Core DNS bug affecting all Node.js versions when behind VPN

[niftylettuce]

Run this code below as node example.js when you're behind a VPN and the script will never finish. DNS timeouts will not occur. Not sure what the culprit is - if I can help debug just let me know what I need to do.

const dns = require('dns');

dns.setServers(['1.1.1.1']);
dns.promises.resolveTxt('forwardemail.net').then(console.log).catch(console.error);
dns.setServers(['1.1.1.1']);
dns.promises.resolveTxt('example.com').then(console.log).catch(console.error);

[niftylettuce]

Possibly related to #14086

[bnoordhuis]

Can you clarify whether you're only seeing that with the promisified API or with the callback-based one too?

[niftylettuce]

It occurs with both @bnoordhuis

[bnoordhuis]

I'm not having luck reproducing it locally. If you want to investigate, I'd probably start by checking with gdb whether ares_sockstate_cb and ChannelWrap::AresTimeout in src/cares_wrap are called (and how often.)

What kind of traffic do you see with tcpdump? What does it look like when you run node through strace?

[niftylettuce]

@bnoordhuis I'm not sure what to filter out for when running sudo tcpdump, and I'm guessing for gdb I have to build Node from source?

I've emailed you at info@bnoordhuis.nl with more information.

[bnoordhuis]

For posterity: there's a 75 second timeout.

Local testing with a blackholed DNS server shows that c-ares internally retries four times (with 5, 10, 20 and 40 second timeouts) before giving up with an ARES_ETIMEDOUT error.

[niftylettuce]

Got it, thanks!