starred/hickory-dns
1
0
Fork 0
mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 11:15:54 +03:00
Code Issues 373 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #2781] CachingClient flattens additionals into answers #1059

New issue
Closed
opened 2026-03-16 01:29:00 +03:00 by kerem · 1 comment
kerem commented 2026-03-16 01:29:00 +03:00
Owner
Copy link

Originally created by @howardjohn on GitHub (Feb 14, 2025).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2781

Describe the bug
I am sending a lookup through CachingClient. The response from the upstream looks like:

2025-02-14T16:23:51.941167Z     debug   hickory_resolver::error:lookup{src=10.10.0.32:40976 query=SRV name=_tcp.db.srv.tld.}    Response:; header 51968:RESPONSE:RD,AA
:NoError:QUERY:3/0/3
; query
;; _tcp.db.srv.tld. IN SRV
; answers 3
_tcp.db.srv.tld. 8 IN SRV 0 0 1024 privatelink-db.srv.tld.
_tcp.db.srv.tld. 8 IN SRV 0 0 1025 privatelink-db.srv.tld.
_tcp.db.srv.tld. 8 IN SRV 0 0 1026 privatelink-db.srv.tld.
; nameservers 0
; additionals 3
privatelink-db.srv.tld. 8 IN A 10.140.0.250
privatelink-db.srv.tld. 8 IN A 10.140.0.250
privatelink-db.srv.tld. 8 IN A 10.140.0.250

The response from hickory flattens the additionals though:

$dig _tcp.db.srv.tld. SRV

; <<>> DiG 9.18.31 <<>> _tcp.db.srv.tld. SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59590
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_tcp.db.srv.tld.               IN      SRV

;; ANSWER SECTION:
_tcp.db.srv.tld.        8       IN      SRV     0 0 1024 privatelink-db.srv.tld.
_tcp.db.srv.tld.        8       IN      SRV     0 0 1025 privatelink-db.srv.tld.
_tcp.db.srv.tld.        8       IN      SRV     0 0 1026 privatelink-db.srv.tld.
privatelink-db.srv.tld. 8       IN      A       10.140.0.250
privatelink-db.srv.tld. 8       IN      A       10.140.0.250
privatelink-db.srv.tld. 8       IN      A       10.140.0.250

;; Query time: 3 msec
;; SERVER: 10.120.0.10#53(10.120.0.10) (UDP)
;; WHEN: Fri Feb 14 16:23:51 UTC 2025
;; MSG SIZE  rcvd: 218

(for completeness, the same dig not going through hickory:

/ $dig _tcp.db.srv.tld. SRV

; <<>> DiG 9.18.31 <<>> _tcp.db.srv.tld. SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41364
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9521c3230b00f6ae (echoed)
;; QUESTION SECTION:
;_tcp.db.srv.tld.               IN      SRV

;; ANSWER SECTION:
_tcp.db.srv.tld.        6       IN      SRV     0 0 1024 privatelink-db.srv.tld.
_tcp.db.srv.tld.        6       IN      SRV     0 0 1025 privatelink-db.srv.tld.
_tcp.db.srv.tld.        6       IN      SRV     0 0 1026 privatelink-db.srv.tld.

;; ADDITIONAL SECTION:
privatelink-db.srv.tld. 6       IN      A       10.140.0.250
privatelink-db.srv.tld. 6       IN      A       10.140.0.250
privatelink-db.srv.tld. 6       IN      A       10.140.0.250

;; Query time: 3 msec
;; SERVER: 10.120.0.10#53(10.120.0.10) (UDP)
;; WHEN: Fri Feb 14 16:31:31 UTC 2025
;; MSG SIZE  rcvd: 341

)

To Reproduce
This can be reproduced against a coredns upstream server with the following config:

    template ANY ANY _tcp.db.srv.tld {
      answer "{{ .Name }} 8 IN SRV 0 0 1024 privatelink-db.srv.tld."
      answer "{{ .Name }} 8 IN SRV 0 0 1025 privatelink-db.srv.tld."
      answer "{{ .Name }} 8 IN SRV 0 0 1026 privatelink-db.srv.tld."
      additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250"
      additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250"
      additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250"
    }

Then send a request through hickory.

Expected behavior
additionals should be preserved (I think?)

System:

  • OS: Linux
  • Architecture: x86_64
  • Version: v0.24.2
  • rustc version:1.84.0

Version:
Crate: [e.g. client, server, resolver]
Version: v0.24.2

Additional context
I believe the split of answers/additionals is lost here github.com/hickory-dns/hickory-dns@284c625eaa/crates/resolver/src/caching_client.rs (L393) where we flatten them all together

Originally created by @howardjohn on GitHub (Feb 14, 2025). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2781 **Describe the bug** I am sending a `lookup` through `CachingClient`. The response from the upstream looks like: ``` 2025-02-14T16:23:51.941167Z debug hickory_resolver::error:lookup{src=10.10.0.32:40976 query=SRV name=_tcp.db.srv.tld.} Response:; header 51968:RESPONSE:RD,AA :NoError:QUERY:3/0/3 ; query ;; _tcp.db.srv.tld. IN SRV ; answers 3 _tcp.db.srv.tld. 8 IN SRV 0 0 1024 privatelink-db.srv.tld. _tcp.db.srv.tld. 8 IN SRV 0 0 1025 privatelink-db.srv.tld. _tcp.db.srv.tld. 8 IN SRV 0 0 1026 privatelink-db.srv.tld. ; nameservers 0 ; additionals 3 privatelink-db.srv.tld. 8 IN A 10.140.0.250 privatelink-db.srv.tld. 8 IN A 10.140.0.250 privatelink-db.srv.tld. 8 IN A 10.140.0.250 ``` The response from hickory flattens the additionals though: ``` $dig _tcp.db.srv.tld. SRV ; <<>> DiG 9.18.31 <<>> _tcp.db.srv.tld. SRV ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59590 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;_tcp.db.srv.tld. IN SRV ;; ANSWER SECTION: _tcp.db.srv.tld. 8 IN SRV 0 0 1024 privatelink-db.srv.tld. _tcp.db.srv.tld. 8 IN SRV 0 0 1025 privatelink-db.srv.tld. _tcp.db.srv.tld. 8 IN SRV 0 0 1026 privatelink-db.srv.tld. privatelink-db.srv.tld. 8 IN A 10.140.0.250 privatelink-db.srv.tld. 8 IN A 10.140.0.250 privatelink-db.srv.tld. 8 IN A 10.140.0.250 ;; Query time: 3 msec ;; SERVER: 10.120.0.10#53(10.120.0.10) (UDP) ;; WHEN: Fri Feb 14 16:23:51 UTC 2025 ;; MSG SIZE rcvd: 218 ``` (for completeness, the same `dig` not going through hickory: ``` / $dig _tcp.db.srv.tld. SRV ; <<>> DiG 9.18.31 <<>> _tcp.db.srv.tld. SRV ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41364 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 9521c3230b00f6ae (echoed) ;; QUESTION SECTION: ;_tcp.db.srv.tld. IN SRV ;; ANSWER SECTION: _tcp.db.srv.tld. 6 IN SRV 0 0 1024 privatelink-db.srv.tld. _tcp.db.srv.tld. 6 IN SRV 0 0 1025 privatelink-db.srv.tld. _tcp.db.srv.tld. 6 IN SRV 0 0 1026 privatelink-db.srv.tld. ;; ADDITIONAL SECTION: privatelink-db.srv.tld. 6 IN A 10.140.0.250 privatelink-db.srv.tld. 6 IN A 10.140.0.250 privatelink-db.srv.tld. 6 IN A 10.140.0.250 ;; Query time: 3 msec ;; SERVER: 10.120.0.10#53(10.120.0.10) (UDP) ;; WHEN: Fri Feb 14 16:31:31 UTC 2025 ;; MSG SIZE rcvd: 341 ``` ) **To Reproduce** This can be reproduced against a coredns upstream server with the following config: ``` template ANY ANY _tcp.db.srv.tld { answer "{{ .Name }} 8 IN SRV 0 0 1024 privatelink-db.srv.tld." answer "{{ .Name }} 8 IN SRV 0 0 1025 privatelink-db.srv.tld." answer "{{ .Name }} 8 IN SRV 0 0 1026 privatelink-db.srv.tld." additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250" additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250" additional "privatelink-db.srv.tld. 8 IN A 10.140.0.250" } ``` Then send a request through hickory. **Expected behavior** `additionals` should be preserved (I think?) **System:** - OS: Linux - Architecture: x86_64 - Version: v0.24.2 - rustc version:1.84.0 **Version:** Crate: [e.g. client, server, resolver] Version: v0.24.2 **Additional context** I believe the split of answers/additionals is lost here https://github.com/hickory-dns/hickory-dns/blob/284c625eaa0aff270d6995b503b4eb69fa960064/crates/resolver/src/caching_client.rs#L393 where we flatten them all together
kerem closed this issue 2026-03-16 01:29:06 +03:00
kerem commented 2026-03-16 01:29:11 +03:00
Author
Owner
Copy link

@divergentdave commented on GitHub (Feb 14, 2025):

Yeah, this is probably the wrong behavior. For example, the DNSSEC RFCs have a SHOULD saying that responses should be cached "as a single atomic entry".

Issue #2602 is somewhat related, but in the case of the recursive resolver we split responses into many cache entries, rather than combining them into one entry with just one list of records.

<!-- gh-comment-id:2660286290 --> @divergentdave commented on GitHub (Feb 14, 2025): Yeah, this is probably the wrong behavior. For example, the DNSSEC RFCs have a SHOULD saying that responses should be cached "as a single atomic entry". Issue #2602 is somewhat related, but in the case of the recursive resolver we split responses into many cache entries, rather than combining them into one entry with just one list of records.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
release/0.26
david/conformance-dnssec-negative-tests
query-api
opt-types
cname-nsec
no-cname-recursion
conformance-min-ttl
dname-base
drop-message-request
no-error-queries
cpu-sig0-rm-message-sig_dev
cpu-tsig-test-update_dev
windows-config
dnssec-net
release/0.25
opp-enc-persist
integration-test
cpu-tidying-recursor-opts_dev
happy-eyeballs
david/authoritative-zone-storage-trait
dnssec-ad
no-authority
release/0.24
pvdrz/remove-top-file
pvdrz/h3-handshake-timeout
pvdrz/quic-handshake-timeout
nxdomain-for-recursor
ja-test-merque-queue
ja-fix-ci-again
sz-add-ede-tests
sz-test-tc-bit-with-large-response
sz-fix-tokio-dependency
gh-2275-test-rrsig-signature
refactor-sign-zone-file
fix-1.79-cleanliness
update-nightly-hash
release/0.23
gh-pages
use-just-for-server-toml
release/0.22
revert-1874-cpu-zone-parse-default-class
disable-bind-compatibility-tests
disable-test_tls_client_stream_ipv4
update-native-tls-0.2.11
recursor-tests
fix-clippy-self
release/0.20
saethlin-fix-rdata-zero
release/0.19
flat_name
drop_unused_futures
release/0.18
release-r0.12-cs0.17
release/r0.12-cs0.17
trust-dns-book
r0.10
test-connections-not-dropped
fix_exec_status_on_rs_files
release-0.9
add-mutex-to-integration-tests
0.8_release
bfry/dns-crypt
v0.26.0
v0.26.0-beta.4
v0.26.0-beta.3
v0.26.0-beta.2
v0.26.0-beta.1
v0.26.0-alpha.1
v0.25.2
v0.25.1
v0.25.0
v0.24.4
v0.24.3
v0.25.0-alpha.5
v0.24.2
v0.25.0-alpha.4
v0.25.0-alpha.3
v0.25.0-alpha.2
v0.25.0-alpha.1
v0.24.1
v0.23.2
v0.24.0
v0.23.1
v0.23.0
v0.23.0-alpha.5
v0.23.0-alpha.4
v0.23.0-alpha.3
v0.22.1
v0.23.0-alpha.2
v0.23.0-alpha.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-alpha.5
v0.20.4
v0.21.0-alpha.4
v0.21.0-alpha.3
v0.21.0-alpha.2
v0.21.0-alpha.1
v0.20.3
v0.20.2
v0.20.1
v0.19.7
v0.20.0
0.19.6
v0.20.0-alpha.3
v0.20.0-alpha.2
v0.20.0-alpha.1
0.19.5
0.19.4
0.19.3
0.19.0
0.18.1
0.18
0.18.0.alpha.2
r0.12_cs0.17
r0.11.1
cs0.16.1
r0.11
cs0.16
r0.10.1
r0.10.0
cs0.15.0
r0.9.1
v0.14.0
r0.9.0
r0.8.1
r0.8.0
v0.13.0
r0.7.0
c0.12.0
r0.6.0
r0.5.0
resolver.0.4.0
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8.0
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.3
0.5.1
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.0
Labels
Clear labels   
blocked

   
breaking-change

   
bug

   
bug:critical

   
bug:tests

   
cleanup

   
compliance

   
compliance

   
compliance

   
crate:all

   
crate:client

   
crate:native-tls

   
crate:proto

   
crate:recursor

   
crate:resolver

   
crate:resolver

   
crate:rustls

   
crate:server

   
crate:util

   
dependencies

   
docs

   
duplicate

   
easy

   
easy

   
enhance

   
enhance

   
enhance

   
feature:dns-over-https

   
feature:dns-over-quic

   
feature:dns-over-tls

   
feature:dnsssec

   
feature:global_lb

   
feature:mdns

   
feature:tsig

   
features:edns

   
has workaround

   
ops

   
perf

   
platform:WASM

   
platform:android

   
platform:fuchsia

   
platform:linux

   
platform:macos

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
test

   
tools

   
tools

   
trust

   
unclear

   
wontfix
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#1059
No description provided.