Page MenuHomePhabricator
Create Task
Maniphest T139438

promethium.wikitextexp.eqiad.wmflabs (10.68.16.2, labs baremetal host) has strange DNS A record result, and missing PTR
Closed, InvalidPublic
Actions

Description

P3335 promethium DNS
1krenair@bastion-01:~$ host promethium.wikitextexp.eqiad.wmflabs
2promethium.wikitextexp.eqiad.wmflabs has address 10.68.16.2
3Host promethium.wikitextexp.eqiad.wmflabs not found: 3(NXDOMAIN)
4Host promethium.wikitextexp.eqiad.wmflabs not found: 3(NXDOMAIN)
5krenair@bastion-01:~$ host promethium.eqiad.wmflabs
6promethium.eqiad.wmflabs has address 10.68.16.2
7Host promethium.eqiad.wmflabs not found: 3(NXDOMAIN)
8Host promethium.eqiad.wmflabs not found: 3(NXDOMAIN)
9krenair@bastion-01:~$ host 10.68.16.2
10Host 2.16.68.10.in-addr.arpa. not found: 3(NXDOMAIN)

I'm not quite sure what the host command is up to there as dig just returns what you'd expect for the A records (if you make it host -v promethium.wikitextexp.eqiad.wmflabs it clearly does the same lookup three times but returns two distinct results from either three or five responses). PTR is missing either way.
(This might be known or unimportant or something but making a task to ensure we have a record)

Details

SubjectRepoBranchLines +/-
[WIP] dnsrecursor: Rewrite code setting up lua hooksoperations/puppetproduction+202 -278
labs dnsrecursor metaldns: Change hook to ensure SOA records get passed properly but with NOERROR instead of NXDOMAINoperations/puppetproduction+3 -4
labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record of the right type but do recognise the domainoperations/puppetproduction+8 -2
labs dnsrecursor metaldns: Resolve PTR records toooperations/puppetproduction+13 -13
Customize query in gerrit

Related Objects
Search...

Event Timeline

AlexMonk-WMF created this task.Jul 6 2016, 1:46 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 6 2016, 1:46 AM
gerritbot subscribed.Jul 18 2016, 12:08 AM

Change 299501 had a related patch set uploaded (by Alex Monk):
labs dnsrecursor metaldns: Resolve PTR records too

https://gerrit.wikimedia.org/r/299501

gerritbot added a project: Patch-For-Review.Jul 18 2016, 12:08 AM
Krenair mentioned this in rOPUP8f271feec7f3: labs dnsrecursor metaldns: Resolve PTR records too.Jul 18 2016, 12:14 AM
Andrew mentioned this in rOPUP5574ec3c67ee: labs dnsrecursor metaldns: Resolve PTR records too.Jul 19 2016, 2:25 PM
gerritbot added a comment.Jul 19 2016, 2:28 PM

Change 299501 merged by Andrew Bogott:
labs dnsrecursor metaldns: Resolve PTR records too

https://gerrit.wikimedia.org/r/299501

Andrew mentioned this in rOPUPe5c323ae644f: labs dnsrecursor metaldns: Resolve PTR records too.Jul 19 2016, 2:29 PM
AlexMonk-WMF added a comment.Jul 19 2016, 2:34 PM

That commit sorted out the PTR problem, but we still have the strange A record result:

krenair@bastion-01:~$ host promethium.wikitextexp.eqiad.wmflabs
promethium.wikitextexp.eqiad.wmflabs has address 10.68.16.2
Host promethium.wikitextexp.eqiad.wmflabs not found: 3(NXDOMAIN)
Host promethium.wikitextexp.eqiad.wmflabs not found: 3(NXDOMAIN)
krenair@bastion-01:~$ host 10.68.16.2
2.16.68.10.in-addr.arpa domain name pointer promethium.wikitextexp.eqiad.wmflabs.
krenair@bastion-01:~$
AlexMonk-WMF removed a project: Patch-For-Review.Jul 19 2016, 2:35 PM
AlexMonk-WMF added a subscriber: BBlack.EditedJul 19 2016, 11:23 PM

@BBlack figured out the extra requests are AAAA queries (no thanks to /usr/bin/host - seriously shouldn't that sort of info be shown in verbose mode?), which metaldns will currently return NXDOMAIN for :/

gerritbot added a comment.Jul 19 2016, 11:29 PM

Change 299903 had a related patch set uploaded (by Alex Monk):
labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record of the right type but do recognise the domain

https://gerrit.wikimedia.org/r/299903

gerritbot added a project: Patch-For-Review.Jul 19 2016, 11:29 PM
AlexMonk-WMF claimed this task.Jul 19 2016, 11:30 PM
Krenair mentioned this in rOPUP1faa87fc643c: labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record….Jul 19 2016, 11:35 PM
Krenair moved this task from Triage to In Progress on the Cloud-Services board.Jul 23 2016, 2:16 PM
Krenair mentioned this in rOPUP60629ff1467b: labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record….Aug 4 2016, 3:47 AM
Krenair mentioned this in rOPUPe07b1b412948: labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record….Aug 4 2016, 3:53 AM
Krenair mentioned this in rOPUP152a11ebc718: labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record….Aug 4 2016, 4:04 AM
chasemp mentioned this in rOPUP817bb220564c: labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record….Aug 9 2016, 3:04 PM
gerritbot added a comment.Aug 9 2016, 3:06 PM

Change 299903 merged by Rush:
labs dnsrecursor metaldns: Don't return NXDOMAIN when we don't have a record of the right type but do recognise the domain

https://gerrit.wikimedia.org/r/299903

AlexMonk-WMF added a comment.Aug 9 2016, 4:06 PM

Much better, though not perfect:

; <<>> DiG 9.9.5-8-Debian <<>> promethium.wikitextexp.eqiad.wmflabs AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64793
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;promethium.wikitextexp.eqiad.wmflabs. IN AAAA

;; ANSWER SECTION:
promethium.wikitextexp.eqiad.wmflabs. 60 IN SOA	labs-ns0.wikimedia.org. root.wmflabs.org. 1 3600 600 86400 3600

;; Query time: 1 msec
;; SERVER: 208.80.155.118#53(208.80.155.118)
;; WHEN: Tue Aug 09 16:05:44 UTC 2016
;; MSG SIZE  rcvd: 125

The SOA record should be in the authority section, not the answer section. The difference causes this:

krenair@bastion-01:~$ host promethium.wikitextexp.eqiad.wmflabs
promethium.wikitextexp.eqiad.wmflabs has address 10.68.16.2
promethium.wikitextexp.eqiad.wmflabs has SOA record labs-ns0.wikimedia.org. root.wmflabs.org. 1 3600 600 86400 3600
promethium.wikitextexp.eqiad.wmflabs has SOA record labs-ns0.wikimedia.org. root.wmflabs.org. 1 3600 600 86400 3600
gerritbot added a comment.Aug 9 2016, 5:33 PM

Change 303833 had a related patch set uploaded (by Alex Monk):
labs dnsrecursor metaldns: Change hook to ensure SOA records get passed properly but with NOERROR instead of NXDOMAIN

https://gerrit.wikimedia.org/r/303833

Krenair mentioned this in rOPUP9f0e1b6f39bc: labs dnsrecursor metaldns: Change hook to ensure SOA records get passed….Aug 9 2016, 5:36 PM
gerritbot added a comment.Aug 10 2016, 6:00 PM

Change 303833 merged by BBlack:
labs dnsrecursor metaldns: Change hook to ensure SOA records get passed properly but with NOERROR instead of NXDOMAIN

https://gerrit.wikimedia.org/r/303833

BBlack mentioned this in rOPUP66e71a3bbfa8: labs dnsrecursor metaldns: Change hook to ensure SOA records get passed….Aug 10 2016, 6:02 PM
AlexMonk-WMF closed this task as Resolved.Aug 10 2016, 6:28 PM

Thanks for your help and patience everybody, especially Brandon. I believe this is now working as expected:

krenair@bastion-01:~$ host promethium.wikitextexp.eqiad.wmflabs
promethium.wikitextexp.eqiad.wmflabs has address 10.68.16.2
krenair@bastion-01:~$ host promethium.eqiad.wmflabs
promethium.eqiad.wmflabs has address 10.68.16.2
krenair@bastion-01:~$ host 10.68.16.2
2.16.68.10.in-addr.arpa domain name pointer promethium.wikitextexp.eqiad.wmflabs.
AlexMonk-WMF reopened this task as Open.Aug 10 2016, 10:33 PM

Sigh. It had to be reverted because my patch ran into a pretty nasty gotcha. As I just wrote on Gerrit (https://gerrit.wikimedia.org/r/#/c/304049/1):

Although we set up multiple files with hook functions inside them, PowerDNS only supports one. So we have a recursorhooks.lua script to make it run both. That was fine until I declared "function postresolve" in metaldns, which was already used in labs-ip-alias.lua - since metaldns is listed after labs-ip-alias in recursorhooks, it took priority and killed our labs-ip-alias code

gerritbot added a comment.Aug 10 2016, 11:46 PM

Change 304146 had a related patch set uploaded (by Alex Monk):
[WIP] dnsrecursor: Rewrite code setting up lua hooks

https://gerrit.wikimedia.org/r/304146

AlexMonk-WMF mentioned this in rOPUP6dc1b670b486: [WIP] dnsrecursor: Rewrite code setting up lua hooks.Aug 10 2016, 11:49 PM
AlexMonk-WMF mentioned this in rOPUP154bfdbd1499: [WIP] dnsrecursor: Rewrite code setting up lua hooks.Aug 11 2016, 1:28 AM
AlexMonk-WMF mentioned this in rOPUPd20e3db490dd: [WIP] dnsrecursor: Rewrite code setting up lua hooks.Aug 11 2016, 2:41 AM
Krenair claimed this task.Jan 5 2017, 10:21 PM
Andrew added a subtask: T201202: Replace bare-metal promethium.wikitextexp.eqiad.wmflabs with a VM or VMs.Aug 3 2018, 7:50 PM
Andrew added a subtask: T191362: decom promethium/WMF3571.Oct 15 2018, 4:47 PM
Andrew closed subtask T201202: Replace bare-metal promethium.wikitextexp.eqiad.wmflabs with a VM or VMs as Resolved.
gerritbot added a comment.Oct 25 2018, 5:02 PM

Change 304146 abandoned by Alex Monk:
[WIP] dnsrecursor: Rewrite code setting up lua hooks

Reason:
never got finished, would need a massive rebase, etc.

https://gerrit.wikimedia.org/r/304146

Krenair closed this task as Invalid.Oct 25 2018, 5:03 PM

This host eventually went away and the problematic code removed: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/469532/

ayounsi closed subtask T191362: decom promethium/WMF3571 as Resolved.Feb 26 2019, 7:49 PM
ayounsi reopened subtask T191362: decom promethium/WMF3571 as Open.
Papaul closed subtask T191362: decom promethium/WMF3571 as Resolved.Jan 3 2020, 11:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL