< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >
Re: [reSIProcate] What does DNS blacklisting mean?

From: Dave Mason <Dave.Mason@xxxxxxxxxxx>
Date: Fri, 1 Dec 2006 12:19:00 -0600
Yow, I noticed that change yesterday.  I grabbed the new testDns, but it
didn't like the 1.0.2 version of DnsResult.  Then I grabbed that, it needed
a lot of other things.  I stuck with the 1.0.2 stack and commented out lines
91 through 95 in testDns, which seemed to work.  Those lines call
DnsResult::blacklistLast().  My last email was using the 1.0.2 version of
testDns.cxx.

I just noticed that the first assert(!dns.requiresProcess()) before the
load-leveling test in the new testDns.cxx fails.  That may be a result of me
mixing new and old code.

I'll look further into what happens when things get blacklisted.  Soon as I
get past that assert problem I may find that blacklisted items don't get
returned.  I also notice theyre only blacklisted for a given time.

Will there be a 1.0.3 soon, or a stable point when I can download
everything? :)

Regards,
Dave

-----Original Message-----
From: Byron Campen 
Sent: Friday, December 01, 2006 11:38 AM
To: Dave Mason
Subject: Re: [reSIProcate] What does DNS blacklisting mean?

        So, before I took a pickaxe to it, DnsResult::next() would result in
blacklisting the result it had returned previously. I removed this behavior.
Now you need to explicitly tell DnsResult that you wish to blacklist the
last returned tuple. (through DnsResult::blacklistLast (), I think) Check
out the latest revision. (A note: testDns is very different now. It may be
hard to digest.)

Best regards,
Byron Campen

> Thanks, that makes sense.  Guess I'm still curious how the DNS layer 
> would know what happened at the SIP layer.  When I run the 1.0.2 
> version of testDns for "sip:yahoo.com", which only has A records, I 
> get a good response but it appears the A records always get 
> blacklisted:
>
> STACK | 20061130-161358.478 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:944 | No SRV records for yahoo.com. Trying A records
> STACK | 20061130-161358.597 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | dns/DnsStub.cxx:371 | DnsStub::Query::go: yahoo.com type(enum): 1
> proto: 1
> STACK | 20061130-161358.708 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:693 | Received dns result for: yahoo.com
> STACK | 20061130-161358.708 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:694 | DnsResult::onDnsResult() 0
> STACK | 20061130-161358.708 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:712 | Adding [ V4 66.94.234.13:5060 UDP target
> domain=yahoo.com connectionId=0 ] to result set STACK | 
> 20061130-161358.708 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:712 | Adding [ V4 216.109.112.135:5060 UDP target
> domain=yahoo.com connectionId=0 ] to result set DnsHandler received 
> yahoo.com STACK | 20061130-161358.708 | dcmlaptop | testDns | 
> RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:143 | Returning next dns entry: [ V4
> 66.94.234.13:5060 UDP
> target domain=yahoo.com connectionId=0 ] yahoo.com -> [ V4 
> 66.94.234.13:5060 UDP target domain=yahoo.com connectionId=0 ] STACK | 
> 20061130-161358.708 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:143 | Returning next dns entry: [ V4
> 216.109.112.135:5060
> UDP target domain=yahoo.com connectionId=0 ] DEBUG | 
> 20061130-161358.709 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:1197 | Blacklisting yahoo.com(1): 66.94.234.13
> DEBUG | 20061130-161358.709 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:1199 | Remove vip yahoo.com(1)
> yahoo.com -> [ V4 216.109.112.135:5060 UDP target domain=yahoo.com 
> connectionId=0 ] DEBUG | 20061130-161358.709 | dcmlaptop | testDns | 
> RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:1197 | Blacklisting yahoo.com(1): 216.109.112.135
> DEBUG | 20061130-161358.709 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:1199 | Remove vip yahoo.com(1)
> STACK | 20061130-161358.709 | dcmlaptop | testDns | RESIP:DNS |
> 21943 | 1026
> | DnsResult.cxx:399 | Priming []
> DNS results for sip:yahoo.com
> [ V4 66.94.234.13:5060 UDP target domain=yahoo.com connectionId=0 ] [ 
> V4 216.109.112.135:5060 UDP target domain=yahoo.com connectionId=0 ]
>
> Also, if I change testDns to put this in a loop to do a sequence of 4 
> lookups on the same URI, the ipAddrs always come back in a different 
> order.
> Is that caused by blacklisting?  (Call dns.lookup 4 times, wait for 
> all to complete(), then print results.)  Guess I was thinking that if 
> something was really "blacklisted" it wouldn't get returned at all on 
> following lookups.
>
> DNS results for sip:yahoo.com
> [ V4 216.109.112.135:5060 UDP target domain=yahoo.com connectionId=0 ] 
> [ V4 66.94.234.13:5060 UDP target domain=yahoo.com connectionId=0 ] 
> DNS results for sip:yahoo.com [ V4 66.94.234.13:5060 UDP target 
> domain=yahoo.com connectionId=0 ] [ V4 216.109.112.135:5060 UDP target 
> domain=yahoo.com connectionId=0 ] DNS results for sip:yahoo.com [ V4 
> 216.109.112.135:5060 UDP target domain=yahoo.com connectionId=0 ] [ V4 
> 66.94.234.13:5060 UDP target domain=yahoo.com connectionId=0 ] DNS 
> results for sip:yahoo.com [ V4 66.94.234.13:5060 UDP target 
> domain=yahoo.com connectionId=0 ] [ V4 216.109.112.135:5060 UDP target 
> domain=yahoo.com connectionId=0 ]
>
> Regards,
> Dave
>
> ________________________________
>
> From: Byron Campen
> Sent: Thursday, November 30, 2006 5:04 PM
> To: Dave Mason
> Subject: Re: [reSIProcate] What does DNS blacklisting mean?
>
>
> Ok, in the event that you get a 503 with a Retry-After from a UAS you 
> tried to send to, you are supposed to refrain from sending to that 
> tuple again until the Retry-After has expired. The way we do this is 
> allow tuples to be "blacklisted" for a fixed duration, during which 
> the DNS system will discard any results pointing to that tuple, as it 
> looks them up. If, however, many queries were executed simultaneously, 
> it is possible that many DnsResults will happily give you a 
> blacklisted tuple that they loaded before you blacklisted it.
>
> Best regards,
> Byron Campen
>
>
>       Hi,
>
>       Hate to ask a noob question, but what does it mean when a DNS query 
> result
>       gets blacklisted?  I saw on the web page it has something to do with

> a
>       transmit failure, so I assume I shouldn't use the tuples that get 
> returned
>       in the query results vector.  If those results are bad, why do they 
> still
>       get returned?  Is there a status flag I should check before using 
> them?
>
>       Regards,
>       Dave
>
Follow-Ups:
- Re: [reSIProcate] What does DNS blacklisting mean?
  - From: Byron Campen
Prev by Date: Re: [reSIProcate] What does DNS blacklisting mean?
Next by Date: Re: [reSIProcate] What does DNS blacklisting mean?
Previous by thread: Re: [reSIProcate] What does DNS blacklisting mean?
Next by thread: Re: [reSIProcate] What does DNS blacklisting mean?
Index(es):
- Date
- Thread