#1558 `prosodyctl check` reports "unknown address" & "does not seem to resolve" errors, for existing IP & records
Reporter
pgnd
Owner
Nobody
Created
Updated
Stars
★★ (2)
Tags
Type-Defect
Status-NeedInfo
Priority-Medium
pgnd
on
prosody installed from git
```
hg log -l1
changeset: 9792:8fcd46ee9bf5
branch: 0.11
bookmark: @
tag: tip
user: Kim Alvefur <zash@zash.se>
date: Fri May 15 21:22:35 2020 +0200
summary: mod_storage_internal: Fix error in time limited queries on items without 'when' field, fixes #1557
```
prosody config,
```
prosody.cfg.lua
http_external_url = "https://jitsi.example.com/"
trusted_proxies = { "127.0.0.1", "10.1.1.100", }
admins = { "admin@auth.jitsi.example.com" }
use_libevent = true
pidfile = "/run/prosody/prosody.pid"
interfaces = { "127.0.0.1" }
local_interfaces = { "127.0.0.1" }
c2s_interfaces = { "127.0.0.1" }
c2s_ports = { 5222 }
component_interface = "127.0.0.1"
component_ports = { 5347 }
http_interfaces = {}
http_ports = {}
https_interfaces = { "127.0.0.1" }
https_ports = { 5281 }
legacy_ssl_ports = {}
network_backend = "epoll"
plugin_paths = {}
modules_enabled = {
"roster";
"saslauth";
"tls";
"dialback";
"disco";
"carbons";
"private";
"ping";
"register";
"admin_adhoc";
"admin_telnet";
}
modules_disabled = {}
allow_registration = false
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false
s2s_insecure_domains = {}
s2s_secure_domains = {}
authentication = "internal_hashed"
storage = "internal"
log = {
info = "prosody.log";
error = "prosody.err";
}
statistics = "internal"
ssl = {
key = "/etc/jitsi/ssl/jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
VirtualHost "jitsi.example.com"
authentication = "anonymous"
ssl = {
key = "/etc/jitsi/ssl/jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
modules_enabled = {
"pubsub";
"websocket"; -- https://prosody.im/doc/websocket
}
c2s_require_encryption = true
VirtualHost "auth.jitsi.example.com"
authentication = "internal_plain"
ssl = {
key = "/etc/jitsi/ssl/auth.jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/auth.jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
Component "conference.jitsi.example.com" "muc"
ssl = {
key = "/etc/jitsi/ssl/conference.jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/conference.jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
Component "jitsi-videobridge.jitsi.example.com"
ssl = {
key = "/etc/jitsi/ssl/jitsi-videobridge.jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/jitsi-videobridge.jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
component_secret = "1111111111111"
Component "focus.jitsi.example.com"
ssl = {
key = "/etc/jitsi/ssl/focus.jitsi.example.com.key";
certificate = "/etc/jitsi/ssl/focus.jitsi.example.com.crt";
protocol = "tlsv1_2+";
}
component_secret = "1111111111111"
```
prosody's up
```
telnet jitsi.example.com 5582
Trying 127.0.0.1...
Connected to 127.0.0.1.
| ____ \ / _
| _ \ _ __ ___ ___ _-_ __| |_ _
| |_) | '__/ _ \/ __|/ _ \ / _` | | | |
| __/| | | (_) \__ \ |_| | (_| | |_| |
|_| |_| \___/|___/\___/ \__,_|\__, |
A study in simplicity |___/
port:list()
| c2s: [127.0.0.1]:5222
| component: [127.0.0.1]:5347
| console: [127.0.0.1]:5582
| https: [127.0.0.1]:5281
| s2s: [127.0.0.1]:5269
| OK: 5 services listening on 5 ports
```
hosts resolve @ dns
```
dig +short A jitsi.example.com
127.0.0.1
dig +short A conference.jitsi.example.com
127.0.0.1
dig +short A jitsi-videobridge.jitsi.example.com
127.0.0.1
dig +short A auth.jitsi.example.com
127.0.0.1
dig +short A focus.jitsi.example.com
127.0.0.1
dig +short SRV _xmpp-client._tcp.example.com
0 5 5222 jitsi.example.com.
dig +short SRV _xmpp-server._tcp.example.com
0 5 5269 jitsi.example.com.
```
checking returns
```
prosodyctl check
Checking config...
Done.
Checking DNS for component conference.jitsi.example.com...
conference.jitsi.example.com A record points to unknown address 127.0.0.1
Host conference.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6)
No targets for conference.jitsi.example.com appear to resolve to this server.
DNS records are necessary if you want users on other servers to access this component.
Checking DNS for component jitsi-videobridge.jitsi.example.com...
jitsi-videobridge.jitsi.example.com A record points to unknown address 127.0.0.1
Host jitsi-videobridge.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6)
No targets for jitsi-videobridge.jitsi.example.com appear to resolve to this server.
DNS records are necessary if you want users on other servers to access this component.
Checking DNS for host auth.jitsi.example.com...
auth.jitsi.example.com A record points to unknown address 127.0.0.1
Host auth.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6)
No targets for auth.jitsi.example.com appear to resolve to this server.
Checking DNS for component focus.jitsi.example.com...
focus.jitsi.example.com A record points to unknown address 127.0.0.1
Host focus.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6)
No targets for focus.jitsi.example.com appear to resolve to this server.
DNS records are necessary if you want users on other servers to access this component.
Checking DNS for host jitsi.example.com...
jitsi.example.com A record points to unknown address 127.0.0.1
Host jitsi.example.com does not seem to resolve to this server (IPv4/IPv6)
No targets for jitsi.example.com appear to resolve to this server.
For more information about DNS configuration please see https://prosody.im/doc/dns
Checking certificates...
Checking certificate for conference.jitsi.example.com
Certificate: /usr/local/etc/JITSI/ssl/conference.jitsi.example.com.crt
Checking certificate for jitsi-videobridge.jitsi.example.com
Certificate: /usr/local/etc/JITSI/ssl/jitsi-videobridge.jitsi.example.com.crt
Checking certificate for auth.jitsi.example.com
Certificate: /usr/local/etc/JITSI/ssl/auth.jitsi.example.com.crt
Checking certificate for focus.jitsi.example.com
Certificate: /usr/local/etc/JITSI/ssl/focus.jitsi.example.com.crt
Checking certificate for jitsi.example.com
Certificate: /usr/local/etc/JITSI/ssl/jitsi.example.com.crt
Problems found, see above.
```
"127.0.0.1" is a valid/known address
DNS A/SRV records are in place
what's causing this^ issue with `prosodyctl check`?
prosody installed from git ``` hg log -l1 changeset: 9792:8fcd46ee9bf5 branch: 0.11 bookmark: @ tag: tip user: Kim Alvefur <zash@zash.se> date: Fri May 15 21:22:35 2020 +0200 summary: mod_storage_internal: Fix error in time limited queries on items without 'when' field, fixes #1557 ``` prosody config, ``` prosody.cfg.lua http_external_url = "https://jitsi.example.com/" trusted_proxies = { "127.0.0.1", "10.1.1.100", } admins = { "admin@auth.jitsi.example.com" } use_libevent = true pidfile = "/run/prosody/prosody.pid" interfaces = { "127.0.0.1" } local_interfaces = { "127.0.0.1" } c2s_interfaces = { "127.0.0.1" } c2s_ports = { 5222 } component_interface = "127.0.0.1" component_ports = { 5347 } http_interfaces = {} http_ports = {} https_interfaces = { "127.0.0.1" } https_ports = { 5281 } legacy_ssl_ports = {} network_backend = "epoll" plugin_paths = {} modules_enabled = { "roster"; "saslauth"; "tls"; "dialback"; "disco"; "carbons"; "private"; "ping"; "register"; "admin_adhoc"; "admin_telnet"; } modules_disabled = {} allow_registration = false c2s_require_encryption = true s2s_require_encryption = true s2s_secure_auth = false s2s_insecure_domains = {} s2s_secure_domains = {} authentication = "internal_hashed" storage = "internal" log = { info = "prosody.log"; error = "prosody.err"; } statistics = "internal" ssl = { key = "/etc/jitsi/ssl/jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/jitsi.example.com.crt"; protocol = "tlsv1_2+"; } VirtualHost "jitsi.example.com" authentication = "anonymous" ssl = { key = "/etc/jitsi/ssl/jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/jitsi.example.com.crt"; protocol = "tlsv1_2+"; } modules_enabled = { "pubsub"; "websocket"; -- https://prosody.im/doc/websocket } c2s_require_encryption = true VirtualHost "auth.jitsi.example.com" authentication = "internal_plain" ssl = { key = "/etc/jitsi/ssl/auth.jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/auth.jitsi.example.com.crt"; protocol = "tlsv1_2+"; } Component "conference.jitsi.example.com" "muc" ssl = { key = "/etc/jitsi/ssl/conference.jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/conference.jitsi.example.com.crt"; protocol = "tlsv1_2+"; } Component "jitsi-videobridge.jitsi.example.com" ssl = { key = "/etc/jitsi/ssl/jitsi-videobridge.jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/jitsi-videobridge.jitsi.example.com.crt"; protocol = "tlsv1_2+"; } component_secret = "1111111111111" Component "focus.jitsi.example.com" ssl = { key = "/etc/jitsi/ssl/focus.jitsi.example.com.key"; certificate = "/etc/jitsi/ssl/focus.jitsi.example.com.crt"; protocol = "tlsv1_2+"; } component_secret = "1111111111111" ``` prosody's up ``` telnet jitsi.example.com 5582 Trying 127.0.0.1... Connected to 127.0.0.1. | ____ \ / _ | _ \ _ __ ___ ___ _-_ __| |_ _ | |_) | '__/ _ \/ __|/ _ \ / _` | | | | | __/| | | (_) \__ \ |_| | (_| | |_| | |_| |_| \___/|___/\___/ \__,_|\__, | A study in simplicity |___/ port:list() | c2s: [127.0.0.1]:5222 | component: [127.0.0.1]:5347 | console: [127.0.0.1]:5582 | https: [127.0.0.1]:5281 | s2s: [127.0.0.1]:5269 | OK: 5 services listening on 5 ports ``` hosts resolve @ dns ``` dig +short A jitsi.example.com 127.0.0.1 dig +short A conference.jitsi.example.com 127.0.0.1 dig +short A jitsi-videobridge.jitsi.example.com 127.0.0.1 dig +short A auth.jitsi.example.com 127.0.0.1 dig +short A focus.jitsi.example.com 127.0.0.1 dig +short SRV _xmpp-client._tcp.example.com 0 5 5222 jitsi.example.com. dig +short SRV _xmpp-server._tcp.example.com 0 5 5269 jitsi.example.com. ``` checking returns ``` prosodyctl check Checking config... Done. Checking DNS for component conference.jitsi.example.com... conference.jitsi.example.com A record points to unknown address 127.0.0.1 Host conference.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6) No targets for conference.jitsi.example.com appear to resolve to this server. DNS records are necessary if you want users on other servers to access this component. Checking DNS for component jitsi-videobridge.jitsi.example.com... jitsi-videobridge.jitsi.example.com A record points to unknown address 127.0.0.1 Host jitsi-videobridge.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6) No targets for jitsi-videobridge.jitsi.example.com appear to resolve to this server. DNS records are necessary if you want users on other servers to access this component. Checking DNS for host auth.jitsi.example.com... auth.jitsi.example.com A record points to unknown address 127.0.0.1 Host auth.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6) No targets for auth.jitsi.example.com appear to resolve to this server. Checking DNS for component focus.jitsi.example.com... focus.jitsi.example.com A record points to unknown address 127.0.0.1 Host focus.jitsi.example.com does not seem to resolve to this server (IPv4/IPv6) No targets for focus.jitsi.example.com appear to resolve to this server. DNS records are necessary if you want users on other servers to access this component. Checking DNS for host jitsi.example.com... jitsi.example.com A record points to unknown address 127.0.0.1 Host jitsi.example.com does not seem to resolve to this server (IPv4/IPv6) No targets for jitsi.example.com appear to resolve to this server. For more information about DNS configuration please see https://prosody.im/doc/dns Checking certificates... Checking certificate for conference.jitsi.example.com Certificate: /usr/local/etc/JITSI/ssl/conference.jitsi.example.com.crt Checking certificate for jitsi-videobridge.jitsi.example.com Certificate: /usr/local/etc/JITSI/ssl/jitsi-videobridge.jitsi.example.com.crt Checking certificate for auth.jitsi.example.com Certificate: /usr/local/etc/JITSI/ssl/auth.jitsi.example.com.crt Checking certificate for focus.jitsi.example.com Certificate: /usr/local/etc/JITSI/ssl/focus.jitsi.example.com.crt Checking certificate for jitsi.example.com Certificate: /usr/local/etc/JITSI/ssl/jitsi.example.com.crt Problems found, see above. ``` "127.0.0.1" is a valid/known address DNS A/SRV records are in place what's causing this^ issue with `prosodyctl check`?
I found that `prosodyctl check` does not resolve `CNAME` records, it checks directly only for `A` and `AAAA` here: https://github.com/bjc/prosody/blob/0eedd1130fe9eb7379c427d1fa1a8f7e9e715a6f/util/prosodyctl/check.lua#L374-L425 This was the reason I got `does not seem to resolve to this server (IPv4/IPv6)` (I'm using CNAME records).
Related problem somebody else had: https://superuser.com/questions/1482659/prosody-xmpp-server-says-that-a-record-points-to-unknown-address
There were many fixes and improvements in this are in 0.12.x, please upgrade and try there.
Changes