Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sl): fix error code #1366

Merged
merged 1 commit into from
May 12, 2024
Merged

fix(sl): fix error code #1366

merged 1 commit into from
May 12, 2024
+13 −3

Conversation

kishore03109
Copy link
Contributor

@kishore03109 kishore03109 commented May 9, 2024
edited
Loading

Problem

There was a bug in the implementation of #1355. This worked for sites that were already launched. Newer sites which do no resolve to any host name throws a ENOTFOUND, which should be an ok error.

Solution

To fix this issue, we explicitly check for this error code as well to ensure that this does not error out.

Breaking Changes

  • Yes - this PR contains breaking changes
    • Details ...
  • No - this PR is backwards compatible with ALL of the following feature flags in this doc

Tests

tldr; below we are testing for

  1. domains that have caa + aaaa record (google.com)
  2. domains that dont resolve to a host name (dontexist.sg)
  3. domains that do resolve to a host name but dont have an aaaa/caa record (isomer.gov.sg)

Locally enter these values into support/routes/v2/formsg/index.ts

formsgSiteLaunchRouter
  .digAAAADomainRecords({
    primaryDomainSource: "isomer.gov.sg",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)

formsgSiteLaunchRouter
  .digCAADomainRecords({
    primaryDomainSource: "isomer.gov.sg",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)
formsgSiteLaunchRouter
  .digAAAADomainRecords({
    primaryDomainSource: "dontexist.sg",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)

formsgSiteLaunchRouter
  .digCAADomainRecords({
    primaryDomainSource: "dontexist.sg",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)
formsgSiteLaunchRouter
  .digAAAADomainRecords({
    primaryDomainSource: "google.com",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)

formsgSiteLaunchRouter
  .digCAADomainRecords({
    primaryDomainSource: "google.com",
  } as SiteLaunchResult)
  .then(console.log)
  .catch(console.error)

assert that the console log outputs

support-1   | [08:59:33.272] INFO (56): Domain does not have any AAAA records.
support-1   |     module: "formsgSiteLaunch"
support-1   |     meta: {
support-1   |       "domain": "isomer.gov.sg"
support-1   |     }
support-1   | { addAWSACMCertCAA: true, addLetsEncryptCAA: false }
support-1   | [
support-1   |   {
support-1   |     domain: 'google.com',
support-1   |     type: 'AAAA',
support-1   |     value: '2404:6800:4003:c11::64'
support-1   |   },
support-1   |   {
support-1   |     domain: 'google.com',
support-1   |     type: 'AAAA',
support-1   |     value: '2404:6800:4003:c11::65'
support-1   |   },
support-1   |   {
support-1   |     domain: 'google.com',
support-1   |     type: 'AAAA',
support-1   |     value: '2404:6800:4003:c11::71'
support-1   |   },
support-1   |   {
support-1   |     domain: 'google.com',
support-1   |     type: 'AAAA',
support-1   |     value: '2404:6800:4003:c11::8b'
support-1   |   }
support-1   | ]
support-1   | []
support-1   | { addAWSACMCertCAA: false, addLetsEncryptCAA: false }
support-1   | { addAWSACMCertCAA: false, addLetsEncryptCAA: false }
support-1   | []
support-1   | [08:59:33.272] INFO (56): Domain does not have any CAA records.
support-1   |     module: "formsgSiteLaunch"
support-1   |     meta: {
support-1   |       "domain": "isomer.gov.sg"
support-1   |     }
support-1   | [08:59:33.272] INFO (56): Domain does not have any CAA records.
support-1   |     module: "formsgSiteLaunch"
support-1   |     meta: {
support-1   |       "domain": "dontexist.sg"
support-1   |     }
support-1   | [08:59:33.272] INFO (56): Domain does not have any AAAA records.
support-1   |     module: "formsgSiteLaunch"
support-1   |     meta: {
support-1   |       "domain": "dontexist.sg"
support-1   |     }

@kishore03109 Graphite App
Copy link
Contributor Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @kishore03109 and the rest of your teammates on Graphite Graphite

@kishore03109 kishore03109 force-pushed the 05-09-fix_sl_fix_error_code branch from abf0d0e to e64a239 Compare May 9, 2024 09:08
@kishore03109 kishore03109 marked this pull request as ready for review May 9, 2024 09:09
@kishore03109 kishore03109 requested a review from a team May 9, 2024 09:09
alexanderleegs
alexanderleegs reviewed May 10, 2024
View reviewed changes
src/constants/constants.ts
Comment on lines +79 to +80
export const ALLOWED_DNS_ERROR_CODES = ["ENOTFOUND", "ENODATA"]

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm ENOTFOUND seems to be a catch all actually, should we be including this in the list of acceptable error codes?

From the node dns docs:

Keep in mind that err.code will be set to 'ENOTFOUND' not only when the host name does not exist but also when the lookup fails in other ways such as no available file descriptors.

Copy link
Contributor Author

@kishore03109 kishore03109 May 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you know of any other way to capture no host name ah?
i agree that this is not the best way since we have a blind spot here, but their api does not seem to have an check for just the existence of a host name.

note that do have an error code for say timeout (ERR_SOCKET_CONNECTION_TIMEOUT ), so was hopeful that this would enough to catch transient network errors

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this happen on every site launch? Or is this an infrequent error caused by the agency not putting up their records in time? If it's infrequent there might be value in having to manually check, rather than possibly giving the agency a false positive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check happens once every site launch. But the error 'ENOTFOUND' is specifically thrown for every new domain that is being launched. We have had multiple incidents happen due to human error during SL (think one happened just this week with the pr to indirection layer iirc), so I am very inclined not to have manual checks. This PR's test plan has a sense check by running dns.promises on your docker for both resolve6 AND CAA for sites that have and dont have the above values. My stance is errors slip through will be rare, and as such the false positive is low enough to not affect operations.

@kishore03109 kishore03109 merged commit 59d1f4a into develop May 12, 2024
11 of 12 checks passed
@mergify mergify bot deleted the 05-09-fix_sl_fix_error_code branch May 12, 2024 08:59
@dcshzj dcshzj mentioned this pull request May 13, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexanderleegs alexanderleegs alexanderleegs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kishore03109 @alexanderleegs