starred/hickory-dns
1
0
Fork 0
mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 19:25:56 +03:00
Code Issues 373 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #3110] Dns resolve fail in 0.25.1 version #1134

New issue
Closed
opened 2026-03-16 01:42:11 +03:00 by kerem · 4 comments
kerem commented 2026-03-16 01:42:11 +03:00
Owner
Copy link

Originally created by @vicanso on GitHub (Jul 12, 2025).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/3110

Describe the bug
After I upgraded hickory-resolver from 0.24.3 to 0.25.1, the DNS resolution would fail probabilistically.

proto error: no records found for Query { name: Name("n150."), query_type: A, query_class: IN }

/etc/resolv.conf:

# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 100.100.100.100
nameserver 100.100.2.136
nameserver 100.100.2.138
search tail***.ts.net

# Based on host file: '/run/systemd/resolve/resolv.conf' (legacy)
# Overrides: []

To Reproduce
Steps to reproduce the behavior:

Expected behavior
A clear and concise description of what you expected to happen.

System:

  • OS: docker ubuntu
  • Architecture: x86_64
  • Version 24.04
  • rustc version: 1.86

Version:
Crate:hickory-resolver
Version:0.25.1

Additional context
My dns resolution function:

    /// Reads system DNS resolver configuration
    ///
    /// # Returns
    /// * `Result<(ResolverConfig, ResolverOpts)>` - Resolver configuration and options
    fn read_system_conf(&self) -> Result<(ResolverConfig, ResolverOpts)> {
        let (config, mut options) =
            read_system_conf().map_err(|e| Error::Resolve { source: e })?;

        options.ip_strategy = if self.ipv4_only {
            LookupIpStrategy::Ipv4Only
        } else {
            LookupIpStrategy::Ipv4AndIpv6
        };

        Ok((config, options))
    }

    /// Performs DNS lookups for configured hosts using tokio runtime
    ///
    /// # Returns
    /// * `Result<(Vec<LookupIp>, Vec<String>)>` - List of DNS lookup results and unhealthy backends
    async fn tokio_lookup_ip(&self) -> Result<(Vec<LookupIp>, Vec<String>)> {
        let provider = TokioConnectionProvider::default();
        let (config, options) = self.read_system_conf()?;
        let mut builder = Resolver::builder_with_config(config, provider);
        *builder.options_mut() = options;
        let resolver = builder.build();

        let mut lookup_ips = Vec::new();
        let mut failed_hosts = Vec::new();

        for (host, _, _) in self.hosts.iter() {
            match resolver.lookup_ip(host).await {
                Ok(lookup) => {
                    lookup_ips.push(lookup);
                },
                Err(e) => {
                    error!(
                        category = LOG_CATEGORY,
                        error = %e,
                        host,
                        "dns lookup failed"
                    );
                    failed_hosts.push(host.clone());
                },
            }
        }
        if lookup_ips.is_empty() {
            return Err(Error::Invalid {
                message: "resolve dns failed".to_string(),
            });
        }
        Ok((lookup_ips, failed_hosts))
    }
Originally created by @vicanso on GitHub (Jul 12, 2025). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/3110 **Describe the bug** After I upgraded hickory-resolver from 0.24.3 to 0.25.1, the DNS resolution would fail probabilistically. ``` proto error: no records found for Query { name: Name("n150."), query_type: A, query_class: IN } ``` /etc/resolv.conf: ``` # Generated by Docker Engine. # This file can be edited; Docker Engine will not make further changes once it # has been modified. nameserver 100.100.100.100 nameserver 100.100.2.136 nameserver 100.100.2.138 search tail***.ts.net # Based on host file: '/run/systemd/resolve/resolv.conf' (legacy) # Overrides: [] ``` **To Reproduce** Steps to reproduce the behavior: **Expected behavior** A clear and concise description of what you expected to happen. **System:** - OS: docker ubuntu - Architecture: x86_64 - Version 24.04 - rustc version: 1.86 **Version:** Crate:hickory-resolver Version:0.25.1 **Additional context** My dns resolution function: ```rust /// Reads system DNS resolver configuration /// /// # Returns /// * `Result<(ResolverConfig, ResolverOpts)>` - Resolver configuration and options fn read_system_conf(&self) -> Result<(ResolverConfig, ResolverOpts)> { let (config, mut options) = read_system_conf().map_err(|e| Error::Resolve { source: e })?; options.ip_strategy = if self.ipv4_only { LookupIpStrategy::Ipv4Only } else { LookupIpStrategy::Ipv4AndIpv6 }; Ok((config, options)) } /// Performs DNS lookups for configured hosts using tokio runtime /// /// # Returns /// * `Result<(Vec<LookupIp>, Vec<String>)>` - List of DNS lookup results and unhealthy backends async fn tokio_lookup_ip(&self) -> Result<(Vec<LookupIp>, Vec<String>)> { let provider = TokioConnectionProvider::default(); let (config, options) = self.read_system_conf()?; let mut builder = Resolver::builder_with_config(config, provider); *builder.options_mut() = options; let resolver = builder.build(); let mut lookup_ips = Vec::new(); let mut failed_hosts = Vec::new(); for (host, _, _) in self.hosts.iter() { match resolver.lookup_ip(host).await { Ok(lookup) => { lookup_ips.push(lookup); }, Err(e) => { error!( category = LOG_CATEGORY, error = %e, host, "dns lookup failed" ); failed_hosts.push(host.clone()); }, } } if lookup_ips.is_empty() { return Err(Error::Invalid { message: "resolve dns failed".to_string(), }); } Ok((lookup_ips, failed_hosts)) } ```
kerem closed this issue 2026-03-16 01:42:16 +03:00
kerem commented 2026-03-16 01:42:22 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Jul 12, 2025):

Can you show dbg!() prints of both the options and config on both 0.24.x and 0.25.x?

<!-- gh-comment-id:3064993917 --> @djc commented on GitHub (Jul 12, 2025): Can you show `dbg!()` prints of both the `options` and `config` on both 0.24.x and 0.25.x?
kerem commented 2026-03-16 01:42:27 +03:00
Author
Owner
Copy link

@vicanso commented on GitHub (Jul 12, 2025):

0.24.3

&config = ResolverConfig {
    domain: None,
    search: [
        Name("tail290a2a.ts.net"),
    ],
    name_servers: NameServerConfigGroup(
        [
            NameServerConfig {
                socket_addr: 100.100.100.100:53,
                protocol: Udp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.100.100:53,
                protocol: Tcp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.136:53,
                protocol: Udp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.136:53,
                protocol: Tcp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.138:53,
                protocol: Udp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.138:53,
                protocol: Tcp,
                tls_dns_name: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
        ],
    ),
}

&options = ResolverOpts {
    ndots: 1,
    timeout: 5s,
    attempts: 2,
    rotate: false,
    check_names: true,
    edns0: false,
    validate: false,
    ip_strategy: Ipv4Only,
    cache_size: 32,
    use_hosts_file: true,
    positive_min_ttl: None,
    negative_min_ttl: None,
    positive_max_ttl: None,
    negative_max_ttl: None,
    num_concurrent_reqs: 2,
    preserve_intermediates: true,
    try_tcp_on_error: false,
    server_ordering_strategy: QueryStatistics,
    recursion_desired: true,
    authentic_data: false,
    shuffle_dns_servers: false,
}

0.25.1

&config = ResolverConfig {
    domain: None,
    search: [
        Name("tail290a2a.ts.net"),
    ],
    name_servers: NameServerConfigGroup {
        servers: [
            NameServerConfig {
                socket_addr: 100.100.100.100:53,
                protocol: Udp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.100.100:53,
                protocol: Tcp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.136:53,
                protocol: Udp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.136:53,
                protocol: Tcp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.138:53,
                protocol: Udp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
            NameServerConfig {
                socket_addr: 100.100.2.138:53,
                protocol: Tcp,
                tls_dns_name: None,
                http_endpoint: None,
                trust_negative_responses: false,
                bind_addr: None,
            },
        ],
    },
}

&options = ResolverOpts {
    ndots: 1,
    timeout: 5s,
    attempts: 2,
    check_names: true,
    edns0: false,
    validate: false,
    ip_strategy: Ipv4Only,
    cache_size: 32,
    use_hosts_file: Auto,
    positive_min_ttl: None,
    negative_min_ttl: None,
    positive_max_ttl: None,
    negative_max_ttl: None,
    num_concurrent_reqs: 2,
    preserve_intermediates: true,
    try_tcp_on_error: false,
    server_ordering_strategy: QueryStatistics,
    recursion_desired: true,
    avoid_local_udp_ports: {},
    os_port_selection: false,
    case_randomization: false,
    trust_anchor: None,
}
<!-- gh-comment-id:3065554957 --> @vicanso commented on GitHub (Jul 12, 2025): ## 0.24.3 ``` &config = ResolverConfig { domain: None, search: [ Name("tail290a2a.ts.net"), ], name_servers: NameServerConfigGroup( [ NameServerConfig { socket_addr: 100.100.100.100:53, protocol: Udp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.100.100:53, protocol: Tcp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.136:53, protocol: Udp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.136:53, protocol: Tcp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.138:53, protocol: Udp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.138:53, protocol: Tcp, tls_dns_name: None, trust_negative_responses: false, bind_addr: None, }, ], ), } &options = ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, rotate: false, check_names: true, edns0: false, validate: false, ip_strategy: Ipv4Only, cache_size: 32, use_hosts_file: true, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, num_concurrent_reqs: 2, preserve_intermediates: true, try_tcp_on_error: false, server_ordering_strategy: QueryStatistics, recursion_desired: true, authentic_data: false, shuffle_dns_servers: false, } ``` ## 0.25.1 ``` &config = ResolverConfig { domain: None, search: [ Name("tail290a2a.ts.net"), ], name_servers: NameServerConfigGroup { servers: [ NameServerConfig { socket_addr: 100.100.100.100:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.100.100:53, protocol: Tcp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.136:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.136:53, protocol: Tcp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.138:53, protocol: Udp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, NameServerConfig { socket_addr: 100.100.2.138:53, protocol: Tcp, tls_dns_name: None, http_endpoint: None, trust_negative_responses: false, bind_addr: None, }, ], }, } &options = ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, check_names: true, edns0: false, validate: false, ip_strategy: Ipv4Only, cache_size: 32, use_hosts_file: Auto, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, num_concurrent_reqs: 2, preserve_intermediates: true, try_tcp_on_error: false, server_ordering_strategy: QueryStatistics, recursion_desired: true, avoid_local_udp_ports: {}, os_port_selection: false, case_randomization: false, trust_anchor: None, } ```
kerem commented 2026-03-16 01:42:32 +03:00
Author
Owner
Copy link

@marcus0x62 commented on GitHub (Jul 12, 2025):

Without more data, my initial thought is that this is probably due to #2560. @vicanso, can you post a self-contained minimal reproducer or, failing that, show what self.hosts is and how it is constructed/populated with host names? Your query object:

proto error: no records found for Query { name: Name("n150."), query_type: A, query_class: IN }

shows a request for a fully-qualified name.

<!-- gh-comment-id:3065686994 --> @marcus0x62 commented on GitHub (Jul 12, 2025): Without more data, my initial thought is that this is probably due to #2560. @vicanso, can you post a self-contained minimal reproducer or, failing that, show what self.hosts is and how it is constructed/populated with host names? Your query object: > proto error: no records found for Query { name: Name("n150."), query_type: A, query_class: IN } shows a request for a fully-qualified name.
kerem commented 2026-03-16 01:42:37 +03:00
Author
Owner
Copy link

@vicanso commented on GitHub (Jul 13, 2025):

I found that if only keep the Tailscale DNS server, it will be ok.

# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 100.100.100.100
#nameserver 100.100.2.136
#nameserver 100.100.2.138
search tail***.ts.net

# Based on host file: '/run/systemd/resolve/resolv.conf' (legacy)
# Overrides: []
<!-- gh-comment-id:3066288879 --> @vicanso commented on GitHub (Jul 13, 2025): I found that if only keep the Tailscale DNS server, it will be ok. ``` # Generated by Docker Engine. # This file can be edited; Docker Engine will not make further changes once it # has been modified. nameserver 100.100.100.100 #nameserver 100.100.2.136 #nameserver 100.100.2.138 search tail***.ts.net # Based on host file: '/run/systemd/resolve/resolv.conf' (legacy) # Overrides: [] ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
release/0.26
david/conformance-dnssec-negative-tests
query-api
opt-types
cname-nsec
no-cname-recursion
conformance-min-ttl
dname-base
drop-message-request
no-error-queries
cpu-sig0-rm-message-sig_dev
cpu-tsig-test-update_dev
windows-config
dnssec-net
release/0.25
opp-enc-persist
integration-test
cpu-tidying-recursor-opts_dev
happy-eyeballs
david/authoritative-zone-storage-trait
dnssec-ad
no-authority
release/0.24
pvdrz/remove-top-file
pvdrz/h3-handshake-timeout
pvdrz/quic-handshake-timeout
nxdomain-for-recursor
ja-test-merque-queue
ja-fix-ci-again
sz-add-ede-tests
sz-test-tc-bit-with-large-response
sz-fix-tokio-dependency
gh-2275-test-rrsig-signature
refactor-sign-zone-file
fix-1.79-cleanliness
update-nightly-hash
release/0.23
gh-pages
use-just-for-server-toml
release/0.22
revert-1874-cpu-zone-parse-default-class
disable-bind-compatibility-tests
disable-test_tls_client_stream_ipv4
update-native-tls-0.2.11
recursor-tests
fix-clippy-self
release/0.20
saethlin-fix-rdata-zero
release/0.19
flat_name
drop_unused_futures
release/0.18
release-r0.12-cs0.17
release/r0.12-cs0.17
trust-dns-book
r0.10
test-connections-not-dropped
fix_exec_status_on_rs_files
release-0.9
add-mutex-to-integration-tests
0.8_release
bfry/dns-crypt
v0.26.0
v0.26.0-beta.4
v0.26.0-beta.3
v0.26.0-beta.2
v0.26.0-beta.1
v0.26.0-alpha.1
v0.25.2
v0.25.1
v0.25.0
v0.24.4
v0.24.3
v0.25.0-alpha.5
v0.24.2
v0.25.0-alpha.4
v0.25.0-alpha.3
v0.25.0-alpha.2
v0.25.0-alpha.1
v0.24.1
v0.23.2
v0.24.0
v0.23.1
v0.23.0
v0.23.0-alpha.5
v0.23.0-alpha.4
v0.23.0-alpha.3
v0.22.1
v0.23.0-alpha.2
v0.23.0-alpha.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-alpha.5
v0.20.4
v0.21.0-alpha.4
v0.21.0-alpha.3
v0.21.0-alpha.2
v0.21.0-alpha.1
v0.20.3
v0.20.2
v0.20.1
v0.19.7
v0.20.0
0.19.6
v0.20.0-alpha.3
v0.20.0-alpha.2
v0.20.0-alpha.1
0.19.5
0.19.4
0.19.3
0.19.0
0.18.1
0.18
0.18.0.alpha.2
r0.12_cs0.17
r0.11.1
cs0.16.1
r0.11
cs0.16
r0.10.1
r0.10.0
cs0.15.0
r0.9.1
v0.14.0
r0.9.0
r0.8.1
r0.8.0
v0.13.0
r0.7.0
c0.12.0
r0.6.0
r0.5.0
resolver.0.4.0
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8.0
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.3
0.5.1
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.0
Labels
Clear labels   
blocked

   
breaking-change

   
bug

   
bug:critical

   
bug:tests

   
cleanup

   
compliance

   
compliance

   
compliance

   
crate:all

   
crate:client

   
crate:native-tls

   
crate:proto

   
crate:recursor

   
crate:resolver

   
crate:resolver

   
crate:rustls

   
crate:server

   
crate:util

   
dependencies

   
docs

   
duplicate

   
easy

   
easy

   
enhance

   
enhance

   
enhance

   
feature:dns-over-https

   
feature:dns-over-quic

   
feature:dns-over-tls

   
feature:dnsssec

   
feature:global_lb

   
feature:mdns

   
feature:tsig

   
features:edns

   
has workaround

   
ops

   
perf

   
platform:WASM

   
platform:android

   
platform:fuchsia

   
platform:linux

   
platform:macos

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
test

   
tools

   
tools

   
trust

   
unclear

   
wontfix
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#1134
No description provided.