Hostnames resolution fails with "unknown host" error for hostnames containing utf-8 characters

Question

I am trying to ping a hostname "win-2k12r2-addc.阿伯测阿伯测ad.hai.com" from a linux client.

I see that DNS requests go over the wire with hostname being sent in utf-8 format and i get a response from the DNS server also with the correct IP address.

But ping fails with the following error : ping: unknown host win-2k12r2-addc.阿伯测阿伯测ad.hai.com

If i add an entry into /etc/hosts, it works fine
I have the following entries in /etc/hosts when it works. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
127.0.0.1 localhost ava-dev
::1 localhost
10.141.33.93 win-2k12r2-addc.阿伯测阿伯测ad.hai.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The /etc/nsswitch.conf file has the following entries for hosts.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
hosts: files dns
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I somewhat suspect that getaddrInfo() call fails when we try to resolve the address i.e it is not able to handle the DNS responses correctly for hostnames containing unicode characters.

Has anyone faced this issue before ? Or has anyone tried resolving a unicode hostname from a linux client ?

The reason i m suspecting getaddrinfo() is because of the following.
Apart from ping, i m trying the following ldap command to the same host and it fails with the below mentioned error
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ldapsearch -d 255 -x -h win-2k12r2-addc.阿伯测阿伯测ad.hai.com
ldap_create
ldap_url_parse_ext(ldap://win-2k12r2-addc.%E9%98%BF%E4%BC%AF%E6%B5%8B%E9%98%BF%E4%BC%AF%E6%B5%8Bad.hai.com)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP win-2k12r2-addc.阿伯测阿伯测ad.hai.com:389
ldap_connect_to_host: getaddrinfo failed: Name or service not known
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

In both the scenarios (ping / ldap), i see the DNS query request going to the DNS server and the correct response from the DNS server back to the linux client. The following is the value of the hostname sent in the DNS query

win-2k12r2-addc.\351\230\277\344\274\257\346\265\213\351\230\277\344\274\257\346\265\213ad.hai.com: type A, class IN

I'd expect things to be in IDNA format internally throughout, not raw UTF-8. — tripleee, Nov 30 '17 at 05:34
I checked the packet trace on both windows (where it works) and linux. The DNS query is being sent using utf-8 format on the wire. — Vignesh, Nov 30 '17 at 06:11
Hmmm, I can't even paste that host name into an Ubuntu Docker (probably some error of mine, it works fine if I paste it to the regular Bash command line on my Mac, but it doesn't resolve). — tripleee, Nov 30 '17 at 06:28
Just to make sure we are talking about the same thing, the IDNA host name here is `win-2k12r2-addc.xn--ad-tl3ca3569aba8944eca.hai.com`? I can't resolve that, either. — tripleee, Nov 30 '17 at 06:29
I know that some systems convert unicode to IDN format before sending over the wire. But i dont see that happening and i see that windows as well as linux is sending utf8 format over the wire. I see this going over the wire - win-2k12r2-addc.\351\230\277\344\274\257\346\265\213\351\230\277\344\274\257\346\265\213ad.hai.com — Vignesh, Nov 30 '17 at 06:32
Once I get that converted to a string I can actually resolve it, but the host name at the top of the page doesn't work for me when I copy/paste it. — tripleee, Nov 30 '17 at 06:35
Wait, I'm unable to repro that now. I can pass it to `dig` with `perl -e 'system("dig win-2k12r2-addc.\351\230\277\344\274\257\346\265\213\351\230\277\344\274\257\346\265\213ad.hai.com")'` but it doesn't resolve. — tripleee, Nov 30 '17 at 06:58
Its a internal host and not publicly accessible. But my question is more about whether resolution has any issues with hostname containing utf-8 characters — Vignesh, Nov 30 '17 at 07:59

score 0 · Answer 1 · answered Dec 10 '17 at 01:59

0

It looks like you are trying to use UTF-8 or unicode within the DNS system while the DNS system really doesn't like that. It wants ascii (See RFCs 5890, 5891, 5892, 5893 - but mostly 5891). Escaping the utf-8 characters does not turn them into the required ascii encoding, called punycode (prefixed by "xn--"). You want to use the version of your IDN that has punycode instead of the UTF-8:

ping win-2k12r2-addc.xn--ad-tl3ca3569aba8944eca.hai.com

answered Dec 10 '17 at 01:59

Castro Simplex

39
2

Using mxtoolbox.com, it looks like problems with the hai.com name server. Once it is actually working, make sure you have a cname or "a" record for "win-2k12r2-addc.xn--ad-tl3ca3569aba8944eca.hai.com" - be careful that you didn't paste unicode/utf8 into the DNS record. – Castro Simplex Jan 13 '18 at 00:34

Hostnames resolution fails with "unknown host" error for hostnames containing utf-8 characters

1 Answers1