-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SocketTimeoutException on MacOS >= 12.5 #260
Comments
dnsjava v2.0.8 is 12 (!) years old. Please use the latest version, which is currently v3.5.1. Also, if |
@ibauersachs Thanks for the reply, I had no idea my ver was so old!
The output is now:
So... in a roundabout way the error is still the same (I think?) 'network error' does sound similar to SocketTimeoutException Thanks |
Which Java/JDK version are you using? Please attach the debug (or trace) log output from dnsjava. It uses slf4j-api, so you can attach basically any logging framework. For your example, even slf4j-simple works. If you're using Gradle: Also pass This somehow looks similar to #194. However, there apparently v3.5.1 worked fine. |
Java 1.8 (Azul 1.8_345) I took a look at #194 but its a different error to mine.
|
I mentioned #194 because in both cases the dnsjava's NIO implementation seems to behave differently. It's possible that the underlying async I/O on Mac is more strict than on Windows and Linux and we do something wrong. But maybe you can add some more information by:
|
Don't know why I didn't check this fully before, but I've found the cause; PaloAlto's GlobalProtect VPN client. Although the firewall within the VPN allows the traffic, and wireshark shows the ANSWER packet get back to my local machine at the VPN tunnel utun0 interface, there is something about the VPN OS setup that messes with DNS resolution and so it 'times out'. I tried with Java 11 with the same results. I'm gonna follow up with my IT/GlobalProtect team, let me know if you still want that thread dump. |
Thanks for the follow-up. I don't think the thread dump is relevant if it works without the VPN client. I'll close this issue for now, we can always reopen if there's more to it than the VPN. |
Have had no further luck with disabling the VPN, completely removing it and any other potential blocking software seems to have no effect, the problem is back (Which makes me confused as I did see it working once and since then nothing, I have no idea why that one attempt worked. Same result with Java 11 I'm not sure how to grab the thread dump exactly at the point the UDP request is sent, could you give me some tips? |
Not sure what tools you use. In IntelliJ Idea, you can click the camera symbol while debugging. Do that within the timeout, the 5s should be enough if you're prepared to click. You can also create a thread dump via a Java API, e.g. by starting a thread, sleeping 1 or 2 seconds, then call:
@nresare You have a Mac. Could you maybe do some debugging? |
Hi, I am seeing similar problem with:
has the following trace debugging output
dig works fine
Any ideas? I am unable to disable my corporate VPN but will try to find a way to do that and try again. |
I took 2 thread dumps |
Was able to disable vpn and still doesn't work so It's not the vpn... |
Thanks for the thread dumps. Looking at them confirms my suspicion that something in dnsjava's NIO usage is likely wrong. I'm not sure yet where exactly the difference between Mac and Linux/Windows is coming from here and will need to debug - which is difficult without a Mac. |
FWIW, also tried using JNDI and get similar timeout
|
@ibauersachs could this be related? |
I don't think so. When dnsjava fails to resolve, it's waiting on a network configuration. This might be caused by missing events, or incorrectly configured events for the selector. Also, the code from JNDI uses blocking code, dnsjava isn't. The fact that you run into a timeout with JNDI points towards a different issue, likely with your VPN or your router/ISP blocking foreign DNS servers. |
I deployed the code to AWS and am able to query dns from both JNDI and DnsJava so it's very possible it's something specific to my corporate laptop setup here. Or it could be something with Mac OS M1 Chipset and/or Amazon Correto 17 |
Apologies on the gap in my own responses on this. @kevinchan-rl I found similar scenarios to yours, running this on linux or Windows doesn't have the same issue. @ibauersachs is there anything you can suggest we do to help you, as you don't have a Mac available? |
@chris-cyberark Thanks for the screenshot, it shows the same stacktrace like before. If you want to help, you'll need to debug dnsjava itself while doing a simple query that you ca easily run. I have some local changes lying around with changes and debug statements to |
Hi, After all it was a firewall problem that I accidentally didn't add the java app to the allow list. Only noticed after upgrading from openjdk 17.0.6 to 17.0.7 that the mac os popup appeared again to allow network connections. Don't know if this is the same problem but give it a try and check the mac os firewall. |
Hi, Unfortunately I'm facing the same problem I've a tried few things and some of them solves the issue:
Unfortunately none these are a good permanent solution for me, but it might shed some light on the root of the problem. |
@HoRg4sZ Thanks for the investigation and the offer to help. I'd be glad if you could dig into this. The only Mac I have is a 10+ years old Mac Mini from a junkyard that can barely open an IDE anymore. It's thus unlikely I'll be able to something about this myself.
Edit: I've merged this branch. |
@ibauersachs Thanks for the quick reaction!
Unfortunately it does not work, not even with the branch you've shown. I've just seen that you have merged it but I guess it probably does not make a difference?
I can also see with Wireshark, that the response is actually coming (in time) to my machine from the DNS server. I can copy the packets too if you are interested. |
Thanks for the diagnosis, which is consistent what others have seen. Can you try playing around with the NIO channel? I assume this has something to do with how MacOS handles poll/epoll (see e.g. https://daniel.haxx.se/blog/2016/10/11/poll-on-mac-10-12-is-broken/). |
I have the same issue with my Mac 13.6, Java 17.0.8. I see it only when I specify particular DNS server address when creating SimpleResolver. If no DNS address provided, then it works fine. dig works fine from terminal with and without DNS address. |
I've now tried to debug this with my colleague @mkretz from @bespinian, on MacOS 14.6 with Java 11.0.21 (aarch). We were unable to reproduce the issue. Sorry, but I'm lost here. Someone who still experiences this issue needs to debug this. Also, #260 (comment) makes me wonder whether this really is a dnsjava issue or something in either the JVM or some other VPN or firewall tool/extension that blocks the Java process from getting the reply. |
I can consistently reproduce this on macOS 14.2 with dnsjava 3.5.3, and similarly, setting TCP to |
@nicholas-signal Create simple class that you can easily execute, like in #260 (comment). Then try to debug in |
Hi! String NAPTRQuery = "6.5.4.3.2.1.example.org";
Resolver resolver = new SimpleResolver(dnsServerIP);
resolver.setPort(dnsServerPort);
resolver.setTimeout(Duration.ofMillis(2000L));
Lookup lookup = new Lookup(NAPTRQuery , Type.NAPTR, DClass.IN);
lookup.setResolver(resolver);
lookup.setCache(new Cache());
Record[] records = lookup.run(); Can you please help? |
@mohamed-elhar You seem to have a different issue. Also, your example runs in exactly 2s when I specify an invalid IP address as the dns server. If yours is running longer, then you probably have one or more searchPaths. Use absolute names if you can. |
Thank you @ibauersachs for you response. |
You can clear the path on your resolver instance, otherwise have a look at the config properties as described in the readme. |
I've some problem with Cache mechanism, I set the max records and the ttl but each time I send an enum query I visualize in the dns server that a new query is arriving. Here is bellow the code used:
|
Your problem has nothing to do with the Mac issue here. Please open separate issues so that people following here are not further distracted. |
Hi @ibauersachs , Here is a follow-up for anyone encountering this issue as of today, along with what rectified this problem. Problem VerificationI ran into the same problem today using the following:
All ResolutionDownloading OpenJDK 21 for Rebuilding the project I am working on with JDK v21 which uses The only change in system environment was installing and then using JDK v21. Therefore, I believe updating to:
Rectified this issue. Should I observe this to not be the case, I will update this comment accordingly. It is unknown if JDK v20 also rectifies this issue as I did not test that distribution. Thanks for your work on this project! |
Maven repo dnsjava 2.0.8 Lookup.run returns SocketTimeoutException on MacOS 12.5
Using some basic DNS test code:
I get the result:
I can see in wireshark that there is a response from the DNS server, it seems it is not parsed by dnsjava:
The text was updated successfully, but these errors were encountered: