[stunnel-users] Temporary failure in name resolution (Michal Trojnara)

Fri Apr 29 18:13:39 CEST 2011

Phil Wieland wrote:
> I attach two strace reports, strace-good shows a successful use, 
> strace-bad shows it failing after a reboot.  In both cases I just telnet

> to localhost 55899, which gives the smtp server's banner in the good
case.

I analyzed your dumps and I was able to diagnose your problem.

Your stunnel.conf contains:
chroot = /var/lib/stunnel4/

Unfortunately this directory does not contain resolver configuration
files:
[pid  1548] open("/etc/resolv.conf", O_RDONLY) = -1 ENOENT (No such file
or directory)
[pid  1548] uname({sys="Linux", node="friedbread.liverpub.com", ...}) = 0
[pid  1548] open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such
file or directory)
[pid  1548] stat64("/etc/resolv.conf", 0xb74a424c) = -1 ENOENT (No such
file or directory)

As the result resolver tries to send its packets to INADDR_ANY:
[pid  1548] socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 13
[pid  1548] connect(13, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0

which of course fails:
[pid  1548] send(13,
"\257\271\1\0\0\1\0\0\0\0\0\0\4smtp\nblueyonder\2co\2"..., 39,
MSG_NOSIGNAL) = 39
[pid  1548] poll([{fd=13, events=POLLIN}], 1, 5000) = 1 ([{fd=13,
revents=POLLERR}])

> These are WITHOUT the suggested patch, I am not really equipped for 
> building on this server.

The patch should solve your problem by causing stunnel to wait until your
resolver is available before chroot(2) is executed.

Workarounds:
1. mkdir /var/lib/stunnel4/etc && cp /etc/resolv.conf
/var/lib/stunnel4/etc/
2. Use IP address instead of host names in your stunnel.conf
3. Add static IP address of your remote host to /etc/hosts

Best regards,
    Mike