NullPointerException in DnsRecordObserver.findAuthoritativeNameservers
Closed this issue · 4 comments
If the DNS root record hasn't propagated yet, the DnsRecordObserver
will crash. This is a minor issue, as the logs suggest it retries (although as mentioned in #72, exponential backoff would reduce the load on the DNS servers).
lookup.run
returns null
when no records are found, so perhaps this case could be logged as "No records for {root} found - retrying".
Exception in thread "Thread-3" java.lang.NullPointerException
at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:267)
at in.tazj.k8s.letsencrypt.util.DnsRecordObserver.findAuthoritativeNameservers(DnsRecordObserver.kt:76)
at in.tazj.k8s.letsencrypt.util.DnsRecordObserver.observeDns(DnsRecordObserver.kt:24)
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler.prepareDnsChallenge(CertificateRequestHandler.kt:179)
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler.authorizeDomain(CertificateRequestHandler.kt:77)
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler.access$authorizeDomain(CertificateRequestHandler.kt:27)
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler$requestCertificate$1.accept(CertificateRequestHandler.kt:41)
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler$requestCertificate$1.accept(CertificateRequestHandler.kt:27)
[SNIP: java.util.*]
at in.tazj.k8s.letsencrypt.acme.CertificateRequestHandler.requestCertificate(CertificateRequestHandler.kt:41)
at in.tazj.k8s.letsencrypt.kubernetes.ServiceManager.handleCertificateRequest(ServiceManager.kt:64)
at in.tazj.k8s.letsencrypt.kubernetes.ServiceManager.access$handleCertificateRequest(ServiceManager.kt:20)
at in.tazj.k8s.letsencrypt.kubernetes.ServiceManager$reconcileService$1.run(ServiceManager.kt:45)
at java.lang.Thread.run(Thread.java:745)
If the DNS root record hasn't propagated yet
Presumably this is in case of the initial domain registration, right?
The root domain is registered (cloudrobotics.com) although the new subdomain (cschuet.cloudrobotics.com) doesn't work yet - does that answer your question?
I'm not sure what host is being resolved by findAuthoritativeNameservers. I'm also not sure if it's a problem that cschuet.cloudrobotics.com isn't resolving, but I'm hoping it's just because it hasn't propagated yet.
I'm not sure what host is being resolved by findAuthoritativeNameservers
It's the equivalent of dig NS $domain
, i.e. figuring out which nameservers are responsible for this domain. Checking that against Google's DNS currently doesn't return anything for your subdomain (try e.g. dig @8.8.8.8 NS cschuet.cloudrobotics.com.
)
I'm assuming this will sort itself out once the subdomain is correctly delegated, but either way this should have a less "scary" looking message - thanks for reporting!
It would be awesome to have this in a new release. I see that there are not a lot of commits after this patch (so not sure if it is worth a release from your pov).