# jail getaddrinfo recvfrom hangs 5 seconds and returns "Name does not resolve"



## bvgdas (Feb 4, 2022)

Please help!
What is wrong in my configuration? Where to look for an error?
I had upgraded system to releng/12.3 but I got the same behaviour.



```
[root:~]# uname -a
FreeBSD hostname 12.2-RELEASE-p10 FreeBSD 12.2-RELEASE-p10 12803d8a99c(releng/12.2) CUSTOM amd64
```


on host machine:


```
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 1 mtu 1500
        options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
        ether 00:1b:21:d2:a5:b3
        inet 176.124.147.86 netmask 0xffffffc0 broadcast 176.124.147.127
        media: Ethernet 1000baseT (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
        ether 90:e2:ba:80:fc:a7
        inet 10.108.1.1 netmask 0xffffff00 broadcast 10.108.1.255
        inet 10.108.1.12 netmask 0xffffffff broadcast 10.108.1.12
        media: Ethernet 1000baseT (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
...
```


```
# cat /etc/jail.conf
ds {
        host.hostname = "ds";                 # Hostname
        ip4.addr = "10.108.1.12";             # IP address of the jail
        interface = "em1";
        exec.prestart = "";
        exec.poststop = "";
}
```


```
[root:~]# ipfw show
00100 4008317 3317890748 reass ip from any to any via em0
00200       0          0 check-state :default
00300 1433928  714756256 allow ip from any to any via em1
00400       0          0 allow ip from any to any via em2
00500  150274   42378685 allow ip from any to any via em3
00600       0          0 allow ip from any to any via em4
00700 1229804  474111138 allow ip from any to any via lo0
00800       2         92 nat 100 ip from 10.108.1.12 to any via em0
00900       0          0 allow ip from any to any frag
01000       0          0 deny ip from any to any not verrevpath via em0
01100       0          0 deny ip from any to any not antispoof via em0
01200    1577      85211 allow icmp from any to any
01300     124       6997 allow tcp from any to me 21 setup keep-state :default
01400    1127      61223 allow tcp from any to me 40000-50000 setup keep-state :default
01500     203      19907 allow tcp from any to me 5432 setup keep-state :default
01600       0          0 allow tcp from 10.0.0.0/8 to me 3306 setup keep-state :default
01700     155       9300 deny ip from me to any 25 setup keep-state :default
01800       2         80 deny ip from any to me 25 via em0 keep-state :default
01900   11933   11413892 allow tcp from me to any 80,443 setup keep-state :default
02000     155      18243 allow tcp from any to any 53 setup keep-state :default
02100   11458    2097558 allow udp from any to any 53 keep-state :default
02200   62610   49601879 allow tcp from any to me 80 setup limit src-addr 108 :default
02300 2336851 2496064782 allow tcp from any to me 443 setup limit src-addr 108 :default
02400    1685    1886569 allow tcp from any to me 8888 setup limit src-addr 108 :default
02500      29       1376 allow tcp from any to me 108,22 setup keep-state :default
02600       0          0 allow udp from me to any 123 keep-state :default
02700       0          0 deny ip from any to 0.0.0.0/8 via em0
02800       0          0 deny ip from any to 169.254.0.0/16 via em0
02900       0          0 deny ip from any to 192.0.2.0/24 via em0
03000       0          0 deny ip from any to 224.0.0.0/4 via em0
03100    7547     882381 deny ip from any to 240.0.0.0/4 via em0
03200       0          0 deny ip from table(0) to any
03300       0          0 deny log logamount 500 ip from me to table(1)
03400 1573073  755750158 nat 100 ip from any to any via em0
03500       0          0 deny log logamount 100000 ip from any to any
65535      14       1866 allow ip from any to any
```


```
[root:~]# sockstat -l4 | grep 53
unbound  unbound    83079 3  udp4   10.108.1.1:53         *:*
unbound  unbound    83079 4  tcp4   10.108.1.1:53         *:*
unbound  unbound    83079 5  udp4   10.108.1.12:53        *:*  <------------------
unbound  unbound    83079 6  tcp4   10.108.1.12:53        *:*
unbound  unbound    83079 7  udp4   10.108.2.1:53         *:*
unbound  unbound    83079 8  tcp4   10.108.2.1:53         *:*
unbound  unbound    83079 9  udp4   10.108.3.1:53         *:*
unbound  unbound    83079 10 tcp4   10.108.3.1:53         *:*
unbound  unbound    83079 15 udp4   127.0.0.1:53          *:*
unbound  unbound    83079 16 tcp4   127.0.0.1:53          *:*
unbound  unbound    83079 17 udp4   10.108.4.1:53         *:*
unbound  unbound    83079 18 tcp4   10.108.4.1:53         *:*
unbound  unbound    83079 20 tcp4   127.0.0.1:8953        *:*
nsd      nsd        82197 5  udp4   176.124.147.86:53     *:*
nsd      nsd        82197 6  tcp4   176.124.147.86:53     *:*
nsd      nsd        82196 5  udp4   176.124.147.86:53     *:*
nsd      nsd        82196 6  tcp4   176.124.147.86:53     *:*
nsd      nsd        60237 5  udp4   176.124.147.86:53     *:*
nsd      nsd        60237 6  tcp4   176.124.147.86:53     *:*
nsd      nsd        60236 5  udp4   176.124.147.86:53     *:*
nsd      nsd        60236 6  tcp4   176.124.147.86:53     *:*
```


inside jail ds:


```
➜  / ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 1 mtu 1500
        options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
        ether 00:1b:21:d2:a5:b3
        media: Ethernet 1000baseT (1000baseT <full-duplex>)
        status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=81209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
        ether 90:e2:ba:80:fc:a7
        inet 10.108.1.12 netmask 0xffffffff broadcast 10.108.1.12
        media: Ethernet 1000baseT (1000baseT <full-duplex>)
        status: active
```


```
➜  / getaddrinfo ya.ru
getaddrinfo: Name does not resolve
➜  /
```

result of tcpdump on host machine

```
# tcpdump -ilo0 port 53
12:32:57.975594 IP 10.108.1.12.57977 > 10.108.1.12.domain: 12187+ A? ya.ru. (23)
12:32:58.054052 IP 10.108.1.12.domain > 10.108.1.12.57977: 12187 1/0/0 A 87.250.250.242 (39)
12:33:02.982464 IP 10.108.1.12.57977 > 10.108.1.12.domain: 12187+ A? ya.ru. (23)
12:33:02.982574 IP 10.108.1.12.domain > 10.108.1.12.57977: 12187 1/0/0 A 87.250.250.242 (39)
12:33:13.038802 IP 10.108.1.12.24044 > 10.108.1.12.domain: 35156+ AAAA? ya.ru. (23)
12:33:13.112982 IP 10.108.1.12.domain > 10.108.1.12.24044: 35156 1/0/0 AAAA 2a02:6b8::2:242 (51)
12:33:18.041204 IP 10.108.1.12.24044 > 10.108.1.12.domain: 35156+ AAAA? ya.ru. (23)
12:33:18.041312 IP 10.108.1.12.domain > 10.108.1.12.24044: 35156 1/0/0 AAAA 2a02:6b8::2:242 (51)
```


This is a truss tracing of execution of getaddrinfo


```
0.003748492 mmap(0x0,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366791680 (0x8006ba000)
0.003790758 socket(PF_INET,SOCK_DGRAM|SOCK_CLOEXEC,0) = 3 (0x3)
0.003823702 connect(3,{ AF_INET 127.0.0.1:53 },16) = 0 (0x0)
0.003870634 sendto(3,"\M-l"\^A\0\0\^A\0\0\0\0\0\0\^Bya"...,23,0,NULL,0) = 23 (0x17)
0.214132672 poll({ 3/POLLRDNORM },1,5000)        = 1 (0x1)
0.214170561 recvfrom(3,"\M-l"\M^A\M^@\0\^A\0\^A\0\0\0\0"...,65536,0,{ AF_INET 10.108.1.12:53 },0x7fffffffcb78) = 39 (0x27)  <-------------------------------- 5 seconds
5.027590716 poll({ 3/POLLRDNORM },1,4789)        = 0 (0x0)
5.027711767 sendto(3,"\M-l"\^A\0\0\^A\0\0\0\0\0\0\^Bya"...,23,0,NULL,0) = 23 (0x17)
5.027788954 poll({ 3/POLLRDNORM },1,10000)       = 1 (0x1)
5.027819955 recvfrom(3,"\M-l"\M^A\M^@\0\^A\0\^A\0\0\0\0"...,65536,0,{ AF_INET 10.108.1.12:53 },0x7fffffffcb78) = 39 (0x27)
15.048610172 poll({ 3/POLLRDNORM },1,9999)       = 0 (0x0)
15.048707283 close(3)                            = 0 (0x0)
15.048752068 socket(PF_INET,SOCK_DGRAM|SOCK_CLOEXEC,0) = 3 (0x3)
15.048787800 connect(3,{ AF_INET 127.0.0.1:53 },16) = 0 (0x0)
15.048845592 sendto(3,"\M-a\M-s\^A\0\0\^A\0\0\0\0\0\0"...,23,0,NULL,0) = 23 (0x17)
15.057370310 poll({ 3/POLLRDNORM },1,5000)       = 1 (0x1)
15.057398968 recvfrom(3,"\M-a\M-s\M^A\M^@\0\^A\0\^A\0\0\0"...,65536,0,{ AF_INET 10.108.1.12:53 },0x7fffffffcb78) = 51 (0x33)
20.078299792 poll({ 3/POLLRDNORM },1,4991)       = 0 (0x0)
20.078428565 sendto(3,"\M-a\M-s\^A\0\0\^A\0\0\0\0\0\0"...,23,0,NULL,0) = 23 (0x17)
20.078507334 poll({ 3/POLLRDNORM },1,10000)      = 1 (0x1)
20.078537445 recvfrom(3,"\M-a\M-s\M^A\M^@\0\^A\0\^A\0\0\0"...,65536,0,{ AF_INET 10.108.1.12:53 },0x7fffffffcb78) = 51 (0x33)
30.096357048 poll({ 3/POLLRDNORM },1,9999)       = 0 (0x0)
30.096433347 close(3)                            = 0 (0x0)
```



```
➜  / drill ya.ru
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35596
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ya.ru.       IN      A

;; ANSWER SECTION:
ya.ru.  485     IN      A       87.250.250.242

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 23 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Feb  3 12:06:14 2022
;; MSG SIZE  rcvd: 39
➜  /
```

result of tcpdump on host machine

```
# tcpdump -ilo0 port 53
12:49:22.192933 IP 10.108.1.12.27080 > 10.108.1.12.domain: 38718+ A? ya.ru. (23)
12:49:22.193004 IP 10.108.1.12.domain > 10.108.1.12.27080: 38718 1/0/0 A 87.250.250.242 (39)
```


This is a truss tracing of execution of drill


```
0.006090504 mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34371297280 (0x800b06000)
0.006128069 socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP) = 3 (0x3)
0.006180969 sendto(3,"I\M-J\^A\0\0\^A\0\0\0\0\0\0\^Bya"...,23,0,{ AF_INET 127.0.0.1:53 },16) = 23 (0x17)
0.027699108 poll({ 3/POLLIN|POLLERR },1,5000)    = 1 (0x1)
0.027728641 fcntl(3,F_GETFL,)                    = 2 (0x2)
0.027752929 fcntl(3,F_SETFL,O_RDWR|O_NONBLOCK)   = 0 (0x0)
0.027778431 mmap(0x0,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34371301376 (0x800b07000)
0.027809207 recvfrom(3,"I\M-J\M^A\M^@\0\^A\0\^A\0\0\0\0"...,65535,0,NULL,0x0) = 39 (0x27)                                          <--------------------------
0.027876694 close(3)                             = 0 (0x0)
0.027948126 mmap(0x0,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34371371008 (0x800b18000)
0.027995761 access("/etc/localtime",R_OK)        = 0 (0x0)
0.028025320 open("/etc/localtime",O_RDONLY,011022134) = 3 (0x3)
0.028046004 fstat(3,{ mode=-r--r--r-- ,inode=3690184,size=1518,blksize=4096 }) = 0 (0x0)
0.028088605 read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 1518 (0x5ee)
0.028133640 close(3)                             = 0 (0x0)
0.028163254 mmap(0x0,24576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34371440640 (0x800b29000)
0.028186528 issetugid()                          = 0 (0x0)
0.028212318 open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) = 3 (0x3)
0.028232102 fstat(3,{ mode=-r--r--r-- ,inode=3699347,size=3519,blksize=4096 }) = 0 (0x0)
0.028255601 mmap(0x0,53248,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34371465216 (0x800b2f000)
0.028306604 read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 3519 (0xdbf)
0.028352460 close(3)                             = 0 (0x0)
```


It does not work sending and connecting outside from jail neither by name nor by ip address. The rest functionality works perfectly.
I can't imagine what is wrong.


----------



## AdrianAli (Feb 8, 2022)

10.108.1.12 netmask is /32 ?


----------



## bvgdas (Feb 8, 2022)

yes. this alias was created when first run jail.


----------



## bvgdas (Feb 8, 2022)

when /etc/resolv.conf in jail
nameserver 10.108.1.12 or nameserver 8.8.8.8
getaddrinfo works correctly.

when /etc/resolv.conf in jail
nameserver 127.0.0.1
getaddrinfo hangs on recvfrom with 5-10 seconds timeout.


It does not depend on unbound DNS resolver. I tried with other DNS resolver but behaviour is the same.


----------



## bvgdas (Feb 8, 2022)

Please. Add this comment of SirDice to manual pages of jail(8) and jail.conf(5)









						jail network interface lo
					

Hello. Please tell me. I have several jails, in jails you need to raise the lo0 interface. How should I do it? My system FreeBSD 11.3.




					forums.freebsd.org
				




Jails don't need a lo(4) interface. They'll work just fine without it. But keep in mind that there's no 127.0.0.1 to bind to, so you need to bind your services to the jail's IP specifically.


----------

