postal icon indicating copy to clipboard operation
postal copied to clipboard
verified publisher icon postalserver

DNS checks should use fully qualified names

Open hameno opened this issue 6 years ago • 6 comments

I noticed that the code at https://github.com/postalhq/postal/blob/bb27d8c8a1703250a080caa0a182452aa4896783/app/models/domain/dns_checks.rb#L43 just uses the entered domain name without appending an "." (to make it fully qualified) This means in certain configurations, e.g. ndots:5 in resolv.conf, will cause DNS checks to fail.

hameno avatar Nov 26 '19 14:11 hameno

Thanks @hameno are you experiencing this error currently?

willpower232 avatar Nov 26 '19 14:11 willpower232

Yes, I managed to reduce the ndots configuration in my kubernetes environment for the pod and it now works, but I believe this should be fixed

hameno avatar Nov 26 '19 14:11 hameno

Ah cool, I'll leave it open as a bug so it'll get sorted one way or the other

willpower232 avatar Nov 26 '19 17:11 willpower232

I imagine I'll never get an answer to this but presumably you have use_local_ns_for_domains enabled?

adamcooke avatar Jul 29 '21 11:07 adamcooke

I'm not sure, what does this setting do exactly? don't remember setting it explicity (and not fully involved in that project anymore)

hameno avatar Jul 29 '21 11:07 hameno

Postal will usually try to query directly with your nameservers for these DNS checks which really shouldn't be affected by the ndots. If not, it'll use your local resolvers.

I can just add a trailing . to the end of the queries though for extra safety.

adamcooke avatar Jul 29 '21 11:07 adamcooke

Please can you upgrade to the latest version of Postal and confirm whether this issue still exists? If so, please open a new issue for triage. Be sure to include any relevant log data as well as details about your environment as prompted by the new issue template.

adamcooke avatar Mar 06 '24 10:03 adamcooke