mDNSResponder incorrectly appends search domain to expired CNAME requests with AlwaysAppendSearchDomains
| Originator: | robertof.public | ||
| Number: | rdar://FB13557971 | Date Originated: | 2024-01-24 |
| Status: | Potential fix identified - For a future OS update | Resolved: | |
| Product: | Networking Stack (filed under Wi-Fi) | Product Version: | |
| Classification: | Reproducible: |
mDNSResponder-2200.60.25.0.4 introduced a bug in CNAME resolution that can cause apps depending on SCNetworkReachability APIs to stop working.
The bug happens when the `AlwaysAppendSearchDomains` flag is enabled for mDNSResponder. This was true in a corp environment where I originally reproduced this issue.
When this flag is enabled, this issue occurs:
1. Try to resolve a domain (NOT ending with a dot) behind a CNAME with a short enough TTL. Observe the correct result being returned.
2. Wait for the CNAME TTL to expire.
3. Issue the same query. Observe mDNSResponder sending a DNS query to [domain].[network_search_domain].
This breaks apps that depend on SCNetworkReachability as well, like Spotify.
Here's an easy way to reproduce:
1. `sudo defaults write /Library/Preferences/com.apple.mDNSResponder.plist AlwaysAppendSearchDomains -bool yes`
2. scutil -W -r www.spotify.com
You should get:
```
0: direct
<SCNetworkReachability 0x142e04dc0 [0x1e57ef9a0]> {name = www.spotify.com}
Reachable
1: start
<SCNetworkReachability 0x142f04b40 [0x1e57ef9a0]> {name = www.spotify.com}
2: on runloop
<SCNetworkReachability 0x142f04b40 [0x1e57ef9a0]> {name = www.spotify.com (DNS query active), flags = 0x00000002, if_index = 18}
Reachable
*** 13:19:40.509
3: callback w/flags=0x00000002 (info="by name")
<SCNetworkReachability 0x142f04b40 [0x1e57ef9a0]> {name = www.spotify.com (complete, 35.186.224.25), flags = 0x00000002, if_index = 18}
Reachable
```
3. Wait 2 minutes.
4. Run it again. You should get:
```
0: direct
<SCNetworkReachability 0x140f04ef0 [0x1e57ef9a0]> {name = www.spotify.com}
Reachable
1: start
<SCNetworkReachability 0x140f051c0 [0x1e57ef9a0]> {name = www.spotify.com}
2: on runloop
<SCNetworkReachability 0x140f051c0 [0x1e57ef9a0]> {name = www.spotify.com (DNS query active), flags = 0x00000002, if_index = 18}
Reachable
*** 13:30:23.380
3: callback w/flags=0x00000002 (info="by name")
<SCNetworkReachability 0x140f051c0 [0x1e57ef9a0]> {name = www.spotify.com (in progress, 35.186.224.25), flags = 0x00000002, if_index = 18}
Reachable
*** 13:30:25.246
4: callback w/flags=0x00000000 (info="by name")
<SCNetworkReachability 0x140f051c0 [0x1e57ef9a0]> {name = www.spotify.com (complete, no addresses), flags = 0x00000000, if_index = 18}
Not Reachable
```
A query to `www.spotify.com.0.1.168.192.in-addr.arpa` was issued instead, which returned NXDOMAIN.
The bug was introduced in this commit in `ClientRequests.c`: https://github.com/apple-oss-distributions/mDNSResponder/commit/8acabead9ae56551011172d6835822a89c5298d6#diff-ba57d6f885054abc9054f72de8be0f1a10eb20d3c363294eeae5f5603fabd16f
I believe the issue is that line 479 should not advance the search domain. The querying logic already appends the search domain if the initial query fails. A potential fix:
```
-if (inQuestion->AppendSearchDomains && (op->searchListIndex >= 0))
+if (inQuestion->AppendSearchDomains && (op->searchListIndex >= 0) && (op->searchListIndexLast > 0))
```
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Reply from 'Apple Feedback':
There are changes in the latest update, build 23F5049f, that may have resolved this issue. You can see the software build your device is running and check for the latest update by clicking on the Apple logo in the upper left hand corner > About This Mac. If the build is not visible, click on the macOS version, e.g. 10.15.x, to reveal it.
Has this issue been resolved after installing the latest update? If not, please use Feedback Assistant to let us know you are still experiencing it.