dns lookups only half working in chroot

dns lookups only half working in chroot

am 09.09.2009 20:54:13 von Samuel Vogel

Hey guys,

I am cross-posting this to the PHP and the PHP-FPM lists, because both
are applicable in my opinion.

I have got a strange problem with my php-fpm chrooted PHP environment.
PHP is chrooted to /var/www/.

/var/www/etc looks like this:
# ls -al /var/www/etc/
insgesamt 20
drwxr-xr-x 2 root root 4096 9. Sep 20:33 .
drwxr-xr-x 5 root root 4096 9. Sep 20:10 ..
-rw-r--r-- 1 root root 265 9. Sep 20:12 hosts
-rw-r--r-- 1 root root 513 9. Sep 20:23 nsswitch.conf
-rw-r--r-- 1 root root 52 9. Sep 20:11 resolv.conf

I do run the following script:
echo gethostbyname('www.google.de')."\n";
print_r(dns_get_record('www.google.de', DNS_A))."\n";
?>

Which strangely outputs this:
www.google.de
Array
(
[0] => Array
(
[host] => www.l.google.com
[type] => A
[ip] => 74.125.43.147
[class] => IN
[ttl] => 172
)

[1] => Array
(
[host] => www.l.google.com
[type] => A
[ip] => 74.125.43.99
[class] => IN
[ttl] => 172
)

[2] => ....

I don't understand why the first lookup fails, but the second one succeeds.
Unfortunately thinks like fsockopen() seem to use the same technique as
gethostbyname(), so they don't work either.
Any pointers would be appreciated!

Regards,
Samy

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: dns lookups only half working in chroot

am 09.09.2009 21:40:03 von Ben Dunlap

> > echo gethostbyname('www.google.de')."\n";
> print_r(dns_get_record('www.google.de', DNS_A))."\n";
> ?>
[8<]
> I don't understand why the first lookup fails, but the second one succeeds.
> Unfortunately thinks like fsockopen() seem to use the same technique as
> gethostbyname(), so they don't work either.
> Any pointers would be appreciated!

PHP's gethostbyname() is a wrapper for the system call of the same
name, which may attempt to resolve the name using local mechanisms
(/etc/hosts, perhaps an internal cache, etc.) before resorting to a
DNS query. I've never studied any particular implementation of
gethostbyname(), but I wouldn't be surprised to find that in some
implementations it doesn't actually query DNS at all, but simply hands
off the name to another mechanism that queries DNS.

PHP's dns_get_record(), on the other hand, queries DNS using the
resolver(3) system calls. All it needs is a network connection and a
valid DNS server address.

So that should help explain why one can work while the other doesn't.
Not sure why gethostbyname() fails in your chroot environment, though.
I've seen situations where this has happened on my internal network,
but only fake hostnames that ended in ".local" were affected.

Ben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php