Opened 11 years ago
Closed 10 years ago
#411 closed Bug / Defect (fixed)
Does not actually randomize DNS results
Reported by: | sthibault | Owned by: | Gert Döring |
---|---|---|---|
Priority: | minor | Milestone: | release 2.3.7 |
Component: | Documentation | Version: | OpenVPN 2.2.2 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | plaisthos |
Description
Hello,
The openvpn(8) manpage says
“If host is a DNS name which resolves to multiple IP addresses, one will be randomly chosen, providing a sort of basic load-balancing and failover capability.”
but that does not actually happen. I have notice that ticket #4 is “FRP - Feature Removal Process, closed, Do not randomize resolving of IP addresses in getaddr()”, so I guess that it is intentional.
At least the documentation should be updated, to avoid misleading people.
Change History (8)
comment:1 Changed 11 years ago by
Milestone: | → release 2.3.5 |
---|---|
Owner: | set to Gert Döring |
Status: | new → assigned |
comment:2 Changed 11 years ago by
In 2.4 (2.3 maybe too) this has been removed since it breaks the ipv4/ipv6 order selection of the operating system. In 2.4 it will iterate through all of them in the order returned from the operating system.
comment:3 Changed 10 years ago by
Milestone: | release 2.3.5 → release 2.3.6 |
---|
comment:4 Changed 10 years ago by
Milestone: | release 2.3.6 → release 2.3.7 |
---|
comment:6 Changed 10 years ago by
Cc: | plaisthos added |
---|
Arne, I think what we currently do is as follows:
- in 2.3, we use the first address returned by getaddrinfo()
- in 2.4, we use all addresses returned by getaddrinfo(), and try them in the order they are given to us
so in any case, the priorization (and potential randomization) of addresses is something between the libc implementation and the DNS server. Right?
comment:7 Changed 10 years ago by
in 2.3 branch:
commit 1f5668671992dced602e89634e1890711877fdc4
Author: Gert Doering <gert@…>
Correct note about DNS randomization in openvpn.8
comment:8 Changed 10 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
And now also in master:
commit 0322510375b5c54f63f5302b9088972d58b32b76
Author: Gert Doering <gert@…>
Correct note about DNS randomization in openvpn.8
Commit 4880739c17b502d00a removed DNS randomization, and the dual-stack
patches for 2.4 completely changed the getaddrinfo() result handling again,
but neither fact ever made it into the man page.
... and with that, I thank the original reporter for pointing it out, apologize for being so slow in working it in, and close the ticket :-)
Uh. I'll check what 2.3.4 and git master documentation says.
2.2.2 is fairly ancient, so we're not going to fix documentation bugs there.