MiniDNS 0.2 is unable to discover the current links DNS servers on Android 8 Oreo
TGSMetaswitch opened this issue · 10 comments
On Android 8, minidns's attempts to find the phone's DNS settings by using "getprop net.dns*" fail due to the API changes discussed in the Android docs here.
This means that minidns falls back to its hardcoded public DNS IPs (e.g. '8.8.8.8' for IPv4). This results in non-public DNS records not resolving: for example, a record that exists in the DNS server provisioned via DHCP on the WiFi network that the phone is connected to.
The below logs are from an LGE Nexus 5X running Android 8. The phone is connected to the internet via WiFi. minidns version is 0.2.4, being used as part of Smack 4.2.0. The DNS resolution attempt is part of an attempt to form an XMPP connection (hence the log from org.jivesoftware.smack.util.DNSUtil that tells us that the lookup failed).
10-17 17:38:45.255 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns1"
10-17 17:38:45.256 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns2"
10-17 17:38:45.256 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns3"
10-17 17:38:45.256 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns4"
10-17 17:38:50.493 27602-27775/<redacted app id> I/DNSUtil: Could not resolve DNS SRV resource records for <redacted SRV record> Consider adding those.
10-17 17:38:50.523 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns1"
10-17 17:38:50.523 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns2"
10-17 17:38:50.523 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns3"
10-17 17:38:50.523 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns4"
10-17 17:38:55.759 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns1"
10-17 17:38:55.760 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns2"
10-17 17:38:55.760 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns3"
10-17 17:38:55.760 27602-27775/<redacted app id> E/libc: Access denied finding property "net.dns4"
If you step through this in the Android Studio debugger, the only DNS requests being sent are to Google's DNS server at 8.8.8.8, so no other mechanism is successful either.
"<redacted SRV record>" exists in the private DNS servers provisioned in the phone over DHCP - for example, the "DNS Lookup" PlayStore app can successfully resolve it using the 'Default' nameserver. Moreover, an Android 7 phone running the same application over the same WiFi network successfully resolves the record.
Right, I saw this coming. Possible solutions include:
- You could backport minidns-android21 to MiniDNS 0.2
As a slightly related side node: Using non-globally resolvable DNS RRs is usually always a bad idea.
We can use the minidns-android21 package as you mentioned above, adding this to the DNSClient on startup.
This works fine and we can now retrieve the DNS record, but there only seems to be 1 release for minidns-android21 (https://mvnrepository.com/artifact/de.measite.minidns/minidns-android21), which is not compatible with minidns-core v0.2.4, so we have had to make a local copy and alter it to be compatible.
Will new releases of minidns also release a minidns-android21 package?
Closing as this is fixed in MiniDNS 0.3
@Flowdalic , is the fix included in SMACK 4.0.0 alpha 2 snapshot? I tried it and the errors still exist on android 8
maven {
url 'https://igniterealtime.org/repo/'
}
//////////////////////smack///////////////////////////////////////
implementation "org.igniterealtime.smack:smack-android-extensions:4.4.0-alpha2-SNAPSHOT"
implementation "org.igniterealtime.smack:smack-experimental:4.4.0-alpha2-SNAPSHOT"
implementation "org.igniterealtime.smack:smack-tcp:4.4.0-alpha2-SNAPSHOT"
but delays in connection still exist and in the console
W/Timer-0: type=1400 audit(0.0:22124): avc: denied { read } for name="u:object_r:net_dns_prop:s0" dev="tmpfs" ino=1732 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:net_dns_prop:s0 tclass=file permissive=0
E/libc: Access denied finding property "net.dns1"
E/libc: Access denied finding property "net.dns2"
Access denied finding property "net.dns3"
Access denied finding property "net.dns4"
I/DNSUtil: Could not resolve DNS SRV resource records for _xmpp-client._tcp.edwaliro.com. Consider adding those.
W/Timer-0: type=1400 audit(0.0:22128): avc: denied { read } for name="u:object_r:net_dns_prop:s0" dev="tmpfs" ino=1732 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:net_dns_prop:s0 tclass=file permissive=0
E/libc: Access denied finding property "net.dns1"
E/libc: Access denied finding property "net.dns2"
E/libc: Access denied finding property "net.dns3"
E/libc: Access denied finding property "net.dns4"
W/Timer-0: type=1400 audit(0.0:22190): avc: denied { read } for name="u:object_r:net_dns_prop:s0" dev="tmpfs" ino=1732 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:net_dns_prop:s0 tclass=file permissive=0
E/libc: Access denied finding property "net.dns1"
E/libc: Access denied finding property "net.dns2"
Access denied finding property "net.dns3"
Access denied finding property "net.dns4"
You need to add minidns-android21 and install the AndroidUsingLinkProperties source
Thanks. For anyone else who comes across this
implementation 'de.measite.minidns:minidns-hla:0.2.4'
and before connecting..
AndroidUsingLinkProperties.setup(getApplicationContext);
//then continue with the usual connection to the xmpp server
xmppTcpConnection=new XMPPTCPConnection(cc);
Just a small correction to the above - AndroidUsingLinkProperties
doesn't exist in minidns-hla:0.2.4, this only exists in minidins-android21
version 0.3.0 and above, as @Flowdalic mentions.
So to include AndroidUsingLinkProperties, one needs
implementation "org.minidns:minidns-android21:0.3.4"
In my testing, however, this doesn't seem to work with Smack older
than 4.3.x, possibly due to the miniDNS namespace change (so
Smack 4.2.x keeps using the "old" resolver) but I haven't looked
into it that much.
Thanks to @deniswisedeniswise and @mck182, your input has been much of great value..
The following addresses failed: 'mim-dev.dt.handzap.com:5222' failed because: org.minidns.util.MultipleIoException: sendto failed: EPERM (Operation not permitted), failed to connect to /202.88.156.8 (port 53) from /192.168.0.2 (port 45674) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /202.88.156.6 (port 53) from /192.168.0.2 (port 48368) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /8.8.8.8 (port 53) from /192.168.0.2 (port 44270) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /2001:4860:4860::8888 (port 53) from /fe80::7ed6:61ff:fe14:41b (port 42156) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to g.root-servers.net/192.112.36.4 (port 53) from /192.168.0.2 (port 47702) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to i.root-servers.net/2001:7fe::53 (port 53) from /fe80::7ed6:61ff:fe14:41b (port 48008) after 5000ms
I m facing this issue. Can some one help
The following addresses failed: 'mim-dev.dt.handzap.com:5222' failed because: org.minidns.util.MultipleIoException: sendto failed: EPERM (Operation not permitted), failed to connect to /202.88.156.8 (port 53) from /192.168.0.2 (port 45674) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /202.88.156.6 (port 53) from /192.168.0.2 (port 48368) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /8.8.8.8 (port 53) from /192.168.0.2 (port 44270) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to /2001:4860:4860::8888 (port 53) from /fe80::7ed6:61ff:fe14:41b (port 42156) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to g.root-servers.net/192.112.36.4 (port 53) from /192.168.0.2 (port 47702) after 5000ms, sendto failed: EPERM (Operation not permitted), failed to connect to i.root-servers.net/2001:7fe::53 (port 53) from /fe80::7ed6:61ff:fe14:41b (port 48008) after 5000ms
I m facing this issue. Can some one help
I have added implementation "org.minidns:minidns-android21:0.3.4" and AndroidUsingLinkProperties also but its not working when device is in stanby mode