[LispM] What does a valid internet address look like?

Steven Nunez steven.nunez at illation.com.hk
Sun Aug 20 17:44:27 PDT 2017 

I see. Yes, it is going on to make several other queries, for example for well-known services. I assumed because there was no results displayed in the call to diskstation that it was somehow unsuccessful and moving on. Your explanation makes it clear that it was successful, but not printing output (I wonder why?) and then checking other sources. 

On the topic of only asking two servers, I am not observing the same behavior. Note the candidate list in the output, there are three DNS servers listed. At the end of the debug output, the resolver has only asked two, never getting to OpenDNS. I wasn't counting, but I also seemed to note that two was the magic number for failures too: the resolver would only ask two domain servers and give up if both failed. It may very well be the negative answers you mention, but I've lost that output and configuration a few days ago.

Interesting that it caches. Does the cache survive a reboot? It would be great to store this information in some kind of augmented namespace file. Is there a way to look at this cache? That would make debugging a bit easier in the future.

On the topic of CNAMES, there is definitely a bug in recursive CNAMES. Gary P. reported it a few months ago where Genera's domain resolver doesn't expect the target of a CNAME record to be another CNAME record. Tragically, this is what tripped me up for quite a while trying to debug this: www.ibm.com is an example of one of these.

Regards,
	- Steve


-----Original Message-----
From: Kalman Reti [mailto:kalman.reti at gmail.com] 
Sent: 20 August, 2017 20:08
To: steven.nunez at illation.com
Cc: ams at gnu.org; lispm at tunes.org
Subject: Re: [LispM] What does a valid internet address look like?

On 8/20/17, Steven Nunez <steven.nunez at illation.com.hk> wrote:
> Thank-you Kalman, the hint on debugging enabled me to solve the 
> problem, although there are still a few things that baffle me. The 
> most puzzling is why, when the local DNS server answers (host 
> diskstation), the resolver continues asking other hosts to resolve the 
> query? You can see this in the trace below, where it receives an 
> answer from diskstation, then goes right on to ask hurricane-dns. At 
> least the parse-msg output makes me think diskstation provided answers.
>

The domain code in Genera is trying to fill a cache; so it keeps asking questions until it has exhausted all unasked sources of knowledge. There is a time to live included in each entry in the cache; queries made before the TTL has expired will be fulfilled without actually asking any servers.

One possibility (your debug output picture cuts out before giving an
indication) is that
it is looking for services on the host (i.e. a different query).

These used to be advertised/kept in DNS, but that practice has fallen out favor.  The Lisp machine does a run-time generic best-match for network services using this information (another practice probably unique to the lisp machine and undreamt of in todays computing universe).

>
>
>
>
>
>
>
>
> A few observations for anyone doing this in the future:
>
>
>
> *	The Genera resolver seems to ask at most two DNS servers, then fails. It
> would be nice to be able to increase this number.

This is not my experience; it asks all the servers that can shed light on the question.
I believe that if it gets an authoritative negative answer, it stops.
I've seen DNS servers misbehave by giving such answers erroneously.
The entire debug output would tell the tale.

The code could probably use some bullet-proofing in the face of the odd DNS server behaviors out there.

> *	The majority of the DNS servers I tried do not respond properly to the
> wildcard request. Trial and error is required.
>

Wilcards were necessary/useful in the old days where services could be available on either :chaos or :internet (and which was was the best to use could vary between the two at any moment). [This list was also considered extensible, e.g. :SNA could be (and was) added for IBM mainframe services.]

>
>
> @Kalman, you mentioned “…things might work better with such a 
> misbehaving server by making :internet requests instead of wildcard 
> requests.” That might be worth a try. How do I do that?
>

Only by changing the source code. In domains.lisp, I did the experiment of changing most of the :* for the class argument to :internet in argument list defaults and internal queries and that partially worked. This allowed me to parse "fiji.csail.mit.edu" using Google's 8.8.8.8 DNS server. However, other test parses ran into a problem where a CNAME was (mis)interpreted as a services list.  In particular, AKAMAI seems to have long chains of CNAMES and I think there might be a bug in this area (I vaguely recall attempting to fix something like that at MIT decades ago).

>
>
> Thanks & Regards,
>
> Steve
>
>
>
>
>
> From: Kalman Reti [mailto:kalman.reti at gmail.com]
> Sent: 20 August, 2017 05:16
> To: Steven Núñez <steven.nunez at illation.com>
> Cc: ams at gnu.org; lispm at tunes.org
> Subject: Re: [LispM] What does a valid internet address look like?
>
>
>
> On Aug 19, 2017 4:58 AM, "Steven Nunez" <steven.nunez at illation.com.hk 
> <mailto:steven.nunez at illation.com.hk> > wrote:
>
> A small step forward: I know that it is not because of communication issues.
> Taking Alfred's advice, I set-up a local DNS server and confirmed 
> connectivity, recursive look-ups, etc, but the problem persists. I had 
> a look at the stack trace:
>
>
>
>
>
>
>
>
>
> And had a look at the code in neti and host.lisp. Not pretty. I am not 
> sure where to begin.
>
> Regards,
>
> *	Steve
>
>
>
> -----Original Message-----
> From: Alfred M. Szmidt [mailto:ams at gnu.org <mailto:ams at gnu.org> ]
>
> Sent: 18 August, 2017 17:05
> To: steven.nunez at illation.com <mailto:steven.nunez at illation.com>
> Cc: lispm at tunes.org <mailto:lispm at tunes.org>
> Subject: Re: [LispM] What does a valid internet address look like?
>
>
>
>    No, still stuck. Most recently I added the remote DNS servers as 
> hosts in
>
>    the namespace with them listed as providing the service, like this:
>
>
>
>    HOST GOOGLE-RESOLVER
>
>    SERVICE DOMAIN TCP DOMAIN
>
>    ADDRESS INTERNET 8.8.8.8
>
>    SYSTEM-TYPE UNIX42
>
>    NICKNAME GOOGLE-DNS
>
>    SITE SINGAPORE
>
>
>
>    but still no name resolution. Very frustrating; normally the docs 
> are quite
>
>    good, but something is clearly wrong. I've attached the entire 
> namespace
>
>    file here too. Maybe I'm missing something obvious.
>
>
>
>
>
> Does your site have an internet address on its namespace object, root 
> domain servers defined on its site object (plus the recursive query 
> property set to
> yes) and at least one host with 'domain tcp domain' service?
>
>
>
> If yes, you domain server is probably refusing wildcard requests (i.e. :*).
> AFAIK this is not allowed in the original RFC's, but things might work 
> better with such a misbehaving server by making :internet requests 
> instead of wildcard requests.
>
>
>
> By binding neti:*debug-domain-requests* to non-nil around a request, 
> you can see the queries to and responses from the server, e.g.
>
>
>
> (let ((neti:*debug-domain-requests* t)) (si:parse-host "www.ibm.com 
> <http://www.ibm.com> "))
>
>
>
> Did you read the netio documentation?  I don't have Genera setup up 
> currently to look.  I do have a vauge recollection that DNS names are 
> just plain strings, i.e. "abc.com <http://abc.com> ".  Now, one issue 
> might be just that Google's DNS is not responding, or that Genera is 
> sending garbage.
>
> Can you check that, or use a local BIND instance?
>
>
>
> Do nyou have a host that talks telnet somewhere? I'm sure that telnet 
> accepts some sort of a hostname which you could test.  Many of the 
> basic stuff like ICMP only take an address.
>
>
> _______________________________________________
> LispM mailing list
> LispM at tunes.org <mailto:LispM at tunes.org> 
> http://lists.tunes.org/mailman/listinfo/lispm
>
>
>
>

More information about the LispM mailing list