net: use EDNS to increase DNS packet size

[ianlancetaylor]

Issue #51127 lists a bunch of cases where the Go DNS resolver has trouble because it follows RFC 1035 and only accepts 512 byte packets. https://go.dev/cl/385035 uses EDNS(0) to advertise that the resolver accepts a larger packet size, and accepts packets up that increased size (1232 bytes per https://dnsflagday.net/2020/). The CL is reported to fix the immediate problem found in #51127, that the Go resolver fails on WSL: #51127 (comment).

I would like to request a freeze exception to include https://go.dev/cl/385035 in the 1.18 release. If acceped for 1.18 I'll also open backport issues to earlier releases.

The CL should be safe. Accepting a larger packet size does not cause harm. EDNS(0) was designed to be backward compatible with DNS servers that don't understand it; per RFC 1035, released in 1987, they should just ignore it. EDNS(0) was first specified in RFC 2671 in 1999, and restated and refined in RFC 6891 in 2013. It is unlikely that there any DNS servers out there that can't at least ignore it.

CC @golang/release

[ianlancetaylor]

CC @mdempsky

[toothrot]

Although this is late in cycle, this is a small, focused change that we intend to backport regardless, which makes sense to accept.

We've discussed a bit and are supportive of merging this before the RC.

[mdempsky]

I agree that compliant DNS servers shouldn't have any issues with the use of EDNS. But the rationale for this CL is to accommodate non-compliant servers that send invalid responses, so it seems like we should also be mindful about non-compliant servers/firewalls that break EDNS.

Will there be more release candidates before Go 1.18? If so, I think including in Go 1.18 seems reasonable.

I'm not sure why this is important to backport though?

[toothrot]

Backporting is justified to me by the comments in "Miscellany" in #51127. This tooling is critical for some users, and forcing them to upgrade to (as of yet unreleased 1.18) isn't a great workaround. I assume this impacts the Go command as well.

[seankhliao]

The go command almost always links to libc, which means using the platform C resolver by default and not the netgo one.

[mateusz834]

@seankhliao

The go command almost always links to libc, which means using the platform C resolver by default and not the netgo one.

When compiled with libc, the net package decides at runtime whether to use cgo or go resolver

[ianlancetaylor]

@gopherbot Please open backport issues.

[gopherbot]

Backport issue(s) opened: #51161 (for 1.16), #51162 (for 1.17).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.