We do have some checks in the backend to check prior to any site launch that there are AAAA records/CAA records present. In this case, the dig commands to check the AAAA records failed.
The reason for above is that we were using a library called node-dig-dns. This called the dig command directly at a system level. However, our docker container does not have the dig command out of the box. This resulted in the existence of AAAA records not being caught.
We are also codifying a check for CAA records and ensuring that if there exist at least one caa record and it uses our redirection service, it should have letsencrypt as one of the caa record.
To prevent accidental commits to live indirection repo during dev, also adding a check to only commit to the indirection repository iff it is in prod environment.
Solution
just use node's dns resolver directly. this way we dont have to depend on an external library's implementation of node and dont have to install unnecessary deps in the docker.
remove dep introduced in #1244
Breaking Changes
[ ] Yes - this PR contains breaking changes
Details ...
[x] No - this PR is backwards compatible with ALL of the following feature flags in this doc
Features:
Manual test (not to be copied over to deployment notes)
[ ] add these lines of code at the end of server.js
Problem
We do have some checks in the backend to check prior to any site launch that there are AAAA records/CAA records present. In this case, the dig commands to check the AAAA records failed.
The reason for above is that we were using a library called
node-dig-dns
. This called the dig command directly at a system level. However, our docker container does not have the dig command out of the box. This resulted in the existence of AAAA records not being caught.We are also codifying a check for CAA records and ensuring that if there exist at least one caa record and it uses our redirection service, it should have letsencrypt as one of the caa record.
To prevent accidental commits to live indirection repo during dev, also adding a check to only commit to the indirection repository iff it is in prod environment.
Solution
just use node's dns resolver directly. this way we dont have to depend on an external library's implementation of node and dont have to install unnecessary deps in the docker.
remove dep introduced in #1244
Breaking Changes
Features:
Manual test (not to be copied over to deployment notes)
formsgSiteLaunchRouter.handleSiteLaunchResults(formResponses, "test")