Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Accessing room or inviting user from other homeserver gives 401 Unauthorized [aka duckdns.org is broken] #5882

Closed
MartenBE opened this issue Aug 19, 2019 · 15 comments
Closed

Accessing room or inviting user from other homeserver gives 401 Unauthorized [aka duckdns.org is broken] #5882

MartenBE opened this issue Aug 19, 2019 · 15 comments

Comments

@MartenBE
Copy link

Description

I have put up a homeserver with port 8448. This port is forwarded through the NAT and allowed through the firewall. I can login, use and register users using the Riot Web App. However, when trying to access rooms or invite users from other homeservers, the server errors.

#synapse:matrix.org is not accessible at this time.

Try again later, or ask a room admin to check if you have access.

M_UNKNOWN was returned while trying to access the room. If you think you're seeing this message in error, please submit a bug report.

https://federationtester.matrix.org/ shows everything OK for the server.

Steps to reproduce

  • Login to the server via riot.im
  • Try to access a room or invite a user from another homeserver (examples: @MartenBE:matrix.org or #synapse:matrix.org)
  • FAIL

homeserver.log


2019-08-19 22:01:37,148 - root - 226 - WARNING - None - ***** STARTING SERVER *****
2019-08-19 22:01:37,188 - root - 227 - WARNING - None - Server /usr/lib/python3.7/site-packages/synapse/app/homeserver.py version 1.2.1
2019-08-19 22:01:37,188 - root - 228 - INFO - None - Server hostname: martenbe.duckdns.org
2019-08-19 22:01:37,189 - twisted - 254 - INFO - None - Redirected stdout/stderr to logs
2019-08-19 22:01:37,232 - synapse.app.homeserver - 359 - INFO - None - Preparing database: sqlite3...
2019-08-19 22:01:37,239 - synapse.storage.prepare_database - 242 - INFO - None - Upgrading schema to v55
2019-08-19 22:01:37,240 - synapse.app.homeserver - 377 - INFO - None - Database prepared in sqlite3.
2019-08-19 22:01:37,240 - synapse.server - 233 - INFO - None - Setting up.
2019-08-19 22:01:37,255 - synapse.storage.event_push_actions - 500 - INFO - None - Searching for stream ordering 1 month ago
2019-08-19 22:01:37,256 - synapse.storage.event_push_actions - 505 - INFO - None - Found stream ordering 1 month ago: it's 2
2019-08-19 22:01:37,256 - synapse.storage.event_push_actions - 507 - INFO - None - Searching for stream ordering 1 day ago
2019-08-19 22:01:37,257 - synapse.storage.event_push_actions - 512 - INFO - None - Found stream ordering 1 day ago: it's 2
2019-08-19 22:01:37,259 - synapse.server - 237 - INFO - None - Finished setting up.
2019-08-19 22:01:37,291 - synapse.app.homeserver - 245 - WARNING -  - Starting daemon.
2019-08-19 22:01:37,292 - synapse.app.homeserver - 106 - INFO -  - Running
2019-08-19 22:01:37,293 - synapse.app.homeserver - 30 - INFO -  - Set file limit to: 524288
2019-08-19 22:01:37,297 - synapse.config.tls - 453 - INFO -  - Loading TLS key from /etc/letsencrypt/live/martenbe.duckdns.org-0001/privkey.pem
2019-08-19 22:01:37,300 - synapse.config.tls - 430 - INFO -  - Loading TLS certificate from /etc/letsencrypt/live/martenbe.duckdns.org-0001/fullchain.pem
2019-08-19 22:01:37,309 - synapse.federation.federation_server - 814 - INFO -  - Registering federation query handler for 'profile'
2019-08-19 22:01:37,310 - synapse.push.pusher - 41 - INFO -  - email enable notifs: False
2019-08-19 22:01:37,312 - synapse.federation.federation_server - 814 - INFO -  - Registering federation query handler for 'directory'
2019-08-19 22:01:37,313 - synapse.handlers.auth - 84 - INFO -  - Extra password_providers: []
2019-08-19 22:01:37,314 - synapse.federation.federation_server - 796 - INFO -  - Registering federation EDU handler for 'm.device_list_update'
2019-08-19 22:01:37,314 - synapse.federation.federation_server - 814 - INFO -  - Registering federation query handler for 'user_devices'
2019-08-19 22:01:37,333 - synapse.federation.federation_server - 796 - INFO -  - Registering federation EDU handler for 'm.presence'
2019-08-19 22:01:37,334 - synapse.federation.federation_server - 796 - INFO -  - Registering federation EDU handler for 'm.typing'
2019-08-19 22:01:37,338 - synapse.handlers.deactivate_account - 149 - INFO - user_parter_loop-0 - Starting user parter
2019-08-19 22:01:37,340 - synapse.federation.federation_server - 796 - INFO -  - Registering federation EDU handler for 'm.receipt'
2019-08-19 22:01:37,341 - synapse.federation.federation_server - 814 - INFO -  - Registering federation query handler for 'client_keys'
2019-08-19 22:01:37,343 - synapse.federation.federation_server - 796 - INFO -  - Registering federation EDU handler for 'm.direct_to_device'
2019-08-19 22:01:37,402 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.ClientRestResource object at 0x7fe059d31fd0> to path b'/_matrix/client/api/v1'
2019-08-19 22:01:37,402 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.ClientRestResource object at 0x7fe059d31fd0> to path b'/_matrix/client/r0'
2019-08-19 22:01:37,402 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.ClientRestResource object at 0x7fe059d31fd0> to path b'/_matrix/client/unstable'
2019-08-19 22:01:37,403 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.ClientRestResource object at 0x7fe059d31fd0> to path b'/_matrix/client/v2_alpha'
2019-08-19 22:01:37,403 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.ClientRestResource object at 0x7fe059d31fd0> to path b'/_matrix/client/versions'
2019-08-19 22:01:37,403 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.well_known.WellKnownResource object at 0x7fe059497490> to path b'/.well-known/matrix/client'
2019-08-19 22:01:37,403 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.admin.AdminRestResource object at 0x7fe059470610> to path b'/_synapse/admin'
2019-08-19 22:01:37,403 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching FilePath('/usr/lib/python3.7/site-packages/synapse/static') to path b'/_matrix/static'
2019-08-19 22:01:37,404 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.media.v1.media_repository.MediaRepositoryResource object at 0x7fe059442a50> to path b'/_matrix/media/r0'
2019-08-19 22:01:37,404 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.media.v1.media_repository.MediaRepositoryResource object at 0x7fe059442a50> to path b'/_matrix/media/v1'
2019-08-19 22:01:37,404 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.media.v0.content_repository.ContentRepoResource object at 0x7fe059470d50> to path b'/_matrix/content'
2019-08-19 22:01:37,404 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.federation.transport.server.TransportLayerServer object at 0x7fe0594ac6d0> to path b'/_matrix/federation'
2019-08-19 22:01:37,404 - synapse.util.httpresourcetree - 46 - INFO -  - Attaching <synapse.rest.key.v2.KeyApiV2Resource object at 0x7fe0594203d0> to path b'/_matrix/key/v2'
2019-08-19 22:01:37,407 - twisted - 254 - INFO -  - SynapseSite (TLS) starting on 8448
2019-08-19 22:01:37,408 - synapse.app - 47 - WARNING -  - Failed to listen on 0.0.0.0, continuing because listening on [::]
2019-08-19 22:01:37,408 - synapse.app.homeserver - 139 - INFO -  - Synapse now listening on TCP port 8448 (TLS)
2019-08-19 22:01:37,409 - synapse.storage.background_updates - 101 - INFO - background_updates-0 - Starting background schema updates
2019-08-19 22:01:37,411 - synapse.handlers.deactivate_account - 159 - INFO - user_parter_loop-0 - User parter finished: stopping
2019-08-19 22:01:37,463 - synapse.push.pusherpool - 237 - INFO - start_pushers-0 - Starting 0 pushers
2019-08-19 22:01:37,464 - synapse.push.pusherpool - 243 - INFO - start_pushers-0 - Started pushers
2019-08-19 22:01:38,412 - synapse.storage.background_updates - 114 - INFO - background_updates-0 - No more background updates to do. Unscheduling background update task.
2019-08-19 22:01:38,636 - synapse.access.https.8448 - 233 - INFO - GET-0 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/versions
2019-08-19 22:01:38,638 - synapse.access.https.8448 - 302 - INFO - GET-0 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 126B 200 "GET /_matrix/client/versions HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:38,851 - synapse.access.https.8448 - 233 - INFO - OPTIONS-1 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/joined_groups
2019-08-19 22:01:38,853 - synapse.access.https.8448 - 302 - INFO - OPTIONS-1 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/joined_groups HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:38,933 - synapse.access.https.8448 - 233 - INFO - OPTIONS-2 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/sync?filter=0&timeout=0&since=s18_54_0_1_5_1_1_6_1
2019-08-19 22:01:38,934 - synapse.access.https.8448 - 302 - INFO - OPTIONS-2 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.002sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/sync?filter=0&timeout=0&since=s18_54_0_1_5_1_1_6_1 HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,015 - synapse.access.https.8448 - 233 - INFO - GET-3 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/sync?filter=0&timeout=0&since=s18_54_0_1_5_1_1_6_1
2019-08-19 22:01:39,024 - synapse.util.caches.response_cache - 148 - INFO - GET-3 - [sync]: no cached result for [(@martenbe:martenbe.duckdns.org, 0, 's18_54_0_1_5_1_1_6_1', '0', False, 'XNKQIBRRCJ')], calculating new one
2019-08-19 22:01:39,024 - synapse.handlers.sync - 925 - INFO - GET-3 - Calculating sync response for @martenbe:martenbe.duckdns.org between StreamToken(room_key='s18', presence_key='54', typing_key='0', receipt_key='1', account_data_key='5', push_rules_key='1', to_device_key='1', device_list_key='6', groups_key='1') and StreamToken(room_key='s18', presence_key=55, typing_key=0, receipt_key=1, account_data_key=1, push_rules_key=1, to_device_key=1, device_list_key=6, groups_key=1)
2019-08-19 22:01:39,034 - synapse.access.https.8448 - 302 - INFO - GET-3 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.018sec/0.000sec (0.008sec, 0.001sec) (0.003sec/0.002sec/6) 480B 200 "GET /_matrix/client/r0/sync?filter=0&timeout=0&since=s18_54_0_1_5_1_1_6_1 HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,036 - synapse.access.https.8448 - 233 - INFO - GET-4 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/joined_groups
2019-08-19 22:01:39,039 - synapse.access.https.8448 - 302 - INFO - GET-4 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.002sec/0.000sec (0.001sec, 0.000sec) (0.000sec/0.000sec/1) 14B 200 "GET /_matrix/client/r0/joined_groups HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,132 - synapse.access.https.8448 - 233 - INFO - OPTIONS-5 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/joined_groups
2019-08-19 22:01:39,134 - synapse.access.https.8448 - 302 - INFO - OPTIONS-5 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/joined_groups HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,217 - synapse.access.https.8448 - 233 - INFO - OPTIONS-6 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/sync?filter=0&timeout=30000&since=s18_55_0_1_1_1_1_6_1
2019-08-19 22:01:39,224 - synapse.access.https.8448 - 302 - INFO - OPTIONS-6 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.006sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/sync?filter=0&timeout=30000&since=s18_55_0_1_1_1_1_6_1 HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,224 - synapse.metrics - 451 - INFO -  - Collecting gc 1
2019-08-19 22:01:39,249 - synapse.access.https.8448 - 233 - INFO - GET-7 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/joined_groups
2019-08-19 22:01:39,252 - synapse.access.https.8448 - 302 - INFO - GET-7 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.002sec/0.000sec (0.001sec, 0.000sec) (0.000sec/0.000sec/1) 14B 200 "GET /_matrix/client/r0/joined_groups HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:39,330 - synapse.access.https.8448 - 233 - INFO - GET-8 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/sync?filter=0&timeout=30000&since=s18_55_0_1_1_1_1_6_1
2019-08-19 22:01:39,333 - synapse.util.caches.response_cache - 148 - INFO - GET-8 - [sync]: no cached result for [(@martenbe:martenbe.duckdns.org, 30000, 's18_55_0_1_1_1_1_6_1', '0', False, 'XNKQIBRRCJ')], calculating new one
2019-08-19 22:01:41,847 - synapse.access.https.8448 - 233 - INFO - OPTIONS-9 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/thirdparty/protocols
2019-08-19 22:01:41,848 - synapse.access.https.8448 - 302 - INFO - OPTIONS-9 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/thirdparty/protocols HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:41,929 - synapse.access.https.8448 - 233 - INFO - GET-10 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/thirdparty/protocols
2019-08-19 22:01:41,931 - synapse.access.https.8448 - 302 - INFO - GET-10 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.001sec/0.001sec (0.002sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "GET /_matrix/client/r0/thirdparty/protocols HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:42,024 - synapse.access.https.8448 - 233 - INFO - OPTIONS-11 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/publicRooms
2019-08-19 22:01:42,026 - synapse.access.https.8448 - 302 - INFO - OPTIONS-11 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:42,106 - synapse.access.https.8448 - 233 - INFO - POST-12 - ::ffff:185.159.156.4 - 8448 - Received request: POST /_matrix/client/r0/publicRooms
2019-08-19 22:01:42,107 - synapse.handlers.room_list - 83 - INFO - POST-12 - Getting public room list: limit=20, since=None, search=False, network=ThirdPartyInstanceID(appservice_id=None, network_id=None)
2019-08-19 22:01:42,107 - synapse.util.caches.response_cache - 148 - INFO - POST-12 - [room_list]: no cached result for [(20, None, ThirdPartyInstanceID(appservice_id=None, network_id=None))], calculating new one
2019-08-19 22:01:42,110 - synapse.handlers.room_list - 197 - INFO - POST-12 - Getting ordering for 1 rooms since 18
2019-08-19 22:01:42,111 - synapse.handlers.room_list - 227 - INFO - POST-12 - After sorting and filtering, 1 rooms remain
2019-08-19 22:01:42,111 - synapse.handlers.room_list - 255 - INFO - POST-12 - Processing 1 rooms for result
2019-08-19 22:01:42,120 - synapse.handlers.room_list - 268 - INFO - POST-12 - Now 1 rooms in result
2019-08-19 22:01:42,121 - synapse.access.https.8448 - 302 - INFO - POST-12 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.015sec/0.000sec (0.005sec, 0.001sec) (0.002sec/0.001sec/3) 302B 200 "POST /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [6 dbevts]
2019-08-19 22:01:42,336 - synapse.handlers.typing - 86 - INFO -  - Checking for typing timeouts
2019-08-19 22:01:46,174 - synapse.access.https.8448 - 233 - INFO - OPTIONS-13 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/publicRooms
2019-08-19 22:01:46,175 - synapse.access.https.8448 - 302 - INFO - OPTIONS-13 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:46,256 - synapse.access.https.8448 - 233 - INFO - POST-14 - ::ffff:185.159.156.4 - 8448 - Received request: POST /_matrix/client/r0/publicRooms
2019-08-19 22:01:46,257 - synapse.handlers.room_list - 83 - INFO - POST-14 - Getting public room list: limit=20, since=None, search=True, network=ThirdPartyInstanceID(appservice_id=None, network_id=None)
2019-08-19 22:01:46,258 - synapse.handlers.room_list - 89 - INFO - POST-14 - Bypassing cache as search request.
2019-08-19 22:01:46,258 - synapse.handlers.room_list - 197 - INFO - POST-14 - Getting ordering for 1 rooms since 18
2019-08-19 22:01:46,259 - synapse.handlers.room_list - 227 - INFO - POST-14 - After sorting and filtering, 1 rooms remain
2019-08-19 22:01:46,259 - synapse.handlers.room_list - 255 - INFO - POST-14 - Processing 1 rooms for result
2019-08-19 22:01:46,260 - synapse.handlers.room_list - 268 - INFO - POST-14 - Now 0 rooms in result
2019-08-19 22:01:46,261 - synapse.access.https.8448 - 302 - INFO - POST-14 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.004sec/0.001sec (0.004sec, 0.000sec) (0.000sec/0.000sec/0) 45B 200 "POST /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:47,335 - synapse.handlers.typing - 86 - INFO -  - Checking for typing timeouts
2019-08-19 22:01:47,409 - synapse.storage.TIME - 377 - INFO -  - Total database time: 1.374% {_update_client_ips_batch(2): 0.687%, get_all_pushers(1): 0.496%, reap_monthly_active_users(1): 0.063%}
2019-08-19 22:01:47,812 - synapse.access.https.8448 - 233 - INFO - OPTIONS-15 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/publicRooms
2019-08-19 22:01:47,813 - synapse.access.https.8448 - 302 - INFO - OPTIONS-15 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:47,894 - synapse.access.https.8448 - 233 - INFO - POST-16 - ::ffff:185.159.156.4 - 8448 - Received request: POST /_matrix/client/r0/publicRooms
2019-08-19 22:01:47,895 - synapse.handlers.room_list - 83 - INFO - POST-16 - Getting public room list: limit=20, since=None, search=True, network=ThirdPartyInstanceID(appservice_id=None, network_id=None)
2019-08-19 22:01:47,895 - synapse.handlers.room_list - 89 - INFO - POST-16 - Bypassing cache as search request.
2019-08-19 22:01:47,896 - synapse.handlers.room_list - 197 - INFO - POST-16 - Getting ordering for 1 rooms since 18
2019-08-19 22:01:47,896 - synapse.handlers.room_list - 227 - INFO - POST-16 - After sorting and filtering, 1 rooms remain
2019-08-19 22:01:47,897 - synapse.handlers.room_list - 255 - INFO - POST-16 - Processing 1 rooms for result
2019-08-19 22:01:47,897 - synapse.handlers.room_list - 268 - INFO - POST-16 - Now 0 rooms in result
2019-08-19 22:01:47,899 - synapse.access.https.8448 - 302 - INFO - POST-16 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.004sec/0.001sec (0.003sec, 0.001sec) (0.000sec/0.000sec/0) 45B 200 "POST /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:50,674 - synapse.access.https.8448 - 233 - INFO - OPTIONS-17 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/publicRooms
2019-08-19 22:01:50,676 - synapse.access.https.8448 - 302 - INFO - OPTIONS-17 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:50,756 - synapse.access.https.8448 - 233 - INFO - POST-18 - ::ffff:185.159.156.4 - 8448 - Received request: POST /_matrix/client/r0/publicRooms
2019-08-19 22:01:50,757 - synapse.handlers.room_list - 83 - INFO - POST-18 - Getting public room list: limit=20, since=None, search=True, network=ThirdPartyInstanceID(appservice_id=None, network_id=None)
2019-08-19 22:01:50,758 - synapse.handlers.room_list - 89 - INFO - POST-18 - Bypassing cache as search request.
2019-08-19 22:01:50,758 - synapse.handlers.room_list - 197 - INFO - POST-18 - Getting ordering for 1 rooms since 18
2019-08-19 22:01:50,759 - synapse.handlers.room_list - 227 - INFO - POST-18 - After sorting and filtering, 1 rooms remain
2019-08-19 22:01:50,759 - synapse.handlers.room_list - 255 - INFO - POST-18 - Processing 1 rooms for result
2019-08-19 22:01:50,760 - synapse.handlers.room_list - 268 - INFO - POST-18 - Now 0 rooms in result
2019-08-19 22:01:50,761 - synapse.access.https.8448 - 302 - INFO - POST-18 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.004sec/0.001sec (0.004sec, 0.000sec) (0.000sec/0.000sec/0) 45B 200 "POST /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:52,335 - synapse.handlers.typing - 86 - INFO -  - Checking for typing timeouts
2019-08-19 22:01:53,987 - synapse.access.https.8448 - 233 - INFO - OPTIONS-19 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/publicRooms
2019-08-19 22:01:53,989 - synapse.access.https.8448 - 302 - INFO - OPTIONS-19 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:54,069 - synapse.access.https.8448 - 233 - INFO - POST-20 - ::ffff:185.159.156.4 - 8448 - Received request: POST /_matrix/client/r0/publicRooms
2019-08-19 22:01:54,070 - synapse.handlers.room_list - 83 - INFO - POST-20 - Getting public room list: limit=20, since=None, search=True, network=ThirdPartyInstanceID(appservice_id=None, network_id=None)
2019-08-19 22:01:54,070 - synapse.handlers.room_list - 89 - INFO - POST-20 - Bypassing cache as search request.
2019-08-19 22:01:54,071 - synapse.handlers.room_list - 197 - INFO - POST-20 - Getting ordering for 1 rooms since 18
2019-08-19 22:01:54,072 - synapse.handlers.room_list - 227 - INFO - POST-20 - After sorting and filtering, 1 rooms remain
2019-08-19 22:01:54,072 - synapse.handlers.room_list - 255 - INFO - POST-20 - Processing 1 rooms for result
2019-08-19 22:01:54,072 - synapse.handlers.room_list - 268 - INFO - POST-20 - Now 0 rooms in result
2019-08-19 22:01:54,074 - synapse.access.https.8448 - 302 - INFO - POST-20 - ::ffff:185.159.156.4 - 8448 - {@martenbe:martenbe.duckdns.org} Processed request: 0.004sec/0.001sec (0.004sec, 0.000sec) (0.000sec/0.000sec/0) 45B 200 "POST /_matrix/client/r0/publicRooms HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:56,467 - synapse.access.https.8448 - 233 - INFO - OPTIONS-21 - ::ffff:185.159.156.4 - 8448 - Received request: OPTIONS /_matrix/client/r0/directory/room/%23synapse%3Amatrix.org
2019-08-19 22:01:56,468 - synapse.access.https.8448 - 302 - INFO - OPTIONS-21 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.001sec/0.001sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 2B 200 "OPTIONS /_matrix/client/r0/directory/room/%23synapse%3Amatrix.org HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:01:56,549 - synapse.access.https.8448 - 233 - INFO - GET-22 - ::ffff:185.159.156.4 - 8448 - Received request: GET /_matrix/client/r0/directory/room/%23synapse%3Amatrix.org
2019-08-19 22:01:56,553 - synapse.http.matrixfederationclient - 404 - INFO - GET-22 - {GET-O-1} [matrix.org] Sending request: GET matrix://matrix.org/_matrix/federation/v1/query/directory?room_alias=%23synapse%3Amatrix.org; timeout 10.000000s
2019-08-19 22:01:56,554 - synapse.http.federation.matrix_federation_agent - 335 - INFO - GET-22 - Fetching https://matrix.org/.well-known/matrix/server
2019-08-19 22:01:56,720 - synapse.http.federation.matrix_federation_agent - 351 - INFO - GET-22 - Error fetching https://matrix.org/.well-known/matrix/server: Non-200 response 404
2019-08-19 22:01:56,721 - twisted - 254 - INFO - GET-22 - b'/etc/resolv.conf' changed, reparsing
2019-08-19 22:01:56,721 - twisted - 254 - INFO - GET-22 - Resolver added ('192.168.1.1', 53) to server list
2019-08-19 22:01:56,741 - synapse.http.federation.matrix_federation_agent - 385 - INFO - GET-22 - Connecting to matrix.org.cdn.cloudflare.net:8443
2019-08-19 22:01:57,336 - synapse.handlers.typing - 86 - INFO -  - Checking for typing timeouts
2019-08-19 22:01:57,409 - synapse.storage.TIME - 377 - INFO -  - Total database time: 0.009% {get_destination_retry_timings(1): 0.008%, _update_client_ips_batch(2): 0.001%, stats_stream_pos(0): 0.000%}
2019-08-19 22:01:57,433 - synapse.http.matrixfederationclient - 436 - INFO - GET-22 - {GET-O-1} [matrix.org] Got response headers: 401 Unauthorized
2019-08-19 22:01:57,434 - synapse.http.matrixfederationclient - 520 - WARNING - GET-22 - {GET-O-1} [matrix.org] Request failed: GET matrix://matrix.org/_matrix/federation/v1/query/directory?room_alias=%23synapse%3Amatrix.org: HttpResponseException("401: b'Unauthorized'")
2019-08-19 22:01:57,435 - root - 253 - WARNING - GET-22 - Error retrieving alias
2019-08-19 22:01:57,436 - synapse.http.server - 108 - ERROR - GET-22 - Failed handle request via 'ClientDirectoryServer': <SynapseRequest at 0x7fe0594b1c90 method='GET' uri='/_matrix/client/r0/directory/room/%23synapse%3Amatrix.org' clientproto='HTTP/1.1' site=8448>
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/synapse/http/server.py", line 76, in wrapped_request_handler
    await h(self, request)
  File "/usr/lib/python3.7/site-packages/synapse/http/server.py", line 315, in _async_render
    callback_return = await callback_return
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/logging/opentracing.py", line 480, in _trace_servlet_inner
    result = yield defer.maybeDeferred(func, request, *args, **kwargs)
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/rest/client/v1/directory.py", line 55, in on_GET
    res = yield dir_handler.get_association(room_alias)
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/handlers/directory.py", line 250, in get_association
    ignore_backoff=True,
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/federation/transport/client.py", line 201, in make_query
    ignore_backoff=ignore_backoff,
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/http/matrixfederationclient.py", line 774, in get_json
    timeout=timeout,
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib64/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "/usr/lib/python3.7/site-packages/synapse/http/matrixfederationclient.py", line 241, in _send_request_with_optional_trailing_slash
    response = yield self._send_request(request, **send_request_args)
  File "/usr/lib64/python3.7/site-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks
    result = g.send(result)
  File "/usr/lib/python3.7/site-packages/synapse/http/matrixfederationclient.py", line 475, in _send_request
    raise e
synapse.api.errors.HttpResponseException: 401: b'Unauthorized'
2019-08-19 22:01:57,440 - synapse.access.https.8448 - 302 - INFO - GET-22 - ::ffff:185.159.156.4 - 8448 - {None} Processed request: 0.890sec/0.001sec (0.035sec, 0.001sec) (0.001sec/0.001sec/1) 55B 500 "GET /_matrix/client/r0/directory/room/%23synapse%3Amatrix.org HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" [0 dbevts]
2019-08-19 22:02:02,336 - synapse.handlers.typing - 86 - INFO -  - Checking for typing timeouts

Version information

If not matrix.org:

  • Version: 1.2.1

  • Install method: dnf install matrix-synapse

  • Platform: Fedora Server 30
@aaronraimist
Copy link
Contributor

Federation between my server and martenbe.duckdns.org works (I was able to join a room on martenbe.duckdns.org and @MartenBE was able to join a room on my server) so it seems to be a matrix.org specific issue.

@richvdh
Copy link
Member

richvdh commented Aug 20, 2019

matrix.org seems to be having trouble decoding the response from the DNS server for the SRV record:

2019-08-19 20:01:57,353 - synapse.http.matrixfederationclient - 485 - WARNING - GET-86108 - {GET-O-139} [martenbe.duckdns.org] Request failed: GET matrix://martenbe.duckdns.org/_matrix/key/v2/server/ed25519%3Aa_hYAw: DNSServerError(<Message id=58046 rCode=2 maxSize=0 flags=answer,recDes,recAv queries=[Query('_matrix._tcp.martenbe.duckdns.org', 33, 1)]>)

which is because we get an error when looking up your SRV record:

rav@fred:~$ dig @8.8.8.8 -t SRV _matrix._tcp.martenbe.duckdns.org

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @8.8.8.8 -t SRV _matrix._tcp.martenbe.duckdns.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61560
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

(note SERVFAIL)

which I think is because you have an A record where there should be a SRV record (or nothing):

rav@fred:~$ dig @ns1.duckdns.org +answer -t SRV _matrix._tcp.martenbe.duckdns.org
...
_matrix._tcp.martenbe.duckdns.org. 60 IN A	91.182.77.67

@richvdh richvdh closed this as completed Aug 20, 2019
@MartenBE
Copy link
Author

I use duckdns.org, which allows for random subdomains. This is probably the cause then. As I cannot alter this, is there any workaround possible?

@MartenBE
Copy link
Author

MartenBE commented Aug 20, 2019
edited

The presence of the A record was indeed the problem. I went for a memberschip with dynu.com where I could use a ddns with wild cards and added an SRV record to prevent matrix from getting confused from the wildcard A record. Now everything works!

Hostname                                   Type    Data                                                 TTL
--------------------------------------------------------------------------------------------------------------
*.martenbe.freeddns.org                    A       123.456.78.90                                        120    # Allows subdomains
_matrix._tcp.martenbe.freeddns.org         SRV     martenbe.freeddns.org [Priority: 10] [Weight: 5]     3600   # Makes sure federation isn't confused by the wildcard A record at _matrix._tcp.martenbe.freeddns.org (Important!)

@richvdh
Copy link
Member

richvdh commented Aug 21, 2019

Glad you got it sorted. To reiterate, it's google's public DNS servers (8.8.8.8) which were flagging the error here, rather than synapse itself. In theory we could make the matrix protocol treat a DNS error the same as the absence of a DNS record, but I'm not sure that's the right thing to do.

@MartenBE MartenBE mentioned this issue Aug 21, 2019
Open
@MartenBE
Copy link
Author

MartenBE commented Aug 21, 2019
edited

Glad you got it sorted. To reiterate, it's google's public DNS servers (8.8.8.8) which were flagging the error here, rather than synapse itself. In theory we could make the matrix protocol treat a DNS error the same as the absence of a DNS record, but I'm not sure that's the right thing to do.

That indeed doen't seem to be the best solution. It would help enough if the matrix federation tester could detect this as an error. I have opened an issue at matrix-org/matrix-federation-tester#92.

@Linuxine
Copy link

Linuxine commented Oct 29, 2019
edited

Hi, I have exactly the same issue, I have setup the federation, and https://federationtester.matrix.org/ says everything is fine, but I am not able to list the rooms on the matrix.org server, or invite someone from this server, I get an error, and on my server the logs indicate
synapse.api.errors.HttpResponseException: 401: b'Unauthorized'

I have tried to set a SRV field

_matrix._tcp.mydomain.com | 0 | SRV | 10 0 8448 mydomain.com
but it does not seems to change anything.

My apache configuration for this port is

<VirtualHost *:8448>

 SSLEngine on
 AllowEncodedSlashes NoDecode
 ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
 ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix

Am I missing something obvious here ? Thanks a lot for the help !

@MartenBE
Copy link
Author

Try setting _matrix._tcp.mydomain.com as an SRV field (notice the underscore in _matrix)

@Linuxine
Copy link

Try setting _matrix._tcp.mydomain.com as an SRV field (notice the underscore in _matrix)

Sorry, bad copy paste, my SRV field is indeed on _matrix._tcp

@Linuxine
Copy link

Hi think it was an issue with DNS propagation, now it works ! I can correctly federate with matrix.org :D

@richvdh richvdh mentioned this issue Dec 22, 2019
Closed
@Faberix
Copy link

Faberix commented Apr 21, 2020

I have a similar Problem: I also get 401 Unauthorized when trying to enter a room on matrix.org; the federation tester says that everything is ok. I do not have an SRV record and cannot create one.
Looking up the SRV record returns a NXDomain, not a Servefail.
My certificate is from letsencrypt and it works, at least for matrix client connections to port 8448 and for the Nextcloud running on port 443.
The output of dig is the following (where I substituted "servername" for the actual server name):
`dig @8.8.8.8 -t SRV _matrix._tcp.servername.internet-box.ch

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @8.8.8.8 -t SRV _matrix._tcp.servername.internet-box.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_matrix._tcp.servername.internet-box.ch. IN SRV

;; AUTHORITY SECTION:
internet-box.ch. 299 IN SOA ns1.internet-box.ch. CMI-ABO.APO.swisscom.com. 2015021601 36000 3600 1814400 300

;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Di Apr 21 17:17:32 CEST 2020
;; MSG SIZE rcvd: 135`

The Output of the normal dig, without the SRV option, is:
`dig @8.8.8.8 servername.internet-box.ch

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @8.8.8.8 servername.internet-box.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55213
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;servername.internet-box.ch. IN A

;; ANSWER SECTION:
servername.internet-box.ch. 299 IN A

;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Di Apr 21 18:56:00 CEST 2020
;; MSG SIZE rcvd: 74
`

Actually, according to the section "Resolving server names" in https://matrix.org/docs/spec/server_server/latest, it should work; it should fall back to 5., as the .well-known will not be found because I have a Nextcloud instance running on port 443. And as there is an A record for my address, 5. should work.

Server names are resolved to an IP address and port to connect to, and have various conditions affecting which certificates and Host headers to send. The process overall is as follows:

1. If the hostname is an IP literal, then that IP address should be used, together with the given port number, or 8448 if no port is given. The target server must present a valid certificate for the IP address. The Host header in the request should be set to the server name, including the port if the server name included one.
2. If the hostname is not an IP literal, and the server name includes an explicit port, resolve the IP address using AAAA or A records. Requests are made to the resolved IP address and given port with a Host header of the original server name (with port). The target server must present a valid certificate for the hostname.
3. If the hostname is not an IP literal, a regular HTTPS request is made to https://<hostname>/.well-known/matrix/server, expecting the schema defined later in this section. 30x redirects should be followed, however redirection loops should be avoided. Responses (successful or otherwise) to the /.well-known endpoint should be cached by the requesting server. Servers should respect the cache control headers present on the response, or use a sensible default when headers are not present. The recommended sensible default is 24 hours. Servers should additionally impose a maximum cache time for responses: 48 hours is recommended. Errors are recommended to be cached for up to an hour, and servers are encouraged to exponentially back off for repeated failures. The schema of the /.well-known request is later in this section. If the response is invalid (bad JSON, missing properties, non-200 response, etc), skip to step 4. If the response is valid, the m.server property is parsed as <delegated_hostname>[:<delegated_port>] and processed as follows: [skipped that part as it is not relevant here]
4. If the /.well-known request resulted in an error response, a server is found by resolving an SRV record for _matrix._tcp.<hostname>. This may result in a hostname (to be resolved using AAAA or A records) and port. Requests are made to the resolved IP address and port, using 8448 as a default port, with a Host header of <hostname>. The target server must present a valid certificate for <hostname>.
5. If the /.well-known request returned an error response, and the SRV record was not found, an IP address is resolved using AAAA and A records. Requests are made to the resolved IP address using port 8448 and a Host header containing the <hostname>. The target server must present a valid certificate for <hostname>.

Either I have missed something or matrix.org is not following it's own specifications.

In case anyone with access to the matrix.org-logs wants to take a look at it, please tell me how you would like me to send it to you (I don't want it to be on a webpage that everyone can see).

@clokep
Copy link
Contributor

clokep commented Apr 21, 2020

@Faberix I suggest you file a separate issue if you're having a problem, but you should be able to check if federation is working using the federation tester (https://federationtester.matrix.org/), additionally it might help to ask in #synapse:matrix.org.

@Faberix
Copy link

Faberix commented May 1, 2020

It turned out that all DNS servers return NXDomain; there is at least one that returns a SERVEFAIL, so it is probably exactly the same problem. See in https://community.swisscom.ch/t5/HomepageTool-Hosting/SRV-Eintrag/m-p/613261?campID=NL_CMY_SUBSCNOT_CTA#M715 for more information (it is in German, if you don't understand it, use a translator).
What DNS Server(s) does matrix.org use? Maybe it would be a good idea to fall back to another DNS server when a SERVEFAIL happens...
The federation tester says that everything is ok.

@Faberix
Copy link

Faberix commented May 11, 2020

I have found a solution: Using /.well-known/server, it is possible to bypass the check for the SRV record, if you explicitly state the port number in the .well-known response (even if it is the default port). Now federation works.
If you are using nginx, like me, you can do that by adding the following to your configuration:
location /.well-known/matrix/server { access_log off; add_header Access-Control-Allow-Origin *; return 200 '{"m.server": "your.server.name:portnumber"}'; }
This needs to be accessible on port 443 via https, so if you have something else running there, either forward it to the correct destination or directly add the .well-known on the server running on port 443.

Just for completeness, this is the relevant part of the matrix specification:

If the hostname is not an IP literal, a regular HTTPS request is made to https:///.well-known/matrix/server, expecting the schema defined later in this section. 30x redirects should be followed, however redirection loops should be avoided. Responses (successful or otherwise) to the /.well-known endpoint should be cached by the requesting server. Servers should respect the cache control headers present on the response, or use a sensible default when headers are not present. The recommended sensible default is 24 hours. Servers should additionally impose a maximum cache time for responses: 48 hours is recommended. Errors are recommended to be cached for up to an hour, and servers are encouraged to exponentially back off for repeated failures. The schema of the /.well-known request is later in this section. If the response is invalid (bad JSON, missing properties, non-200 response, etc), skip to step 4. If the response is valid, the m.server property is parsed as <delegated_hostname>[:<delegated_port>] and processed as follows:

If <delegated_hostname> is an IP literal, then that IP address should be used together with the <delegated_port> or 8448 if no port is provided. The target server must present a valid TLS certificate for the IP address. Requests must be made with a Host header containing the IP address, including the port if one was provided.
If <delegated_hostname> is not an IP literal, and <delegated_port> is present, an IP address is discovered by looking up an AAAA or A record for <delegated_hostname>. The resulting IP address is used, alongside the <delegated_port>. Requests must be made with a Host header of <delegated_hostname>:<delegated_port>. The target server must present a valid certificate for <delegated_hostname>.
If <delegated_hostname> is not an IP literal and no <delegated_port> is present, an SRV record is looked up for _matrix._tcp.<delegated_hostname>. This may result in another hostname (to be resolved using AAAA or A records) and port. Requests should be made to the resolved IP address and port with a Host header containing the <delegated_hostname>. The target server must present a valid certificate for <delegated_hostname>.
If no SRV record is found, an IP address is resolved using AAAA or A records. Requests are then made to the resolve IP address and a port of 8448, using a Host header of <delegated_hostname>. The target server must present a valid certificate for <delegated_hostname>.

@richvdh richvdh mentioned this issue Jul 3, 2020
Closed
@bmbouter bmbouter mentioned this issue Nov 26, 2020
Closed
@richvdh richvdh mentioned this issue Apr 8, 2021
Open
@rambip
Copy link

rambip commented Jun 15, 2021

I have a very similar problem, with duckdns, I don't know wich on of these fixes to try:

2021-06-15 15:25:32,911 - synapse.http.matrixfederationclient - 639 - INFO - POST-2159 - {GET-O-149} [matrix.rambi.duckdns.org] Request failed: GET matrix://matrix.rambi.duckdns.org/_matrix/
key/v2/server/ed25519%3Aa_rsPo: DNSServerError(<Message id=29145 rCode=2 maxSize=0 flags=answer,recDes,recAv queries=[Query(b'_matrix._tcp.matrix.rambi.duckdns.org', 33, 1)]>)
2021-06-15 15:25:32,912 - synapse.crypto.keyring - 881 - WARNING - POST-2159 - Error looking up keys {'ed25519:a_rsPo': 1623767131178} from matrix.rambi.duckdns.org: Failed to send request: 
DNSServerError: <Message id=29145 rCode=2 maxSize=0 flags=answer,recDes,recAv queries=[Query(b'_matrix._tcp.matrix.rambi.duckdns.org', 33, 1)]>
2021-06-15 15:25:32,916 - synapse.federation.federation_base - 128 - WARNING - POST-2159 - Signature check failed for $b3usuy5GPlfVx6SHZ9NS2s5XyhJ2zbxuRzGRsSGsttQ: 403: event id $b3usuy5GPlf
Vx6SHZ9NS2s5XyhJ2zbxuRzGRsSGsttQ: unable to verify signature for sender matrix.rambi.duckdns.org: 401: Failed to find any key to satisfy VerifyJsonRequest(server=matrix.rambi.duckdns.org, ke
y_ids=['ed25519:a_rsPo'], min_valid=1623767131178)

What should I do ?

@rambip rambip mentioned this issue Jun 15, 2021
Closed
@richvdh richvdh changed the title Accessing room or inviting user from other homeserver gives 401 Unauthorized Accessing room or inviting user from other homeserver gives 401 Unauthorized [aka duckdns.org is broken] Aug 6, 2021
@reivilibre reivilibre mentioned this issue Sep 15, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@clokep @richvdh @MartenBE @aaronraimist @Linuxine @Faberix @rambip