-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS resolver failure mode #39
Comments
I observe this in http-lwt-client with a DNS timeout even if I have a more responsive name server as second entry in resolv.conf. |
Hmm, so there are two ways forward I guess:
I'm a fan of (b1). And still undecided about (b2) or (a) -- while (b2) has the advantage that we won't have to mess around with it anymore, the disadvantage is that libc resolver is used (i.e. potential security issues, also using dns-client less leads to eventually more bugs in it). The disadvantage of (a) is that it is rather complicated (when to use tcp / when to use udp, and esp. in scenarios described above what the default should be and what the error behaviour should be). I remember that the dns-resolver code has some parts about retransmitting queries and using TCP if truncated etc. -- would be nice to leverage (maybe first test it more and debug issues) that code for reuse between dns-client and dns-resolver eventually. So, which path to take? Should we take a look at (b1) at least, from that point it'd be easier to move I suspect. (And both |
I don't know if this is helpfull at all, but i found that i can only connect to some servers at home using the http-lwt-client. i've tried some more it feels like two out of 10 work... i don't see any differences in the output of dig |
One thing... |
I think it is worthwhile to implement udp in dns-client-lwt either way. My mental model of this is that the DNS happy-eyeballs observes a successful TCP handshake and considers it a done deal. Then my resolver doesn't reply and the request times out. It seems no other nameservers are attempted since doing the TCP handshake is considered a success?! So I don't know if we should try to communicate back to happy-eyeballs "don't try this nameserver+port next". @gsportrix Can you test with |
@reynir So i tried different DNS 84.200.69.80 works sometimes with http-lwt-client sometimes not:
Dig outputs...
So for now it's just my silly homebox that does not work without any hints in dig... |
While this issue has not been addressed, since happy-eyeballs 1.0.0, http-lwt-client will use the standard I will leave this issue open, since it seems we still should improve the failure mode of the DNS client. |
On my home network the router listens on TCP port 53, but when querying the DNS resolver over TCP the resolver does not respond. This is (an annoying) failure mode we currently don't handle.
The text was updated successfully, but these errors were encountered: