Opened 6 years ago

Closed 5 years ago

#411 closed Bug / Defect (fixed)

Does not actually randomize DNS results

Reported by: sthibault Owned by: Gert Döring
Priority: minor Milestone: release 2.3.7
Component: Documentation Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: plaisthos

Description

Hello,

The openvpn(8) manpage says

“If host is a DNS name which resolves to multiple IP addresses, one will be randomly chosen, providing a sort of basic load-balancing and failover capability.”

but that does not actually happen. I have notice that ticket #4 is “FRP - Feature Removal Process, closed, Do not randomize resolving of IP addresses in getaddr()”, so I guess that it is intentional.

At least the documentation should be updated, to avoid misleading people.

Change History (8)

comment:1 Changed 6 years ago by Gert Döring

Milestone: release 2.3.5
Owner: set to Gert Döring
Status: newassigned

Uh. I'll check what 2.3.4 and git master documentation says.

2.2.2 is fairly ancient, so we're not going to fix documentation bugs there.

comment:2 Changed 6 years ago by plaisthos

In 2.4 (2.3 maybe too) this has been removed since it breaks the ipv4/ipv6 order selection of the operating system. In 2.4 it will iterate through all of them in the order returned from the operating system.

comment:3 Changed 6 years ago by Samuli Seppänen

Milestone: release 2.3.5release 2.3.6

comment:4 Changed 5 years ago by Gert Döring

Milestone: release 2.3.6release 2.3.7

comment:5 Changed 5 years ago by Gert Döring

we really need this documented properly in 2.3 and git master...

comment:6 Changed 5 years ago by Gert Döring

Cc: plaisthos added

Arne, I think what we currently do is as follows:

  • in 2.3, we use the first address returned by getaddrinfo()
  • in 2.4, we use all addresses returned by getaddrinfo(), and try them in the order they are given to us

so in any case, the priorization (and potential randomization) of addresses is something between the libc implementation and the DNS server. Right?

comment:7 Changed 5 years ago by Gert Döring

in 2.3 branch:

commit 1f5668671992dced602e89634e1890711877fdc4
Author: Gert Doering <gert@…>

Correct note about DNS randomization in openvpn.8

comment:8 Changed 5 years ago by Gert Döring

Resolution: fixed
Status: assignedclosed

And now also in master:

commit 0322510375b5c54f63f5302b9088972d58b32b76
Author: Gert Doering <gert@…>

Correct note about DNS randomization in openvpn.8


Commit 4880739c17b502d00a removed DNS randomization, and the dual-stack
patches for 2.4 completely changed the getaddrinfo() result handling again,
but neither fact ever made it into the man page.

... and with that, I thank the original reporter for pointing it out, apologize for being so slow in working it in, and close the ticket :-)

Note: See TracTickets for help on using tickets.