From sara at sinodun.com  Fri Aug  4 12:25:02 2017
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 4 Aug 2017 13:25:02 +0100
Subject: [getdns-users] Question on transport fallback option of the
 getdns API
In-Reply-To: <86631312-24cf-c284-9c3b-24ad0b3dcaa2@broadforward.com>
References: <86631312-24cf-c284-9c3b-24ad0b3dcaa2@broadforward.com>
Message-ID: <10F41CEB-58CF-4DFB-B5B7-BCB6C212F5A5@sinodun.com>


> On 13 Jul 2017, at 14:01, Marcel van Garderen <marcel.van.garderen at broadforward.com> wrote:
> 
> Hi getdns users,
> 
> 
> My name is Marcel and this is my 1st post to the user's list?
> 
Hi Marcel, 

Firstly - apologies for such a slow response! Most of the team were at IETF and on holiday the following week so this seems to have been lost?. 

> I have a question on the usage of the getdns API function getdns_context_set_dns_transport_list().
> 
> With this function the user can provide an ordered list of transport protocols that will be used for DNS lookups.
> 
> Fallback options are specified by including multiple values in the list.
> 
That?s what the documentation says?but read on..
> I did some experiments with transport fallback using the following dns context (lib version 1.0.0b2).
> 
> Here, the transport list is 'first try UDP and if it fails try TCP (the single IP address is masked)
> 
> {#012  "all_context":#012  {#012    "append_name": GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST,#012    "dns_transport_list":#012    [#012      GETDNS_TRANSPORT_UDP,#012      GETDNS_TRANSPORT_TCP#012    ],#012    "dnssec_allowed_skew": 0,#012    "edns_do_bit": 0,#012    "edns_extended_rcode": 0,#012    "edns_maximum_udp_payload_size": 512,#012    "edns_version": 0,#012    "follow_redirects": GETDNS_REDIRECTS_FOLLOW,#012    "idle_timeout": 5000000,#012    "limit_outstanding_queries": 0,#012    "namespaces":#012    [#012      GETDNS_NAMESPACE_LOCALNAMES,#012      GETDNS_NAMESPACE_DNS#012    ],#012    "suffix": [],#012    "timeout": 1000,#012    "tls_authentication": GETDNS_AUTHENTICATION_NONE,#012    "upstream_recursive_servers":#012    [#012      {#012        "address_data": <bindata for XXX.XXX.XXX.XXX>,#012        "address_type": <bindata of "IPv4">#012      }#012    ]#012  },#012  "implementation_string": <bindata of "https://getdnsapi.net" <https://getdnsapi.net/>>,#012  "resolution_type": GETDNS_RESOLUTION_STUB,#012  "version_string": <bindata of "1.0.0b2">#012}
> 
> The issue is that I was not seeing any transport fallback attempts (using the same context). 
> 
> When the DNS lookup failed (using UDP, timeout), there was no TCP attempt during any of the next 10 lookups. The library just kept on trying UDP.

There is a subtlety here which really needs explaining properly in the documentation, so thanks for picking up on this. The fallback options only kick in 
- for UDP when a response is received but contains the TC bit
- for TCP/TLS when a connection to the upstream cannot be made and no messages can be written (e.g. handshake failures).

I believe the failure case you are seeing with UDP is actually a timeout, i.e a query was sent but no response was received. Currently getdns does not re-try queries (or fallback) after a timeout on any transport, it simply returns. Reviewing this behaviour has long been on our TODO list. 
> Changing the order (TCP with fallback to UDP) did not make any difference: it just kept on trying TCP.
> 
A further subtly kicks in on TCP with TCP fastopen, which makes connection setup failures behave like timeouts in the sense that the ?write? of the query appears to always work but there is no response. And this produces the behaviour you see. So it might be you currently have TCP fast open enabled by default, but if you disable it with the ?disable-tcp-fastopen configure flag then you will see fallback to UDP if TCP fails. 

I?ve added an issue to the issue tracker for this https://github.com/getdnsapi/getdns/issues/323 <https://github.com/getdnsapi/getdns/issues/323> for the team to review.

Sara. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170804/1b4dac8c/attachment.htm>

From willem at nlnetlabs.nl  Fri Aug 25 10:08:13 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Fri, 25 Aug 2017 12:08:13 +0200
Subject: [getdns-users] Firs release candidate for getdns-1.1.3
Message-ID: <b61e98a7-0087-0f7d-e1cb-27aeea806ced@nlnetlabs.nl>

Dear all,

We have a first candidate for a bugfix release version 1.1.3 of getdns.

The brew formula for getdns and Stubby were conflicting because they
both installed Stubby.  To resolve, we gave Stubby its own repository
(https://github.com/getdnsapi/stubby) with getdns as a library dependency.

This release will allow for two complementary brew formulas.

1. One that installs the getdns library and the getdns_query tool with:

   brew install getdns

2. Another one that installs Stubby and (implicitly) the getdns library:

   brew install stubby

This release does include the new Stubby from its own repository too,
but it is not build by default any more. To build Stubby together with
the library you must configure it with the --with-stubby option.

Besides this organizational matter, we have a few fixes for high
priority bugs in this release:

  * When UDP upstreams were "temporarily" failing, the upstream
    selection process would crash when it would come back to the first
    specified UDP upstream after it initially failed.

  * High-load multi-threading environments had an serviceability issue,
    because file descriptors were closed repeatedly when they were
    finished.  As a result, a freshly obtained reused file descriptor by
    some thread could become unusable because it would be closed by
    another thread immediately.

A few more minor bugs have been addressed with this release too. For a
complete overview see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Friday the 1st of September.


link  : https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz.asc
sha256: 806d3dde53fbd8cbb46880774d97989878bfe77db4a3b8aeea46873203cf3daf


ChangeLog
=========
* 2017-0?-??: Version 1.1.3
  * No annotations with the output of getdns_query anymore,
    unless -V option is given to increase verbosity
    Thanks Ollivier Robert
  * getdns_query will now exit with failure status if replies are BOGUS
  * Bugfix: dnssec_return_validation_chain now also works when fallback
    to full recursion was needed with dnssec_roadblock_avoidance
  * More clear build instructions from Paul Hoffman.  Thanks.
  * Bugfix #320.1: Eliminate multiple closing of file descriptors
    Thanks Neil Cook
  * Bugfix #320.2: Array bounds bug in upstream_select
    Thanks Neil Cook
  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
    pages.  Thanks James Raftery
  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
    but does not have it implemented.  Thanks Joel Purra
  * Compile without Stubby by default.  Stubby now has a git repository
    of its own.  The new Stubby repository is added as a submodule.
    Stubby will still be build alongside getdns with the --with-stubby
    configure option.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170825/2c904447/attachment.bin>

From sca at andreasschulze.de  Wed Aug 30 20:31:17 2017
From: sca at andreasschulze.de (A. Schulze)
Date: Wed, 30 Aug 2017 22:31:17 +0200
Subject: [getdns-users] Firs release candidate for getdns-1.1.3
In-Reply-To: <b61e98a7-0087-0f7d-e1cb-27aeea806ced@nlnetlabs.nl>
References: <b61e98a7-0087-0f7d-e1cb-27aeea806ced@nlnetlabs.nl>
Message-ID: <f4801108-0568-adbe-054f-638562f0f585@andreasschulze.de>



Am 25.08.2017 um 12:08 schrieb Willem Toorop:
> We have a first candidate for a bugfix release version 1.1.3 of getdns.

build without noise on Debian Jessie+Stretch
and also works on a short test

Andreas


From willem at nlnetlabs.nl  Fri Aug 25 10:08:21 2017
From: willem at nlnetlabs.nl (Willem Toorop)
Date: Fri, 25 Aug 2017 12:08:21 +0200
Subject: [getdns-api] Firs release candidate for getdns-1.1.3
Message-ID: <fffb96f8-a4db-e54b-1cb3-160d1f74ddb0@nlnetlabs.nl>

Dear all,

We have a first candidate for a bugfix release version 1.1.3 of getdns.

The brew formula for getdns and Stubby were conflicting because they
both installed Stubby.  To resolve, we gave Stubby its own repository
(https://github.com/getdnsapi/stubby) with getdns as a library dependency.

This release will allow for two complementary brew formulas.

1. One that installs the getdns library and the getdns_query tool with:

   brew install getdns

2. Another one that installs Stubby and (implicitly) the getdns library:

   brew install stubby

This release does include the new Stubby from its own repository too,
but it is not build by default any more. To build Stubby together with
the library you must configure it with the --with-stubby option.

Besides this organizational matter, we have a few fixes for high
priority bugs in this release:

  * When UDP upstreams were "temporarily" failing, the upstream
    selection process would crash when it would come back to the first
    specified UDP upstream after it initially failed.

  * High-load multi-threading environments had an serviceability issue,
    because file descriptors were closed repeatedly when they were
    finished.  As a result, a freshly obtained reused file descriptor by
    some thread could become unusable because it would be closed by
    another thread immediately.

A few more minor bugs have been addressed with this release too. For a
complete overview see the ChangeLog section below.

Please review this release candidate carefully, if all is well, the
actual release will follow Friday the 1st of September.


link  : https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.1.3-rc1.tar.gz.asc
sha256: 806d3dde53fbd8cbb46880774d97989878bfe77db4a3b8aeea46873203cf3daf


ChangeLog
=========
* 2017-0?-??: Version 1.1.3
  * No annotations with the output of getdns_query anymore,
    unless -V option is given to increase verbosity
    Thanks Ollivier Robert
  * getdns_query will now exit with failure status if replies are BOGUS
  * Bugfix: dnssec_return_validation_chain now also works when fallback
    to full recursion was needed with dnssec_roadblock_avoidance
  * More clear build instructions from Paul Hoffman.  Thanks.
  * Bugfix #320.1: Eliminate multiple closing of file descriptors
    Thanks Neil Cook
  * Bugfix #320.2: Array bounds bug in upstream_select
    Thanks Neil Cook
  * Bugfix #318: getdnsapi/getdns/README.md links to nonexistent wiki
    pages.  Thanks James Raftery
  * Bugfix #322: MacOS 10.10 (Yosemite) provides TCP fastopen interface
    but does not have it implemented.  Thanks Joel Purra
  * Compile without Stubby by default.  Stubby now has a git repository
    of its own.  The new Stubby repository is added as a submodule.
    Stubby will still be build alongside getdns with the --with-stubby
    configure option.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170825/d18efa04/attachment.bin>