DNS reply received.
    error: ../../grub-core/script/function.c:119:can't find command `---'.
    error: ../../grub-core/loader/i386/efi/linux.c:94:you need to load the kernel
    first.
Steps To Reproduce1) Find your way to a grub prompt using the binary cited above. Mine is sitting on a tftp server, with a DHCP server pointing at it so that it's fetched by a physical box in PXE mode.

2) Ensure that IP, gateway and DNS information is configured in grub. In my case this information seems to be inherited from the PXE ROM.

3) Use `net_nslookup` to query an address with no IPv6 result (I'm using test-ipv6.com) several times.
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-01-28 17:03 chrismarget New Issue