If a server does not support IPv6, but another server is only reachable via IPv6 connections are attempted in a tight loop without any back-off. This results in many .well-known lookups on the target server per second.
Who is affected: The IPv6-only server is getting hammered by .well-known request non-stop. The IPv4-only server gets a huge amount of log errors
How is this bug manifesting: Spam in logs, rate-limiting kicking in and DDoSing the target server.
When did this first appear: unknown, noticed it when I got rate limited by my webhosting provider that hosted the .well-known file.
Steps to reproduce
Run dendrite on a IPv4 only host
Attempt federation with an IPv6 only host (For example, message @ablu:ablu.org)
So, the dendrite-server in question is mine, and the server it targeted is @Ablu 's.
To fill in the gaps:
Postgresql-database.
Same go-version as is present in ghcr.io/matrix-org/dendrite-monolith:v0.13.5.
Container is running on a talos-node in Oracle Cloud (free tier), which is overwritten from a "normal" linux install.
I never bothered with IPv6-connectivity there, so nothing is configured on the host, IPv6-wize.
Background information
0.13.5+b7054f4
unknown
go version
:unknown
na
Description
If a server does not support IPv6, but another server is only reachable via IPv6 connections are attempted in a tight loop without any back-off. This results in many .well-known lookups on the target server per second.
Steps to reproduce
@ablu:ablu.org
)Expected behaviour:
The connection should fail and exponentially back off. The .well-known entry should probably be cached as well.
/cc @davralin