search

remotelyliving / php-dns

A DNS abstraction for PHP
MIT License
157 stars 21 forks source link

Chaining with consensus could lead to unpredictable results #51

Open sriccio opened 2 years ago

sriccio commented 2 years ago

Describe the bug Chain resolver with consensus might produce inpredictable results when there are some kind of round robin of the results or maybe when the result depends on geolocalisation.

For example looking up A records for google.com with consensus always return an empty result. However, without chaining and consensus, it returns an unique result that changes (some round robin here) every request. Also, the result completly differs if using cloudflare or google resolver.

When you do the same tests with for example microsoft.com, multiple A records are returned and the consensus is working.

So I was wondering is there could be a workaround for this or if it's better to drop using the chaining/consensus to avoid possible issues for some domains that would behave like google.com does.

To Reproduce Steps to reproduce the behavior:

Lookup A record for hostname google.com

use RemotelyLiving\PHPDNS\Resolvers\GoogleDNS;
use RemotelyLiving\PHPDNS\Resolvers\CloudFlare;
use RemotelyLiving\PHPDNS\Resolvers\Chain;

$googleResolver = new GoogleDNS();
$cloudflareResolver = new CloudFlare();
$ipv4Result = $chainResolver->withConsensusResults()->getARecords('google.com');
print_r($ipv4Result);

Result:

RemotelyLiving\PHPDNS\Entities\DNSRecordCollection Object
(
    [records:RemotelyLiving\PHPDNS\Entities\DNSRecordCollection:private] => ArrayIterator Object
        (
            [storage:ArrayIterator:private] => Array
                (
                )

        )

)

Expected behavior Get a list of A records for the hostname

remotelyliving commented 2 years ago

This is interesting. I'll have some time to look into it tomorrow evening and will give you an update. My gut feeling is the equality check is too strict but it's been a while and I need to refresh how the this thing works hehe.

sriccio commented 2 years ago

Hi, well I have the feeling that there is something special going on with google.com as when querying it, it only returns one record, but the record changes every lookup and the returned IP addresses range seems to be dependent from where you are querying it, so there will never be a possible consensus between CloudFlare and Google DNS servers.

I did the same test with a domain name which is using CloudFlare DNS servers as authoritative servers and the result is the same as for google.com. It doesn't return the same IP addresses if I'm querying it using CloudFlare or Google DNS. My guess is that they have many servers at different locations and their DNS returns the geographically closest one (and CloudFlare/Google DNS are not located in the same area).

Something like: https://docs.ultradns.neustar/HTML5/Content/User%20Guides/Traffic_Management_User_Guide/Directional.htm

This then defeat the great consensus thing :/

Kind regards.