gravity
gravity copied to clipboard
BeryJu
HTTP req to blocklist URL defaults to AAAA recrod address, no failback to A record
On https://github.com/BeryJu/gravity/commit/d6148a7f810165e36b5e7fe199611929053dbfeb
{"level":"info","ts":1703031274.8847294,"logger":"role.dns","msg":"starting blocky async","instance":"gravity-0","version":"0.8.0-d6148a7f","zone":".","handler":"forward_blocky"}
[2023-12-20 00:14:34] WARN list_cache: Can't download file: Get "https://big.oisd.nl/domainswild": dial tcp [2001:41d0:701:1100::5b10]:443: connect: network is unreachable attempt=1/3 link=https://big.oisd.nl/domainswild
[2023-12-20 00:14:34] WARN list_cache: Can't download file: Get "https://big.oisd.nl/domainswild": dial tcp [2001:41d0:701:1100::5b10]:443: connect: network is unreachable attempt=2/3 link=https://big.oisd.nl/domainswild
There is no IPv6 connectivity on my instance and it does not seem to attempt the A record address.
I don't think I can control that in the blocky config
I set forward_ip, recreated my pods from the tagged v0.8.1 release, set forward_blocky again after they all finished, and all seems well now. Wildcard lists are working. Thanks!
I don't think I can control that in the blocky config
I did some more testing and gathered some more logs. It seems the issue was actually that the A records were not obtained. I am seeing this issue with forward_ip type, so it must not be related to blocky.
Here are some examples of what I am seeing. This is on v0.8.1 tagged release.
Incomplete CNAME resolution: https://pastebin.com/raw/zfSic0ZR Gravity log: https://pastebin.com/raw/2PBmGr87
Resolves AAAA records, but not A records: https://pastebin.com/raw/kAwymuUz
Rolled cluster back to v0.7.0 and cleared out all records in root zone. The 2 example domains posted above now resolve as expected: https://pastebin.com/raw/Fhv7TXzk
Config in all test cases:
- type: memory
- type: etcd
- to: 1.1.1.1;9.9.9.9
type: forward_ip