Page MenuHomePhabricator
Create Task
Maniphest T316819

Modify dns_to_ipset to do both UDP and TCP DNS requests.
Closed, ResolvedPublic
Actions

Description

We've discovered that dns_to_ipset (using python3 dns.resolver) gets different answers from recdns.anycast.wmnet for TCP queries vs UDP queries. It looks like at least some services are probably using UDP, because we're running into situations where a service will try to hit a pool of IPs that don't correlate to what has been poked into ipset, for extended periods of time, with dns_to_ipset using TCP.

I think we can work around this by making dns_to_ipset do its DNS polling both by UDP and TCP and merge the results.

Event Timeline

Jgreen created this task.Aug 31 2022, 8:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 31 2022, 8:48 PM
Jgreen closed this task as Resolved.Aug 31 2022, 9:50 PM
Jgreen claimed this task.
Jgreen triaged this task as High priority.

Done, and it seems to have worked.

greg awarded a token.Aug 31 2022, 10:01 PM
Dwisehaupt moved this task from Triage to Done on the fundraising-tech-ops board.Sep 2 2022, 8:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL