Fatal error: No IPv4/IPv6 address(es) for "www.google.com" available (cygwin)

[KnightCoder]

Please make sure that you provide enough information so that we understand what your issue is about.

1. testssl version from the banner (testssl.sh -b 2>/dev/null | head -4 | tail -2) testssl.sh 2.9.5-4

2. what exactly was happening, output is needed

   
   ###########################################################
   testssl.sh       2.9.5-4 from https://testssl.sh/
   
     This program is free software. Distribution and
            modification under GPLv2 permitted.
     USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
   
      Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using "OpenSSL 1.0.2o 27 Mar 2018" [~125 ciphers] on DESKTOP-XXXXXXXXXX:/usr/bin/openssl (built: "reproducible build, date unspecified", platform: "Cygwin-x86_64")

Fatal error: No IPv4/IPv6 address(es) for "www.google.com" available

3. what did you expect instead?
SSL/TLS test results for www.google.com
4. steps to reproduce
I use Windows 10 OS so to run testssl.sh, I use Cygwin over Windows. 
   1. testssl.sh command line
 $ ./testssl.sh https://www.google.com
    1. if possible: target IP

    1. openssl version used (testssl.sh -b 2>/dev/null | head -16 | tail -3)
 testssl.sh       2.9.5-4 f
    1. your operating system (uname -a)
Windows 10

[drwetter]

Hi,

looks to me the resolver binary is the culprit. Can you check which one is being used by typing

• which dig
• which host
• which drill
• which nslookup

Thx, Dirk

-- Sent from my mobile. Excuse my brevity&typos+the phone's autocorrection

[KnightCoder]

$ which dig
which: no dig in (/usr/local/bin:/usr/bin:/cygdrive/...)

$ which host
which: no host in (/usr/local/bin:/usr/bin:/cygdrive/...)

$ which drill
which: no drill in (/usr/local/bin:/usr/bin:/cygdrive/...)

$ which nslookup
/cygdrive/c/WINDOWS/system32/nslookup

Please note that previously, I guess it was towards beginning of this year or may be by the end of last year I had used testssl.sh-2.9dev on Cygwin on the same machine and it had worked back then and I had got results. But only now it seemed to have stopped.

[drwetter]

Hi,

thx. Looks to me like the (system) nslookup has a different output than expected. I am pretty sure it worked under Windows 7 + cygwin and 10 + WSL at a point of time.

Could you do me a favor and just do a 'nslookup google.com' in a shell window?

For the time being I recommend installing a dns utility from cygwin like ~ldnsutils .

Thx, Dirk

-- Sent from my mobile. Excuse my brevity&typos+the phone's autocorrection

[KnightCoder]

nslookup google.com
Server:  brand.router
Address:  123.456.0.1

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4007:809::200e
          172.217.160.142

[drwetter]

No 'localhost' in the output - see your original mail? -- Sent from my mobile. Excuse my brevity&typos+the phone's autocorrection

[KnightCoder]

Sorry, my bad. Its not localhost but www.google.com. I've updated the question with the correct output. Please check now.

[drwetter]

Is there a linefeed between the IPv6 and IPv4 addresses?

[drwetter]

Sorry, that's not relevant here. Could you please do a nslookup -type=a google.com' and nslookup -querytype=a google.com and in a shell window?

[drwetter]

ping @KnightCoder

[KnightCoder]

@drwetter Sorry for the long delay in responding. Unfortunately I got tangled in something else. Please see the requested output of the queries.

nslookup -type=a google.com
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  172.217.163.78

And

nslookup -querytype=a google.com
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  172.217.163.110

[drwetter]

Thanks. I am ATM clueless as if I copy your output and feed it into the respective code, it returns the IP address as expected. Is what you originally reported still reproducible?

Independent on this: do you encounter often those timeouts? The link-local IPv6 address (fe80::11_ for a name server is kind of weird. You're sure there isn't a windows configuration problem ( --> ipconfig /all). But as said the previous output you sent me works.

[KnightCoder]

Is what you originally reported still reproducible?

Yes. It still reproducible.

do you encounter often those timeouts?

I'm not sure. I do not face this on regular usage.

You're sure there isn't a windows configuration problem ( --> ipconfig /all).

Sorry, I'm unsure. But if there is a way to verify and if you can guide me I can verify it.

testssI used to work for me like a charm. But now I suspect the past few Windows updates that could have done something. BTW, I'm on Windows 10. If there are anything more that you want me to verify, let me know. I would be glad to help this magnificent work.

[drwetter]

ipconfig /all should show your DNS server. My hope was that it says something different today as fe80::1

Anybody else with a W10 system + knowledge can assist?

[kschristianson]

I had same issue on W10 and Cygwin. What finally worked was using the --IP option, e.g., ./testssl.sh --ip=ip_address URI_name

[drwetter]

thx, @kschristianson . That shouldn't be necessary,

Anybody with a W10 installation and some system knowledge who can help debugging? (My W10 installation is dead atm)

[drwetter]

My W10 installation is back but I can't reproduce this. I am using WSL though. The point is probably more the nameserver. Independent on the issue I'd rather recommend using either drill or dig --> search for DNS in the list of packets might help.

To get this processed I would need debugging output. Maybe @KnightCoder, @kschristianson or anybody else experiencing this can help?

You maybe have to install script.

instruction:

1) prompt> script
2) prompt> SETX=true bash -x testssl.sh -p google.com
3) prompt> exit

Please post the resulting file typescript here or post a gist (https://gist.github.com/). If there's data in there which shouldn't be publicly available feel free to redact them before or send it to me (grep SWCONTACT testssl.sh)

[drwetter]

ping

[kschristianson]

Hey Dirk,

Sorry for not responding sooner. I will set aside some time this weekend to go through the steps above and post the results. I know that my W10 has applied several updates since I first had the issue -- we'll see if anything changes.

On Fri, Jan 4, 2019 at 10:18 AM Dirk Wetter notifications@github.com wrote:

ping

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/drwetter/testssl.sh/issues/1099#issuecomment-451524818, or mute the thread https://github.com/notifications/unsubscribe-auth/ApYXhKW9qLYHVfOQu8d6GHWQtdVmB5Cvks5u_5rrgaJpZM4Vylsj .

-- kenn.christianson@gmail.com h:425-485-3626 / c:206-618-9056

[drwetter]

Removed the milestone target. Will change it back if feedback is supplied.

[drwetter]

closing --> housekeeping

[Dejavu610]

Hi， I ran into the same problem. I use Windows 10 OS so to run testssl.sh, I use Cygwin over Windows. $ ./testssl.sh --debug=2 https://www.google.com

No engine or GOST support via engine with your /usr/bin/openssl

########################################################### testssl.sh 3.1dev from https://testssl.sh/dev/ (7e7458b 2021-11-16 17:28:14 -- )

  This program is free software. Distribution and
         modification under GPLv2 permitted.
  USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

   Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using "OpenSSL 1.1.1l 24 Aug 2021" [~110 ciphers] on DESKTOP-O7CSTGU:/usr/bin/openssl (built: "Oct 20 17:46:06 2021", platform: "Cygwin-x86_64")

www.google.com:443 URL_PATH: /

Fatal error: No IPv4/IPv6 address(es) for "www.google.com" available

DEBUG (level 2): see files in /tmp/testssl.h1j7ZB

[drwetter]

@KongLynn : thanks for your input but have you read above?

[Dejavu610]

Yeah，I used nslookup to get the IP address, and input ./testssl.sh https://IP. Then it worked.

[drwetter]

The point is (again) that I need more debugging info. I am not Santa Claus, so of nobody's handing that to me, I can't help and this stays closed.

[Dejavu610]

typescript.txt Hi, this is the resulting file typescript. But I'm not sure if my operation is correct.

[drwetter]

Thanks! That brings the whole thing a good step forward.

Could you please report back the output of

nslookup  a www.google.com
nslookup  -querytype=a www.google.com | awk '/^Address/ { getline; print $NF }
nslookup  -querytype=aaaa www.google.com | awk '/^Address/ { getline; print $NF }

And it would help tremendously if I know how to determine this special version of nslookup. Therefore I would need an output from a non-DNS lookup like nslookup \?, nslookup ?, nslookup /? nslookup -help or the like/

Thx, Dirk

[Dejavu610]

Hi，Dirk： Thanks for your reply. The output is as follows and I also tried other types of input:

$ nslookup a www.google.com DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 2404:6800:4005:81a::2004

DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out

$ nslookup -querytype=a www.google.com | awk '/^Address/ { getline; print $NF }>

^C

$ nslookup -querytype=aaaa www.google.com | awk '/^Address/ { getline; print $NF }

^C

$ nslookup www.google.com Server: UnKnown Address: 192.168.100.1

Non-authoritative answer: Name: www.google.com Addresses: 2404:6800:4005:81b::2004 142.251.12.106 142.251.12.105 142.251.12.103 142.251.12.104 142.251.12.147 142.251.12.99

$ nslookup \? Usage: nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server'

$ nslookup ? Usage: nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server'

$ nslookup /? Usage: nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server'

$ nslookup -help *** Invalid option: help Default Server: UnKnown Address: 192.168.100.1

[Dejavu610]

There is no output when enter the following : nslookup -querytype=a www.google.com | awk '/^Address/ { getline; print $NF } nslookup -querytype=aaaa www.google.com | awk '/^Address/ { getline; print $NF }

[drwetter]

Thanks, KongLynn,

sorry, the nslookup a www.google.com had a c/p error. (a). What puzzles my is the binary:

$ nslookup www.google.com Server: UnKnown

^^^^^^^^ unknown . Is that telling me your client doesn't have a clue about the DNS server?

Then: is $ nslookup -querytype=a www.google.com not working at all? (querytype?)

I don't have Cygwin anymore and my Windows 10 installation doesn't come with nslookup. I believe Win 7 did... So what does which nslookup return?

[Dejavu610]

Hi，Dirk： The $ nslookup -querytype=a www.google.com output： $ nslookup -querytype=a www.google.com Server: UnKnown Address: 192.168.100.1

Non-authoritative answer: Name: www.google.com Address: 172.217.24.68

The dns server is address is the ip of my router，so I guess the server name is unknown?

$ which nslookup /cygdrive/c/windows/system32/nslookup

[teward]

TL;DR:

@drwetter @KongLynn and others:

The "Server: UnKnown" response seen in cygwin is a red-herring in this case - it's Windows nslookup's response to "I got no PTR record so I don't know the (rDNS) hostname of the server", and Cygwin uses the Windows-shipped nslookup binary.

Ultimately, you are getting a DNS response, and it is a valid IP address for Google I believe. (the "UnKnown" is a red herring)

---

However, if you actually care for evidence of this and the explanation...

For awareness: "Server Name" is the rDNS of the IP address of the configured DNS server. Windows uses "UnKnown" for no-rDNS answers, Linux uses the IP address instead of UnKnown. This is a difference between nslookup on Linux and nslookup on Windows.

Even though you're using cygwin, when you're on Windows, it defaults to the Windows nslookup that is already shipped with Windows - this sounds like it's counter-intuitive but Cygwin isn't going to install a new version of nslookup when there's already a nearly identical good one in the Windows OS already (evidenced by /cygdrive/c/windows/system32/nslookup - this is a reference to C:\Windows\System32\nslookup.exe but in Cygwin/UNIX speak - it still uses the Windows nslookup tool)

Per this Server Fault answer, nslookup in Windows returns "UnKnown" in Windows' version of the nslookup tool. The Linux variant of the tool (bind9-dnsutils package in Ubuntu for example) tends to replace a "No PTR Available" response with just the IP address instead.

For the record, both my Linux laptop and Windows desktop were tethered to my phone here, and both systems received DHCP server records of 192.168.118.103 - the only reason I specifically define the server to query directly in Linux is because my Linux laptop routes through a locally run LXD server that has BIND9 to handle special DNS name lookup routing to certain other endpoints, which is too complicated to set up via straight DNS).

You can compare the output of the Linux and Windows commands accordingly here:

# Linux Output - note 192.168.118.103 is DHCP DNS, but because of the
# complex DNS setup on my laptop running through a local-run BIND9 
# instance, I specifically make it query the DHCP set DNS record.
$ nslookup -querytype=a google.com. 192.168.118.103
Server:     192.168.118.103
Address:    192.168.118.103#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.32.46

However, this is sometimes not the case with WIndows, where Windows just says "UnKnown" if there's no PTR record for the IP on the primary DNS.

# Windows (11) Output
# For parity sake, I am reusing the same Linux command here however Windows 
# does not have a complex DNS setup unlike my Linux laptop - this is just for parity/comparison sake.

> nslookup -querytype=a google.com. 192.168.118.103
Server:  UnKnown
Address:  192.168.118.103

Non-authoritative answer:
Name:    google.com
Address:  142.250.188.46

[Dejavu610]

Thanks,teward. Yes，it used the windows nslookup tool. So I changed the dns server address of the windows to 8.8.8.8, then the testssl.sh worked.

[drwetter]

Okay, @teward : thanks for the comparison and your help.

What I currently don't get is that in both cases nslookup -querytype=a google,com 2>/dev/null | awk '/^Name/ { getline; print $NF }' should return the A record.

According to @KongLynn's debug output is does not though:

|||||20341>     get_a_record(): nslookup -querytype=a www.google.com
|||||20341>     get_a_record(): awk '/^Name/ { getline; print $NF }'
[?25l[?25h||||20341>   get_a_record(): strip_lf ''
||||833>    strip_lf(): tr -d '\n'
||||833>    strip_lf(): tr -d '\r'
|||20341>   get_a_record(): filter_ip4_address
|||20229>   filter_ip4_address(): local a
||20341>    get_a_record(): ip4=
||20343>    get_a_record(): OPENSSL_CONF=
||20344>    get_a_record(): echo ''
|20530>     determine_ip_addresses(): ip4=

I suspect it is a DNS problem when he ran the scan. As he changed the DNS server it worked. The latter supports my suspicion which would boil down to that the cygwin binary has problems with DNS under some unknown circumstances.