Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-17127

netty-resolver-dns defaults to Google DNS servers on Java 17

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 27.0.0.Final
    • 26.1.1.Final
    • Naming, Test Suite
    • None
    • Hide
      1. Install latest GraphQL client feature pack in WildFly
      2. Start WildFly
      3. Enable Debug logging on io.netty.resolver.dns
      4. Deploy an application that uses a GraphQL Client and execute a GraphQL request from within the application
      5. Check the logs and find the output `Default DNS servers: 8.8.8.8, 8.8.4.4 (Google Public DNS as a fallback)`
      Show
      Install latest GraphQL client feature pack in WildFly Start WildFly Enable Debug logging on io.netty.resolver.dns Deploy an application that uses a GraphQL Client and execute a GraphQL request from within the application Check the logs and find the output `Default DNS servers: 8.8.8.8, 8.8.4.4 (Google Public DNS as a fallback)`
    • Compatibility/Configuration
    • Low
    • ---
    • ---

      On Wildfly 26.1.1, Debian Buster and Temurin 17.0.4, I cannot use the smallrye-graphql-client  because its netty dns resolution ignores the system defaults and uses Google's public DNS servers as a fallback. As netty-resolver-dns is bundled as a module in Wildfly, I thought I should address this issue here.

      Netty tries to use JNDI to lookup the DNS servers, but fails (silently with an empty catch block!) in io.netty.resolver.dns.DirContextUtils#addNameServers with 

      java.lang.IllegalAccessException: class org.jboss.as.naming.InitialContext cannot access class com.sun.jndi.dns.DnsContextFactory (in module jdk.naming.dns) because module jdk.naming.dns does not export com.sun.jndi.dns to unnamed module @32a32c84

       and then defaults to Google. 

       

      We fixed this by adding 

      --add-exports=jdk.naming.dns/com.sun.jndi.dns=ALL-UNNAMED

      to our JAVA_OPTS. Should this be set per default in WildFly, given it bundles this netty module?

       

      Extra concerning: in our environments we experienced DNS timeouts as the Internet is blocked, but if it wasn't blocked, we'd have leaked our DNS requests unencrypted over the public internet to Google. 

              ropalka Richard Opalka
              ftrossbach Florian Troßbach (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: