source of a socket error message

Dar Scott dsc at swcp.com
Fri Jul 19 11:23:34 EDT 2019


It might be we are overcomplicating things. Maybe this just needs a support note to check the Internet connection.

I am having a little trouble picturing the situation here. And like you, I wonder about the description. Since one city was mentioned, I thought there was a possibility of a single ISP having trouble with DNS. I can't tell if this is WAN or Internet, controlled sites or customer devices, ...

Filtering...

Another thing I thought about is filtering. I have seen evil filtering based on the URL that returns an IP address that returns a page with ads based on the contents of the URL. That would not return an error, but could mess up code trying to parse the result. I suppose that a filtering name server might return a lookup error for either a URL or an IP. The latter is goofy, but if that happens, bad neighbors could cause a loss of name service for the app's server. Or if the URL is accidentally, temporarily or maliciously put on Santa's naughty list for an hour, DNS for it might be unavailable. Quad9 (9.9.9.9) will reply with a NXDOMAIN (non-existent domain) if a site is blocked. The solution might be a support note to avoid filtering if it is not otherwise needed.

(Long ago, before we had our own LiveCode function, I made a small DNS client library. About the same time I got a new DSL router. The library was inconsistent in getting a lookup error. I was frustrated trying to debug this, but I figured it out. At boot, the router kept changing the name service IP address to one that pointed a site that returned an IP that generated ads, even though I had saved a different IP. I don't remember how I fixed that.)

> On Jul 18, 2019, at 9:46 AM, Mark Wieder via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> On 7/18/19 8:11 AM, dsc--- via use-livecode wrote:
>> Also...
>> If you have control of these sites and even if you use an ISP DNS service, you can add a secondary DNS IP address, perhaps a public recursive name server such as the Google Public DNS (8.8.8.8).  This will add a robustness without upgrading the software.
>> If you don't manage those, you can you can upgrade the software to access a public name server directly with TLS, or use DNS over HTTPS. DNS over HTTPS is not as easy as it sounds, but should be doable. It is available without filtering from Google, Quad9 (use 9.9.9.10 for no filtering), or (if you don't use Cisco) Cloudflare 1.1.1.1.
> 
> DoH is getting easier to use all the time but still hasn't reached a level of plug-and-play availability. I set up a Raspberry pi on our LAN running a DoH service that hooks into Cloudflare on the backend and it's transparent and painless (if I'm allowed to mix metaphors).
> 
> Normally I'd agree with you on this, but what has me worried about the problem situation is "occasionally I get a "mass" of errors (50 or 60) within a 1 hour period of time from a large variety of different external sites". So it's not a DNS outage from a single location,
> 
> That said, last week I had a maddeningly similar thing occur here... I suddenly couldn't resolve addresses, and worse, couldn't even ping numeric addresses outside our ISP's gateway. After working with our ISP's tech support, rebooting our router got us a new IP address in the router's routing table and that fixed the problem. Possibly some problem with fiber DHCP refreshing, and I hesitate to suggest that something similar is at work here, but strange things happen.
> 
>> You might want to add some network diagnostics, where you can log or otherwise report the results. This will help solidify your analysis.
>> If you have control over the server and know the IP address will never change, you can skip the name lookup and just use the IP address.
> 
> That or your excellent suggestion of cacheing the address once it's originally resolved.
> 
> -- 
> Mark Wieder
> ahsoftware at gmail.com
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the use-livecode mailing list