-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS resolver failing to find valid DNS record #8261
Comments
@johnjaylward would it be possible to try different netty versions and see at which point it breaks ? This would help me a lot. |
Are there any breaking points in the API between 4.1.13 and 4.1.20? If not, I don't see an issue with trying on my end. |
@johnjaylward as the dns resolver is marked as unstable there were a few, but I think most people should not be affected as the scope is small. So I would give it a try. |
well, now that I've played around with the versions a little more, I'm not sure what's up. However using Redisson 3.6.0 with any version of Netty, the query fails. I'm guessing Redisson must have changed some configuration option that it is passing to the Netty resolver? Is that a possibility? If so, I'll open this on the Redisson side. |
@johnjaylward sure thats possible... I dont know enough about Redission to tell you what they do. |
Thanks, I'll check with them. |
@johnjaylward please let me know how it goes :) |
I would reopen this issue. Issue appeared once Redisson switched to netty based resolver from JDK's |
Thanks for looking @mrniko . @normanmaurer looks like it's an error in how netty is resolving. |
Updated title since it's not a regression. |
I'm not sure if it's environment related or not. It appears to be environment related as it seems to resolve some host names just fine, it's just this custom top level domain one it has issues with (i.e. not localhost/.com/.edu etc which work fine). The TLD is just "companyname" not "companyname.com" . The resolver appears to be looking at "host.companyname" and not liking the TLD, so it appends the DNS Search Domain to it (host.companyname.someOther.searchDomain), which is invalid. Short of setting up your own DNS stack with a custom TLD to test it, I'm not sure what else to do. |
Maybe you can test against a public TLD like .amazon or .google or something? I'm not sure if there would be a difference there though as I have 3 resolvers configured, but only 1 will return a valid result for the custom TLD. |
So you say it only happens for custom TLDs?
… Am 10.09.2018 um 17:31 schrieb johnjaylward ***@***.***>:
Maybe you can test against a public TLD like .amazon or .google or something? I'm not sure if there would be a difference there though as I have 3 resolvers configured, but only 1 will return a valid result for the custom TLD.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@johnjaylward could you test to only include the dnsserver that handles the custom domainname and see if it resolves in this case ? Also would it be possible to run the following command against each of the servers (using the domain you want to resolve) and add the output here:
|
Personal local network:
Global public network:
Company DNS over VPN
|
@normanmaurer I'm not sure I can configure Redisson to use a specific DNS server... |
@johnjaylward interesting so at least one server returns |
it's on windows 10 in this instance. When I was stepping through the calls the server list contained all 3 primary servers. I can't remember if it contained the secondary over the VPN. If I have time today, I'll try to step through again and see which servers were listed. |
I am getting similar kind of error with redisson version 3.7.2 and netty version 4.1.25.Final
|
Could this error redisson/redisson#1646 related to this issue either? |
@johnjaylward @utsavchanda any more details ? |
I don't at this time. I was mainly looking at upgrading the libraries as part of a larger task and have since put down the upgrade due to this issue and moved onto the rest of the task. I'm not sure when I'll have time to investigate it further. |
Sorry but without more infos I suspect I will not be able to help :( |
@johnjaylward @mrniko after re-reading the RFC closely and inspecting our code again I think I found the bug. Can you please check if #8731 works for you ? Also thanks to @Lukasa to discuss this with me :) |
@mrniko also can you test removing |
Issue came back if I comment out this code |
@normanmaurer DnsAddressResolverGroup group = new DnsAddressResolverGroup(new DnsNameResolverBuilder()
.channelType(NioDatagramChannel.class)
.nameServerProvider(DnsServerAddressStreamProviders.platformDefault())
.resolvedAddressTypes(ResolvedAddressTypes.IPV4_ONLY)); and doesn't work if group object is follow: DnsAddressResolverGroup group = new DnsAddressResolverGroup(new DnsNameResolverBuilder()
.channelType(NioDatagramChannel.class)
.nameServerProvider(DnsServerAddressStreamProviders.platformDefault())); |
@normanmaurer |
@mrniko let me build one for you with the pr included... one sec |
@mrniko https://drive.google.com/open?id=11pNwvCkl3ECB3CpjlUzDnuG0m3Td27yg please try with this jar and report back. |
This page by this link reports 404 |
@mrniko just fixed the link... please try again |
Now it works. Thank you! |
@mrniko the code or the link, or both ? ;) |
Both :) |
Yeah :) ... Please note in the PR as well... |
…other nameservers are left. (#8731) Motivation: When using multiple nameservers and a nameserver respond with NXDOMAIN we should only fail the query if the nameserver in question is authoritive or no nameservers are left to try. Modifications: - Try next nameserver if NXDOMAIN was returned but the nameserver is not authoritive - Adjust testcase to respect correct behaviour. Result: Fixes #8261
…other nameservers are left. (#8731) Motivation: When using multiple nameservers and a nameserver respond with NXDOMAIN we should only fail the query if the nameserver in question is authoritive or no nameservers are left to try. Modifications: - Try next nameserver if NXDOMAIN was returned but the nameserver is not authoritive - Adjust testcase to respect correct behaviour. Result: Fixes #8261
@normanmaurer , We attempted to workaround this by setting dnsMonitoringInterval to -1. However, JAVA_HOME\jre\lib\security\java.security had the following parameters:
Do you think it is a legitimate workaround? Also posted the question in another issue: redisson/redisson#1486 (comment) |
@hlms I have no idea how exactly redission uses it so you will need to ask there. |
This version contains the fix for the DNS Resolution bug found in netty. netty/netty#8261
Add this propertie for your custom services: eureka.instance.prefer-ip-address=true |
2. add global http proxy configuration and set proxy in http client
2. add global http proxy configuration and set proxy in http client
2. add global http proxy configuration and set proxy in http client
Expected behavior
The DNS resolver should find valid DNS records.
Actual behavior
Exception thrown:
Steps to reproduce
someDomain
on a DNS server you ownsomeHost.someDomain
search.otherDomain
on the DNS client machine that will run the Netty codesomeHost.someDomain
Minimal yet complete reproducer code (or URL to code)
I'm not using Netty directly so I'm not sure what to put here. Do you want my Redisson code?
Netty version
Breaks when I upgrade to Reddison 3.6+ which pulls in Netty 4.1.20+
When forcing downgrade to Netty 4.1.13 the problem still shows, but with a slightly different stack trace.
JVM version (e.g.
java -version
)java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)
OS version (e.g.
uname -a
)Windows 10, Centos 7, Ubuntu 16.04
The text was updated successfully, but these errors were encountered: