search

matrix-org / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://matrix-org.github.io/synapse
Apache License 2.0
11.82k stars 2.13k forks source link

Confusing error when Synapse fails to connect to a domain due to it being on the blacklist #10224

Open erikjohnston opened 3 years ago

erikjohnston commented 3 years ago

c.f. https://github.com/matrix-org/synapse/issues/9475 etc.

Basically when this happens the following stack trace is produced in the logs:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/synapse/http/server.py", line 252, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/usr/local/lib/python3.8/site-packages/synapse/http/server.py", line 430, in _async_render
    callback_return = await raw_callback_return
  File "/usr/local/lib/python3.8/site-packages/synapse/rest/client/v1/room.py", line 734, in on_POST
    await self.room_member_handler.do_3pid_invite(
  File "/usr/local/lib/python3.8/site-packages/synapse/handlers/room_member.py", line 879, in do_3pid_invite
    stream_id = await self._make_and_store_3pid_invite(
  File "/usr/local/lib/python3.8/site-packages/synapse/handlers/room_member.py", line 941, in _make_and_store_3pid_invite
    ) = await self.identity_handler.ask_id_server_for_third_party_invite(
  File "/usr/local/lib/python3.8/site-packages/synapse/handlers/identity.py", line 856, in ask_id_server_for_third_party_invite
    data = await self.blacklisting_http_client.post_json_get_json(
  File "/usr/local/lib/python3.8/site-packages/synapse/http/client.py", line 530, in post_json_get_json
    response = await self.request(
  File "/usr/local/lib/python3.8/site-packages/synapse/http/client.py", line 422, in request
    response = await make_deferred_yieldable(request_deferred)
  File "/usr/local/lib/python3.8/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
  File "/usr/local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 981, in startConnectionAttempts
    raise error.DNSLookupError(
twisted.internet.error.DNSLookupError: DNS lookup failed: no results for hostname lookup: matrix.nilsson.link.

which is very misleading when what is actually happening is the host is being resolved to a private IP which then gets blacklisted (as private IPs are in the blacklist by default).

We do log Dropped %s from DNS resolution to %s due to blacklist when this happens, which is better than nothing, but is easily missed if it's happening several lines above the error in the logs.

Ideally we'd somehow make the error message in the stack trace more helpful.

richvdh commented 3 years ago

I think doing https://github.com/matrix-org/synapse/issues/8860 would fix this.

richvdh commented 3 years ago

We're hoping that #10115 will mean that people are a bit less likely to run into this.

richvdh commented 2 years ago

vaguely related: #8917