BUG: V4.28.0 Breaks Split Horizon DNS

by Alex Johnson 38 views

This article discusses a bug found in dnscontrol v4.28.0 that affects the Split Horizon DNS feature. Users are encountering a "duplicate domain name" error when using this feature after upgrading to the specified version.

Discussion Category: StackExchange, dnscontrol

The discussion around this bug is categorized under StackExchange and dnscontrol, indicating that it's a technical issue being discussed within relevant communities and directly related to the dnscontrol tool.

Additional Information:

The core issue arises when employing the Split Horizon DNS feature, a method to provide different DNS resolution results based on the requester's location or network. In version v4.28.0, this setup leads to an unexpected error message: "duplicate domain name."

To Reproduce

Follow these steps to reproduce the error:

  1. Construct a dnsconfig.js file that leverages the Split Horizon DNS configuration. You can refer to the Split Horizon DNS example code as a starting point. While the issue seems to manifest regardless of the DNS provider, using bind for both internal and external providers simplifies reproduction.

    var REG_NONE = NewRegistrar("none");
var DNS_INSIDE = NewDnsProvider("bind");
var DNS_OUTSIDE = NewDnsProvider("bind");

D("example.com!inside", REG_NONE, DnsProvider(DNS_INSIDE),
  NAMESERVER("ns1.example.com."),
  A("www", "10.10.10.10"),
);

D("example.com!outside", REG_NONE, DnsProvider(DNS_OUTSIDE),
  NAMESERVER("ns2.example.com."),
  A("www", "20.20.20.20"),
);

  2. Execute the command dnscontrol preview.

Expected Behavior

In a correctly functioning setup, dnscontrol should recognize and prepare to create two distinct DNS zones for the same domain but with different views (inside and outside). The expected output should resemble the following:

******************** Domain: example.com
3 corrections (bind)
#1: + CREATE example.com SOA DEFAULT_NOT_SET. DEFAULT_NOT_SET. 3600 600 604800 1440 ttl=300
+ CREATE example.com NS ns1.example.com. ttl=300
+ CREATE www.example.com A 10.10.10.10 ttl=300
******************** Domain: example.com
3 corrections (bind)
#1: + CREATE example.com SOA DEFAULT_NOT_SET. DEFAULT_NOT_SET. 3600 600 604800 1440 ttl=300
+ CREATE example.com NS ns2.example.com. ttl=300
+ CREATE www.example.com A 20.20.20.20 ttl=300
Done. 6 corrections.

This output indicates that dnscontrol correctly identifies the need to create two separate zones for example.com, each with its own nameserver and A record for www.

Actual Behavior

Instead of the expected behavior, the dnscontrol preview command generates the following error message, halting the DNS configuration process:

2025/12/04 23:58:08 1 Validation errors:
2025/12/04 23:58:08 ERROR: duplicate domain name: "example.com"
exiting due to validation errors

This error indicates that dnscontrol is incorrectly identifying the two zones ( example.com!inside and example.com!outside) as duplicates, preventing the configuration from being applied.

Additional Details

Further investigation using git bisect revealed that commit 703084160fc722ebff56572fa11edd05788df592, authored by @tlimoncelli, introduced the bug. This commit is the likely cause of the duplicate domain name error when using Split Horizon DNS in v4.28.0. More isolation of the problem might be needed.

Impact of the Bug

The duplicate domain name error significantly impacts users relying on the Split Horizon DNS feature in dnscontrol. This feature is crucial for scenarios where different DNS records need to be served based on the requester's location or network. For example, an organization might want internal users to resolve a domain to an internal IP address while external users resolve it to a public IP address. The bug prevents users from applying such configurations, potentially disrupting services and requiring them to revert to older versions of dnscontrol or find alternative solutions.

Possible causes and solutions

The root cause of the duplicate domain name error likely lies in how dnscontrol v4.28.0 handles domain names with different zone suffixes (e.g., !inside, !outside). The commit 703084160fc722ebff56572fa11edd05788df592 might have introduced a change that incorrectly identifies these suffixed domain names as duplicates. Here are some potential areas to investigate:

  • Domain Name Parsing: Examine the code responsible for parsing and comparing domain names. Ensure that it correctly handles zone suffixes and distinguishes between example.com!inside and example.com!outside.
  • Zone Management: Review how dnscontrol manages and tracks DNS zones internally. The bug might be caused by an incorrect assumption that only one zone can exist for a given base domain name (e.g., example.com).
  • Validation Logic: Analyze the validation logic that checks for duplicate domain names. The logic might need to be updated to account for the Split Horizon DNS use case, where multiple zones with the same base domain name are expected.

To resolve the bug, the following steps can be taken:

  1. Identify the Root Cause: Pinpoint the exact line(s) of code in commit 703084160fc722ebff56572fa11edd05788df592 that introduced the bug.
  2. Implement a Fix: Modify the code to correctly handle domain names with zone suffixes in the context of Split Horizon DNS.
  3. Test the Fix: Thoroughly test the fix to ensure that it resolves the duplicate domain name error without introducing any new issues.
  4. Release a Patch: Release a patch version of dnscontrol (e.g., v4.28.1) that includes the fix.

Community Involvement

The dnscontrol community plays a crucial role in identifying, reporting, and resolving bugs like this one. Users are encouraged to report any issues they encounter on the dnscontrol issue tracker or discussion forums. Developers and maintainers can then investigate these reports, identify the root cause of the bugs, and implement fixes. Collaboration between users and developers is essential for maintaining the quality and stability of dnscontrol.

Conclusion

The duplicate domain name error in dnscontrol v4.28.0 is a significant issue that affects users of the Split Horizon DNS feature. By understanding the steps to reproduce the bug, the expected behavior, and the actual behavior, users and developers can work together to identify the root cause and implement a fix. The dnscontrol community is committed to resolving this issue and ensuring that the Split Horizon DNS feature continues to function correctly.

For more information on DNS and related topics, visit ICANN.