Feature Request: Detect DNS errors when there is an A record instead of an SRV record

matrix-org / matrix-federation-tester

Tester for matrix federation written in golang.

78 stars 17 forks source link

Feature Request: Detect DNS errors when there is an A record instead of an SRV record #92

Open MartenBE opened 5 years ago

MartenBE commented 5 years ago

I've had trouble setting up federation using duckdns.org, but the federation tester did not show any errors. After investigation by @richvdh in https://github.com/matrix-org/synapse/issues/5882, we discoverd it was caused by the wildcard functionality of duckdns. This intrudes a *.example.com wildcard A record which causes errors in Synapse as it expects nothing or an SRV record. It would be handy if the federation tester could detect this in case others try to use (dynamic) DNS services with wildcards.

richvdh commented 5 years ago

To be clear: the feature for the federation tester would be "detect when the DNS system returns an error, and don't ignore it", as opposed to anything specific to A records where we expect a SRV record:

rav@fred:~$ dig @8.8.8.8 -t SRV _matrix._tcp.martenbe.duckdns.org

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @8.8.8.8 -t SRV _matrix._tcp.martenbe.duckdns.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61560
                                       ^^^^^^^^ this

richvdh commented 5 years ago

[of course the problem is that, depending on which recursive resolver the federation tester uses, some will return a SERVFAIL, whereas others will just ignore the spurious result from duckdns]