I wasn't using them the way they're supposed to be used. I was using
them because they were "cool" and I wanted to force-fit them.
Specifically, I never called `WaitGroup.Done()`. Instead of using
WaitGroups to keep from exiting, I now dive into a readFrom(), which
never returns.
In preparation for TCP binding, I re-worked the UDP binding process so
that it could be more understandable and more easily replicated.
I don't know that it's more understandable. I may have failed.
I was worried that the DNS server had no headroom left on the DNS server
after one incident where the CI was red and the responses were "choppy".
Rebooting (restarting?) fixed the problem.
- ~19k Apple M2
- ~8k vSphere Xeon D-1736 2.7GHz
- ~6k AWS Graviton T2
- ~5k Azure Xeon E5-2673 v4 @ 2.30GHz
The busiest server, ns-aws.nono.io, handles ~132 queries/second.
It seems there's enough headroom for 37x (5000/132) the current traffic
on the slowest server.
If I ever want to make sure the results are IDNA2008-compliant, I'll
know which test to start with.
One of the things that held me back was that I couldn't find a spec for
what constitutes IDNA2008 compliance.
[#30]
This commit introduces fuzz-testing for the PTR lookups' integration
test.
This commit does NOT successfully surface the following error condition.
In that sense, this commit is a failure:
```
/usr/bin/dig @ns.sslip.io -x ::11b7:bf0a:0:0:d410 +short
/usr/bin/dig: '--11b7-bf0a-0-0-d410.sslip.io.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout
```
- moves helper functions for test into a separate package,
`xip/testhelper`.
- uses `dig`'s `-x` flag to make PTR lookup tests more readable, e.g.
`dig -x ::1`
This IDN complaint has at least one related commit
([06f1556](06f1556699)).
[#30]
This allows our Concourse CI to pull the new multi-platform OCI Docker
images instead of pulling very stale, old Docker images.
Fixes, from <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/97>:
```
Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:
Ginkgo CLI Version:
2.5.0
Mismatched package versions found:
2.8.4 used by sslip.io-dns-server, xip
```
...instead of latest release. This happens, for example, if I didn't fix
the specs before rolling out a new release. I may change this back in
the future.
We are no longer doing key-value-over-DNS.
Fixes <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/dns-servers/builds/1097>
```
rspec './spec/check-dns_spec.rb[1:17:1]' # sslip.io k-v.io tested on the ns-aws.sslip.io. nameserver sets a value, 1678804743, on the key sslipio-spec.k-v.io
rspec './spec/check-dns_spec.rb[1:17:2]' # sslip.io k-v.io tested on the ns-aws.sslip.io. nameserver gets the newly-set value, 1678804743, from the key, sslipio-spec.k-v.io
rspec './spec/check-dns_spec.rb[1:33:1]' # sslip.io k-v.io tested on the ns-azure.sslip.io. nameserver sets a value, 1678804743, on the key sslipio-spec.k-v.io
rspec './spec/check-dns_spec.rb[1:33:2]' # sslip.io k-v.io tested on the ns-azure.sslip.io. nameserver gets the newly-set value, 1678804743, from the key, sslipio-spec.k-v.io
rspec './spec/check-dns_spec.rb[1:49:1]' # sslip.io k-v.io tested on the ns-gce.sslip.io. nameserver sets a value, 1678804743, on the key sslipio-spec.k-v.io
rspec './spec/check-dns_spec.rb[1:49:2]' # sslip.io k-v.io tested on the ns-gce.sslip.io. nameserver gets the newly-set value, 1678804743, from the key, sslipio-spec.k-v.io
```
Fixes, `fly trigger-job ...`:
```
error: resource not found
```
Fixes, `kubectl logs ...`:
```
flag provided but not defined: -etcdHost
Usage of /usr/sbin/sslip.io-dns-server:
```
I'm disabling the key-value store because no one was using it.
There are other reasons, too:
- The removal of the `etcd` library dropped the executable size by over
half from 17MB to 7MB
- I didn't want users who've deployed it internally to be "surprised" by
unexpected key-value features
- Key-value-over-DNS has a seamy side to it: "data exfiltration". I know
there are legitimate uses for it, but I've come to believe that a
Key-value-over-HTTP solution is preferable because it's not only more
legitimate but also because it eliminates the DNS caching problem.
From
<https://support.google.com/analytics/answer/10759417>:
> Google Analytics 4 is replacing Universal Analytics. On July 1, 2023
all standard Universal Analytics properties will stop processing new
hits.
I wonder if Google Analytics is worth the trouble.
Our CI sometimes builds "broken" docker images because it fails
downloading the proper executable (because I haven't populated the
GitHub release yet).
I'd like it to fail rather than publish broken images.
Fixes, during `docker run -it --rm cunnie/sslip.io-dns-server`:
```
exec /usr/sbin/sslip.io-dns-server: exec format error
```
In spite of good intentions, I never used Max Brunsfeld's Counterfeiter;
Counterfeiter is good for unit tests, but I've pivoted to using mostly
integration tests.
I took the opportunity to update `go.mod`:
```bash
rm go.mod go.sum
go mod init xip
go mod tidy
```
`ENTRYPOINT` [is more appropriate](https://codewithyury.com/docker-run-vs-cmd-vs-entrypoint/):
> ENTRYPOINT configures a container that will run as an executable
Which is exactly how I think the container should work for new people.
Yes, I'm screwing over the existing users. Sorry.
Google Cloud Plaatform (GCP) charged me $17.69 last month for "Cloud
Logging" which consumed 84.74 GiB.
At an average of 51.2 queries/second, and each log line
averaging 192 bytes, and 60*60*24*30 seconds/month, this works out to
25,480,396,800 bytes (23.73 GiB), which works out to a monthly savings of
$4.95 if I use the `-quiet` flag.
However, it seems that my saving would be even more because when I
visually browse the logs, at least ⅔ are from sslip.io logging.
I have *no* idea where all the other logs are coming from.
- Move "Directory Structure" lower down--it's not terribly useful,
certainly less useful than the "DNS Server" section.
- Remove the "tidy" turd at the bottom of the page. It adds no value,
and I'm not sure how it got there in the first place.
- A specific sections for flags such as `-nameservers`
- Add a section about running official Docker containers.
- get rid of the old, deprecated "faq" and "about" pages
[#21]
This change allows me to build new versions of the Docker images without
forcing me to create a gratuitous release merely for that purpose.
In this specific case, I had neglected to have `curl` follow redirects
(`-L`), thus the Docker images created were missing the sslip.io DNS
server.
On the downside, it's possible that the *nginx* Docker containers are
built with content/features that haven't been released yet, but I'm
willing to run that risk.
I had neglected to account for the 302 redirect.
Fixes, during `docker run -it --rm cunnie/sslip.io-dns-server`:
```
exec /usr/sbin/sslip.io-dns-server: exec format error
```
Drive-by: removed a Dockerfile left over from testing the creation of
multi-platform (x86_64, ARM64) Docker images.
Integration tests would fail approximately 11% of the time (4/35) when
run in parallel (on my 8-core MacBook Air). The fix was to lengthen the
amount of time (1ms → 2ms) a port was held to make sure it was really,
truly free. After change, the tests ran 32 times without a failure.
Fixes, during `ginkgo -r -p --until-it-fails .`
```
I couldn't bind to any IPs on port 1974, so I'm exiting
...
Waiting for:
Ready to answer queries
In [JustBeforeEach] at: /Volumes/workspace/sslip.io/src/sslip.io-dns-server/integration_flags_test.go:28 @ 11/11/22 10:38:02.045
```
