We set the number of replicas to 1 so that when you create a key-value
on `ns-gce.sslip.io`, you're sure of retrieving that value later from
`ns-gce.sslip.io`.
Previously it could hit the other replica, which would have a different
key-value store, which would make the value "disappear".
We enable special behavior under the `kv.sslip.io` subdomain: it can be
treated as a key-value store, the sub-subdomain being the key, and the
TXT record being the value.
For example, to write ("put") the value "12.0.1" to the key
"macos-version" on the `ns-gce.sslip.io.` nameserver, you'd use the
following `dig` command:
```shell
dig @ns-gce.sslip.io. txt put.12.0.1.macos-version.kv.sslip.io.
```
To read ("get") the value back, you'd write the following `dig` command:
```shell
dig @ns-gce.sslip.io. txt get.macos-version.kv.sslip.io.
```
Since "get" is the default behavior, you don't need to include it in the
domain name:
```shell
dig @ns-gce.sslip.io. txt macos-version.kv.sslip.io.
```
Finally, when you're done with the key-value, you can "delete" it:
```shell
dig @ns-gce.sslip.io. txt delete.macos-version.kv.sslip.io.
```
Notes:
- Keys are case-insensitive (to accommodate DNS convention). In other
words, `KEY.kv.sslip.io` and `key.kv.sslip.io` return the same TXT
record.
- Values are case-sensitive. `put.CamelCase.style.kv.sslip.io` sets the
TXT record to "CamelCase".
- `put` requests will return the TXT record being put; i.e.
`put.hello.world.kv.sslip.io` returns one TXT record of one string,
`hello`.
- `delete` requests will return the TXT record being deleted; i.e.
`delete.world.kv.sslip.io` returns one TXT record of one string,
`hello`. If the TXT record does not exist, no TXT records will be
returned.
- Values are limited to 63 bytes to mitigate using the sslip.io servers
in a [DNS amplification
attack](https://us-cert.cisa.gov/ncas/alerts/TA13-088A).
- Values are not persistent: if the server is restarted, all values
disappear. Poof.
- Values are not consistent. If a value is set in `ns-aws.sslip.io`, it
does not propagate to `ns-gce.sslip.io` nor `ns-azure.sslip.io`.
This pipeline's only purpose was an asset in a blog post that I wrote a
couple of years ago, and is no longer necessary.
Also, and this sounds petty, but I didn't like the RED on my CI--I'd
like to see as much green as possible. Now my CI is green (with the
exception of the many-colored "badges" pipeline).
They have been replaced by the sslip.io nameservers. I had been meaning
to do this a long time, and nothing like a Thanksgiving weekend to get
long-lingering tasks done.
The Docker images are now created automatically with our pipeline.
That's right: with 80 hours of work we saved 30 seconds of work! We are
nothing if not efficient.
We currently use three nameservers in the `nono.io` domain, but that's
confusing--why not have the nameservers in the `sslip.io` domain?
This commit starts the ball rolling to convert to the sslip.io. We'll
have a brief period where we have _both_ `nono.io` and `sslip.io`
nameservers.
At which point we'll add the `sslip.io` nameservers to our registrar,
Namecheap.com.
Once they've been added to our registrar, we'll wait a day or two to
propagate, and then we'll delete references to the `nono.io`
nameservers.
...especially since I recently switched from `master` to `main` on
sslip.io's repo.
Also I got rid of the Concourse groups, which I don't like at all. And I
added some pretty icons to the resources.
...especially since I recently switched from `master` to `main` on
sslip.io's repo.
Also I got rid of the Concourse groups, which I don't like at all. And I
added some pretty icons to the resources.
fixes:
```
error: error unmarshaling JSON: while decoding JSON: malformed task step: json: cannot unmarshal bool into Go struct field TaskRunConfig.config.run.path of type string
```
Also, change the order of `dig` arguments so that the server being
queried is first (e.g. `@#{whois_nameserver}`) and the arguments (e.g.
`+short`), is last.
Our documentation was wrong; our homepage said to get the origin IP
address by querying the TXT record of the root, i.e. `dig
@ns-aws.nono.io txt . +short`; however, our code worked differently: it
returned the origin IP when the `.ip` TLD was queried.
The new behavior is that it returns the origin IP when `ip.sslip.io.` is
queried, and the documentation now reflects that behavior.
Also, that behavior is marked "experimental" to give us leeway to
change.
[fixes#11]
- Returns version information for DNS server
- Contains 3 strings:
- Semantic version, e.g. "2.2.1"
- Date of compilation
- Latest git hash
Note: the BOSH Release will have a different compilation date &
different git hash than the released executables; the semantic version
will be the same.
I needed a way of determining the version that a server was running. I
orginally considered a command-line argument, but then I thought, "Why
not create a DNS record for it? That way I can query running servers
without needing to ssh onto the machine."
The TXT record consists of three distinct strings: version, compile
date, and git hash.
```bash
dig txt version.sslip.io +short
"2.2.1"
"2021/10/03-15:08:54+0100"
"6a928eb"
```
The integration tests were failing on my laptop.
As a side note, it's interesting that a 2013 desktop is almost three times
faster than a 2020 laptop. Sic transit gloria mundi.
Drive-by: I removed a `JustBeforeEach()` clause that wasn't being used,
and removed a comment that no longer applied (we no longer need to stop
`systemd-resolved`)
This time it's fixed for sure.
I should have tested the previous commit before I pushed it. Or I could
have re-written the git history to make a complete commit, but as an
exercise in humility I decided to allow my mistakes to be seen.
fixes: <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/6>
```
dig: couldn't get address for '::1': address family not supported
```
Our unit tests have been failing on our IPv4-only containers because one
of the tests forces a lookup from the (non-existent) IPv6 loopback
interface.
Now we first test to make sure such an interface exists by using
`ping6`. Corner-case: In the event that `ping6` is not on the machine
where the tests are run, but that machine has an IPv6 loopback
interface, that test will be mistakenly skipped. Big deal.
fixes: <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/4>
```
dig: couldn't get address for '::1': address family not supported
```
Previously, when querying special records such as the IP address, we had
to call out one of the three nameservers, e.g. `dig @ns-aws.nono.io ip.
+short -6`.
This lays the groundwork for queries such as `dig @ns.sslip.io ip.
+short -6`. Now users don't have to remember the 3 nono.io nameservers,
they only need to know the easy-to-remember `ns.sslip.io`. And they
don't need to worry about which one of the three nameservers is
IPv6-capable.
The test originally assumed the query would come from the IPv4 loopback,
not the IPv6 loopback. Now I specify the protocol in the dig query to
force either IPv4 or IPv6.
fixes:
```
Expected
<string>: "::1"
to match regular expression
<string>: 127.0.0.1
```
fixes:
```
error: error unmarshaling JSON: while decoding JSON: malformed task step: json: cannot unmarshal bool into Go struct field TaskRunConfig.config.run.path of type string
```
- Much of the information was from this blog post:
<https://goglides.io/manage-ntp-using-kubernetes/90/>
- Curiously, it creates another load balancer, so this brings me up to
three load balancers (HTTP(S)/DNS/NTP)
- It uses the OpenNTPD server. And ns-aws uses NTPsec, and ns-azure uses
the granddaddy, NTP.
We only have 1 node (because I'm frugal), so we really need only one
replica (it's more likely that the node has crashed rather than my
fairly-simple server).
Also, I pushed out the liveness probe to 5 minutes so the logs aren't
cluttered with probes every ten seconds.
I got rid of the readiness probe, which is only for "[applications
[that] are temporarily unable to serve
traffic](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)".
It cluttered the logs with its probes. Also my app is never
temporarily unable to serve.
fixes too many occurrences of:
```
::1.55268 TypeA 127.0.0.1.sslip.io. ? 127.0.0.1
```
