-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can no longer detect NXDOMAIN/empty answer in Resolver queries #1171
Comments
We can make that more strongly typed. Not sure if we missed that in the review or if this is a new code path, but that’s probably the easiest fix for this. |
To give just a little bit of context, my application is SPF protocol implementation. For the SPF protocol I must be able to distinguish both the NXDOMAIN and the empty answer results from other errors. |
Understood. There are two error codes here, NxDomain and NoError. No error is the empty response, NxDomain is the authoritative non-existent domain. All we need to do is associate the proper error code to a real type in the errors. |
Due to hickory-dns/hickory-dns#1171, we cannot trust the DNS library to return typed NXDOMAIN errors. This change detects these errors by matching the error string. The default TTL is updated to 5s. Co-authored-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Eliza Weisman <eliza@buoyant.io>
@bluejekyll what issue does #1171 solve exactly? It seems to me that we can not have the |
@zaharidichev I'm sorry, I'm not fully understanding the way in which your suggesting to fix this. If you have a PR ready, I'm happy to take a look. One of the issues here is really a question of what |
For a little more context here. There are a number of things that make returning NXDomain accurately from the lookup call difficult. Off the top of my head:
So for the API change, I think we need to incorporate this, and also anticipate that NXDomain will only be semi-accurate for fqdns... |
@bluejekyll Sorry I might be missing a big part of the context here but it seems to me that before this commit |
Maybe I'm overthinking the issue here. Would it be enough to surface the error in this case directly with the ResponseCode? |
Yes I think this is what needs to happen. |
Let me work on a quick PR for this, perhaps there are some folks on this thread that would be interested in testing with it. Also, please notice the flag |
@zaharidichev @glts please see #1197, I believe this will fix the issue. I know remember why this wasn't correct before, I had punted on doing the type golf needed to support this. I need to take a pass to see if I can simplify any of the type signatures, but this should resolve the concerns here, I hope. |
@bluejekyll This is great. Thanks a lot for the fix! Is there any ETA on when a new release will be out including these changes? |
I will publish today. There are a few library deps I want to update first. |
@zaharidichev 0.20.0-alpha.2 has been published. |
Due to hickory-dns/hickory-dns#1171, we cannot trust the DNS library to return typed NXDOMAIN errors. This change detects these errors by matching the error string. The default TTL is updated to 5s. Co-authored-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Eliza Weisman <eliza@buoyant.io>
I have been using the synchronous
Resolver
to do DNS lookups and switching onResolveErrorKind::NoRecordsFound { .. }
to detect NXDOMAIN errors.This no longer works, instead I now get an untyped/generic protocol error:
I believe #1086 changed this, a breaking change. Is this intentional? How does one recognise NXDOMAIN/empty answers in the
Resolver
API?To reproduce:
The text was updated successfully, but these errors were encountered: