Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-17127

netty-resolver-dns defaults to Google DNS servers on Java 17

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 27.0.0.Final
    • 26.1.1.Final
    • Naming, Test Suite
    • None
    • Hide
      1. Install latest GraphQL client feature pack in WildFly
      2. Start WildFly
      3. Enable Debug logging on io.netty.resolver.dns
      4. Deploy an application that uses a GraphQL Client and execute a GraphQL request from within the application
      5. Check the logs and find the output `Default DNS servers: 8.8.8.8, 8.8.4.4 (Google Public DNS as a fallback)`
      Show
      Install latest GraphQL client feature pack in WildFly Start WildFly Enable Debug logging on io.netty.resolver.dns Deploy an application that uses a GraphQL Client and execute a GraphQL request from within the application Check the logs and find the output `Default DNS servers: 8.8.8.8, 8.8.4.4 (Google Public DNS as a fallback)`
    • Compatibility/Configuration
    • Low
    • ---
    • ---

    Description

      On Wildfly 26.1.1, Debian Buster and Temurin 17.0.4, I cannot use the smallrye-graphql-client  because its netty dns resolution ignores the system defaults and uses Google's public DNS servers as a fallback. As netty-resolver-dns is bundled as a module in Wildfly, I thought I should address this issue here.

      Netty tries to use JNDI to lookup the DNS servers, but fails (silently with an empty catch block!) in io.netty.resolver.dns.DirContextUtils#addNameServers with 

      java.lang.IllegalAccessException: class org.jboss.as.naming.InitialContext cannot access class com.sun.jndi.dns.DnsContextFactory (in module jdk.naming.dns) because module jdk.naming.dns does not export com.sun.jndi.dns to unnamed module @32a32c84

       and then defaults to Google. 

       

      We fixed this by adding 

      --add-exports=jdk.naming.dns/com.sun.jndi.dns=ALL-UNNAMED

      to our JAVA_OPTS. Should this be set per default in WildFly, given it bundles this netty module?

       

      Extra concerning: in our environments we experienced DNS timeouts as the Internet is blocked, but if it wasn't blocked, we'd have leaked our DNS requests unencrypted over the public internet to Google. 

      Attachments

        Issue Links

          is blocked by

          Component Upgrade - A task tracking an update to a bundled component WFLY-17105 Upgrade WildFly Core to 19.0.0.Final

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. WFCORE-6087 Add --add-exports=jdk.naming.dns/com.sun.jndi.dns=ALL-UNNAMED to default JPMS settings

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              ropalka Richard Opalka
              ftrossbach Florian Troßbach (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: