Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

compiling with c-ares seems to break os x domain resolution?

From: Cole Varner via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 15 Jan 2020 16:46:07 -0800

I installed php 5.6 with homebrew on macOS 10.14 (mojave). One of its
dependencies is curl-openssl which is curl built with the following
configure flags:

--disable-debug
--disable-dependency-tracking
--disable-silent-rules
--prefix=#{prefix}
--enable-ares=#{Formula["c-ares"].opt_prefix}
--with-ca-bundle=#{etc}/openssl_at_1.1/cert.pem
--with-ca-path=#{etc}/openssl_at_1.1/certs
--with-gssapi
--with-libidn2
--with-libmetalink
--with-librtmp
--with-libssh2
--with-ssl=#{Formula["openssl_at_1.1"].opt_prefix}
--without-libpsl

When run in isolation, this build of cURL failed to resolve an internal
host using the VPN DNS.

$ /usr/local/opt/curl-openssl/bin/curl mydomain.com
curl: (6) Could not resolve: mydomain.com (Domain name not found)

The system cURL on the other hand works as expected and is built with the
following:

--enable-hidden-symbols
--enable-threaded-resolver
--with-gssapi
--with-ssl=/usr/local/libressl

This internal host is correctly resolved a browser. It cannot be resolved
using nslookup, host, or dig.

I solved my problem by uninstalling the homebrew curl and having php use
the system curl instead, but it begs the question why it broke in the first
place. I have read that macOS no longer uses /etc/resolv.conf and thought
perhaps that c-ares might rely on it exclusively? I can confirm that after
connecting to my corporate VPN, resolv.conf is unchanged.

#

# macOS Notice

#

# This file is not consulted for DNS hostname resolution, address

# resolution, or the DNS query routing mechanism used by most

# processes on this system.

#

# To view the DNS configuration used by this system, use:

# scutil --dns

#

# SEE ALSO

# dns-sd(1), scutil(8)

#

# This file is automatically generated.

#

domain home

nameserver 127.0.0.1

scutil on the other hand correctly lists my VPN DNS as a resolver:

$ scutil --dns

...

resolver #2

  search domain[0] : mydomain.com

  nameserver[0] : ...

  if_index : 12 (utun10)

  flags : Scoped, Request A records

  reach : 0x00000002 (Reachable)

Wondering if anyone can shed some light on how curl handles domain
resolution and why it would fail when built with c-ares?

Thanks,
Cole

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-16