Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider a trailing dot when resolve DNS with search domains #5963

Merged
merged 9 commits into from
Nov 8, 2024
Merged

Consider a trailing dot when resolve DNS with search domains #5963

merged 9 commits into from
Nov 8, 2024

Conversation

ikhoon
Copy link
Contributor

@ikhoon ikhoon commented Oct 30, 2024

Motivation:

There was a report from LY internally where DNS resolver warned for NXDomain unexpectedly.

java.util.concurrent.CompletionException: java.lang.IllegalArgumentException: Empty label is not a legal name
	at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315)
        ...
	at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.resolve0(SearchDomainDnsResolver.java:99)
	at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.resolve(SearchDomainDnsResolver.java:88)
	at com.linecorp.armeria.internal.client.dns.HostsFileDnsResolver.resolve(HostsFileDnsResolver.java:130)
	at com.linecorp.armeria.internal.client.dns.DefaultDnsResolver.resolveOne(DefaultDnsResolver.java:89)
	at com.linecorp.armeria.internal.client.dns.DefaultDnsResolver.resolve(DefaultDnsResolver.java:81)
	at com.linecorp.armeria.client.endpoint.dns.DnsEndpointGroup.sendQueries(DnsEndpointGroup.java:155)
	at com.linecorp.armeria.client.endpoint.dns.DnsEndpointGroup.lambda$sendQueries$3(DnsEndpointGroup.java:173)
       ...
Caused by: java.lang.IllegalArgumentException: Empty label is not a legal name
  at java.base/java.net.IDN.toASCIIInternal(IDN.java:284)
  at java.base/java.net.IDN.toASCII(IDN.java:123)
  at java.base/java.net.IDN.toASCII(IDN.java:152)
  at com.linecorp.armeria.internal.client.dns.DnsQuestionWithoutTrailingDot.<init>(DnsQuestionWithoutTrailingDot.java:53)
  at com.linecorp.armeria.internal.client.dns.DnsQuestionWithoutTrailingDot.of(DnsQuestionWithoutTrailingDot.java:48)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.newQuestion(SearchDomainDnsResolver.java:190)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.nextQuestion0(SearchDomainDnsResolver.java:177)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.nextQuestion(SearchDomainDnsResolver.java:150)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.lambda$resolve0$1(SearchDomainDnsResolver.java:103)
  ... 19 common frames omitted

The NX domain has a trailing dot and search domains start with a dot (.).
As a result, example.com..search.domain was made and rejected by java.net.IDN

Modifications:

  • Remove a leading dot from the normalized search domains.
  • Infix a dot when a hostname does not have a trailing dot.

Result:

DNS resolver now correctly adds search domains for hostnames with trailing dots.

@ikhoon
Consider a trailing dot when resolve DNS with search domains
0ef7842 
Motivation:

There was a report from LY internally where DNS resolver warns for `NXDomain`.
```
java.util.concurrent.CompletionException: java.lang.IllegalArgumentException: Empty label is not a legal name
	at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315)
        ...
	at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.resolve0(SearchDomainDnsResolver.java:99)
	at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.resolve(SearchDomainDnsResolver.java:88)
	at com.linecorp.armeria.internal.client.dns.HostsFileDnsResolver.resolve(HostsFileDnsResolver.java:130)
	at com.linecorp.armeria.internal.client.dns.DefaultDnsResolver.resolveOne(DefaultDnsResolver.java:89)
	at com.linecorp.armeria.internal.client.dns.DefaultDnsResolver.resolve(DefaultDnsResolver.java:81)
	at com.linecorp.armeria.client.endpoint.dns.DnsEndpointGroup.sendQueries(DnsEndpointGroup.java:155)
	at com.linecorp.armeria.client.endpoint.dns.DnsEndpointGroup.lambda$sendQueries$3(DnsEndpointGroup.java:173)
       ...
Caused by: java.lang.IllegalArgumentException: Empty label is not a legal name
  at java.base/java.net.IDN.toASCIIInternal(IDN.java:284)
  at java.base/java.net.IDN.toASCII(IDN.java:123)
  at java.base/java.net.IDN.toASCII(IDN.java:152)
  at com.linecorp.armeria.internal.client.dns.DnsQuestionWithoutTrailingDot.<init>(DnsQuestionWithoutTrailingDot.java:53)
  at com.linecorp.armeria.internal.client.dns.DnsQuestionWithoutTrailingDot.of(DnsQuestionWithoutTrailingDot.java:48)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.newQuestion(SearchDomainDnsResolver.java:190)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.nextQuestion0(SearchDomainDnsResolver.java:177)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver$SearchDomainQuestionContext.nextQuestion(SearchDomainDnsResolver.java:150)
  at com.linecorp.armeria.internal.client.dns.SearchDomainDnsResolver.lambda$resolve0$1(SearchDomainDnsResolver.java:103)
  ... 19 common frames omitted
```

The NX domain has with a trailing dot and search domains starts with
`.`. As a result, `example.com..search.domain` was made and rejected by `java.net.IDN`

Modifications:

- Remove a leading dot from the normalized search domains.
- Infix a dot when a hostname does not have a trailing dot.

Result:

DNS resolver now correctly adds search domains for hostnames with trailing dots.
@ikhoon ikhoon added the defect label Oct 30, 2024
@ikhoon ikhoon added this to the 1.31.0 milestone Oct 30, 2024
minwoox
minwoox approved these changes Oct 30, 2024
View reviewed changes
Copy link
Member

@minwoox minwoox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍 👍

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 30, 2024
edited
Loading

🔍 Build Scan® (commit: 90d886a)

Job name Status Build Scan®
build-ubicloud-standard-8-jdk-8 https://ge.armeria.dev/s/hyrumefawmups
build-ubicloud-standard-8-jdk-21-snapshot-blockhound https://ge.armeria.dev/s/zu7qinp4b7jhy
build-ubicloud-standard-8-jdk-17-min-java-17-coverage https://ge.armeria.dev/s/mcqe4wxmzko6c
build-ubicloud-standard-8-jdk-17-min-java-11 ❌ (failure) https://ge.armeria.dev/s/7nmkblj73smta
build-ubicloud-standard-8-jdk-17-leak https://ge.armeria.dev/s/f7rogmve6q24y
build-ubicloud-standard-8-jdk-11 ❌ (failure) https://ge.armeria.dev/s/n4fenjpvazn4y
build-macos-12-jdk-21 https://ge.armeria.dev/s/gidgqiinq4niw

jrhee17
jrhee17 approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@jrhee17 jrhee17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

jrhee17 and others added 5 commits November 6, 2024 10:10
@jrhee17
Merge branch 'main' into trailing-dot-searchdomain
d01a90e
@ikhoon
debug log
331d86c
@ikhoon
Merge branch 'trailing-dot-searchdomain' of github.com:ikhoon/armeria…
d300ae5 
… into trailing-dot-searchdomain
@ikhoon
Fix a flaky test and minor bugs
a02dad0 
- Stop to send queries with search domains when it was resovled.
- Fix a bug where the original hostname was sent as the last query
  when the number of dots in a hostname >= `ndots`.
- Explicitly set `ResolvedAddressTypes.IPV4_ONLY` to avoid flakyness.
@ikhoon
lint
ae89033
minwoox
minwoox approved these changes Nov 7, 2024
View reviewed changes
Copy link
Member

@minwoox minwoox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still looks good 👍

core/src/main/java/com/linecorp/armeria/internal/client/dns/DefaultDnsResolver.java Outdated Show resolved Hide resolved
@ikhoon ikhoon merged commit 460ea02 into line:main Nov 8, 2024
12 of 14 checks passed
@ikhoon ikhoon deleted the trailing-dot-searchdomain branch November 8, 2024 02:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@minwoox minwoox minwoox approved these changes

@jrhee17 jrhee17 jrhee17 approved these changes

@trustin trustin Awaiting requested review from trustin trustin is a code owner

Assignees
No one assigned
Labels
defect
Projects
None yet
Milestone
1.31.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ikhoon @jrhee17 @minwoox