Commit Graph

15 Commits

Author SHA1 Message Date
Jacob Hoffman-Andrews 0068f02680
bdns: Return timeout errors for DoH timeouts (#7569)
Since the switch to DoH, when a query from Boulder to Unbound times out
we get a generic "server failure at resolver" error message. This
updates `bdns.Error` so it returns "query timed out" instead, which is
more informative.

Co-authored-by: Samantha Frank <hello@entropy.cat>
2024-07-03 11:07:38 -04:00
Jacob Hoffman-Andrews 4f171604fe
Expose Extended DNS Errors (#6906)
If the resolver provides EDE (https://www.rfc-editor.org/rfc/rfc8914),
Boulder will automatically expose it in the error message. Note that
most error messages contain the error RCODE (NXDOMAIN, SERVFAIL, etc),
when there is EDE present we omit it in the interest of brevity. In
practice it will almost always be SERVFAIL, and the extended error
information is more informative anyhow.

This will have no effect in production until we configure Unbound to
enable EDE.

Fixes #6875.

---------

Co-authored-by: Matthew McPherrin <mattm@letsencrypt.org>
2023-05-18 20:43:00 -07:00
Jacob Hoffman-Andrews 6a8bec395f
Distinguish cancellation from timeout in DNS. (#5385)
Under normal circumstances, I believe we should never have cause to
return a cancellation-related error to the user. This change should
distinguish that case in the logs so we can look for it. If it turns out
we do sometimes return cancellation-related errors to the user, we
should do further digging and figure out why.

Related #5346
2021-04-05 15:44:27 -07:00
Jacob Hoffman-Andrews 2a8f0fe6ac
Rename several items in bdns (#5260)
[Go style says](https://blog.golang.org/package-names):

> Avoid stutter. Since client code uses the package name as a prefix
> when referring to the package contents, the names for those contents
> need not repeat the package name. The HTTP server provided by the
> http package is called Server, not HTTPServer. Client code refers to
> this type as http.Server, so there is no ambiguity.

Rename DNSClient, DNSClientImpl, NewDNSClientImpl,
NewTestDNSClientImpl, DNSError, and MockDNSClient to follow those
guidelines.

Unexport DNSClientImpl and MockTimeoutError (was only used internally).

Make New and NewTest return the Client interface rather than a concrete
`impl` type.
2021-01-29 17:20:35 -08:00
alexzorin 03090a0e80 bdns: friendly error text for NXDOMAIN, SERVFAIL (#4642)
Providing additional explanatory text in the error message may help
guide users who are unfamiliar with DNS error codes.
2020-01-14 08:54:33 -08:00
Roland Bracewell Shoemaker 6f93942a04 Consistently used stdlib context package (#4229) 2019-05-28 14:36:16 -04:00
Roland Bracewell Shoemaker e2b2511898 Overhaul internal error usage (#2583)
This patch removes all usages of the `core.XXXError` and almost all usages of `probs` outside of the WFE and VA and replaces them with a unified internal error type. Since the VA uses `probs.ProblemDetails` quite extensively in challenges, and currently stores them in the DB I've saved this change for another change (it'll also require a migration). Since `ProblemDetails` should only ever be exposed to end-users all of its related logic should be moved into the `WFE` but since it still needs to be exposed to the VA and SA I've left it in place for now.

The new internal `errors` package offers the same convenience functions as `probs` does as well as a new simpler type testing method. A few small changes have also been made to error messages, mainly adding the library and function name to internal server errors for easier debugging (i.e. where a number of functions return the exact same errors and there is no other way to distinguish which method threw the error).

Also adds proper encoding of internal errors transferred over gRPC (the current encoding scheme is kept for `core` and `probs` errors since it'll be ideally be removed after we deploy this and follow-up changes) using `grpc/metadata` instead of the gRPC status codes.

Fixes #2507. Updates #2254 and #2505.
2017-03-22 23:27:31 -07:00
Roland Bracewell Shoemaker 54573b36ba Remove all stray copyright headers and appends the initial line to LICENSE.txt (#1853) 2016-05-31 12:32:04 -07:00
Jacob Hoffman-Andrews e6c17e1717 Switch to new vendor style (#1747)
* Switch to new vendor style.

* Fix metrics generate command.

* Fix miekg/dns types_generate.

* Use generated copies of files.

* Update miekg to latest.

Fixes a problem with `go generate`.

* Set GO15VENDOREXPERIMENT.

* Build in letsencrypt/boulder.

* fix travis more.

* Exclude vendor instead of godeps.

* Replace some ...

* Fix unformatted cmd

* Fix errcheck for vendorexp

* Add GO15VENDOREXPERIMENT to Makefile.

* Temp disable errcheck.

* Restore master fetch.

* Restore errcheck.

* Build with 1.6 also.

* Match statsd.*"

* Skip errcheck unles Go1.6.

* Add other ignorepkg.

* Fix errcheck.

* move errcheck

* Remove go1.6 requirement.

* Put godep-restore with errcheck.

* Remove go1.6 dep.

* Revert master fetch revert.

* Remove -r flag from godep save.

* Set GO15VENDOREXPERIMENT in Dockerfile and remove _worskpace.

* Fix Godep version.
2016-04-18 12:51:36 -07:00
Roland Bracewell Shoemaker 8eaf247ee9 Split CAA checking out to its own service (#1647)
* Split out CAA checking service (minus logging etc)
* Add example.yml config + follow general Boulder style
* Update protobuf package to correct version
* Add grpc client to va
* Add TLS authentication in both directions for CAA client/server
* Remove go lint check
* Add bcodes package listing custom codes for Boulder
* Add very basic (pull-only) gRPC metrics to VA + caa-service
2016-04-12 23:02:41 -07:00
Jacob Hoffman-Andrews 40167f3da3 Merge remote-tracking branch 'le/master' into dns-errors-fix
Conflicts:
	bdns/dns.go
	bdns/dns_test.go
	mocks/mocks.go
	ra/registration-authority.go
	ra/registration-authority_test.go
2016-01-08 14:07:05 -08:00
Jacob Hoffman-Andrews 78f43d8a4c Add context errors. 2016-01-08 13:04:00 -08:00
Jacob Hoffman-Andrews df4ba7aaa8 Report DNS errors properly.
Previously we would return a detailed errorString, which ProblemDetailsFromDNSError
would turn into a generic, uninformative "Server failure at resolver".

Now we return a new internal dnsError type, which ProblemDetailsFromDNSError can
turn into a more informative message to be shown to the user.
2016-01-04 16:07:02 -08:00
Jeff Hodges 92f1689310 make DNS ProblemDetails more clear
Fixes #1259
2015-12-28 13:09:33 -08:00
Jeff Hodges b31165444f move dns code to dns pkg and rename to bdns
Moves the DNS code from core to dns and renames the dns package to bdns
to be clearer.

Fixes #1260 and will be good to have while we add retries and such.
2015-12-14 11:21:43 -08:00