DNS Failing at factorio.com?

Post all other topics which do not belong to any other category.
Post Reply
User avatar
Machtl
Inserter
Inserter
Posts: 31
Joined: Tue Feb 12, 2013 9:44 am
Contact:

DNS Failing at factorio.com?

Post by Machtl »

Hey guys,
since 3 days or so i have trouble accessing factorio.com. I thought that you would know it and fix it so I kept my mouth shut.
"Firefox can't find the server at www.factorio.com. That's the error message from Firefox, same with all other browsers.

When I "nslookup" the domain I get these IP addresses:
174.129.212.2
75.101.145.87
75.101.163.44

None of them seem to belong to factorio since i get some weird website by accessing to them.
Maybe you could write down the IP address of factorio.com?

mfG
Machtl

User avatar
mngrif
Fast Inserter
Fast Inserter
Posts: 173
Joined: Wed Feb 13, 2013 10:44 am
Contact:

Re: DNS Failing at factorio.com?

Post by mngrif »

I see the problem here. The domain itself is pointed to what looks like old garbage, but the www.factorio.com subdomain is pointed correctly. The admins should point factorio.com to the same as the www. subdomain, and set up a redirect to force the browser to go to www.factorio.com (or without the www, it doesn't matter so long as you pick one and stick with it, the important part is that they both match).

This is a big deal since the IPs pointed to are blacklisted by the Web Of Trust browser plugin. It makes ya'll look bad.

I took this opportunity to do some digging (literally, the command used is "dig"), and it looks like the reverse DNS (RDNS) is pointed to the aforementioned old garbage. This will greatly impact your ability to send email from that domain. Likewise the domain is missing a SPF record, which will also greatly impact your ability to send email.

The domain the forums is hosted off of seems to be set up correctly.
My Silly Factorian Tricks
<_aD> OBSERVE SIGNAL ASPECT BEFORE CROSSING TRACK

kovarex
Factorio Staff
Factorio Staff
Posts: 8078
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: DNS Failing at factorio.com?

Post by kovarex »

We know about the dns problems, and it seems like there was some large scale problem 3 days ago, Tomas communicated with the provider, and he said it is just some temporary problem and they said they can do nothing about it, I don't know any detail, but this information might help.

I had also problem to access the page. When I changed the dns to google (8.8.8.8 and 8.8.4.4) I started working.

slpwnd
Factorio Staff
Factorio Staff
Posts: 1835
Joined: Sun Feb 03, 2013 2:51 pm
Contact:

Re: DNS Failing at factorio.com?

Post by slpwnd »

Hi guys,

thanks for noticing. This is a big PitA at the moment and we want to solve it asap. I tried to make an explanation on what I believe is the root of the problem in a bug thread here: https://forums.factorio.com/forum/vie ... &t=81#p318.

The problem is really complicated (as the DNS itself) and to be honest I have only a very limited idea of what is wrong and what should have been done. That said I would really appreciate any Heroku / DNS / SSL guru out here (there) to step up and tell us what exactly are we doing wrong. I am happy to provide very specific details on the setup to someone who understands these sort of things.

Here is my take on how the things are. I have like 10 mins to write this and limited knowledge so most probably there will be mistakes. Don't hesitate to point them out ! Here goes:

1) The webpage is a separate project from the forums + wiki. They have separate domains are written using separate frameworks and are hosted on separate providers. Later on I will talk only about the webpage as the forums and wiki are done using standard php applications and are hosted by kovarex.

2) We are using a PASS called Heroku. They are great and I believe that has been a good choice. They should allow us to scale effortlessly. However this is not based on my personal experience (Factorio is my first project over there). So I am still learning and the mistakes are bound to come :( Sorry.

3) The (relevant) setup here is: Heroku + Zerigo DNS + SSL endpoint (there is much more, but this is connected straight to the problem in question here).

4) Handling the domains on Heroku is both clever and complicated (at least to me - pretty much zero SSL and DNS knowledge). AFAIK Heroku app is bound to a single domain - I think that is why the http lookup by the IP address shows rubbish (not rubbish but heroku page which can't resolve the project name because there was no readable http host specified). Naked domain (factorio.com - no www) has to (standard ?) point to an IP adress though. That is a problem when scaling or protection from DDOS has to be done on the Heroku side (if they abandon the IP then the site would seem to be off).

This is where the clever part comes in. They are using a plugin called Zerigo DNS which (from my understanding) acts like a DNS proxy. I provided CNAME for http://www.factorio.com and they have pointed it to some of their generated domains. This way they can swap the IPS behind without affecting the site visibility to the user.

All is good except from when the user types in factorio.com (naked domain - no www) directly into the browser. In that case if the standard heroku IP doesn't work there is a problem. This is mitigated by the fact that it works most of the time and that we always try to give links in the form of http://www.factorio.com. And on top of that there is a 301 redirect from factorio.com to http://www.factorio.com.

So far so good, however then there is an SSL endpoint as well. This includes some further DNS magic by providing a "virtual" domain associated with the SSL endpoint which we gave the DNS provider (Zerigo DNS) as a CNAME for http://www.factorio.com. My attempts for understanding how the whole thing works pretty much end here. Mind boggling. Dark Magic. 1s and 0s.

5) I sent guys from the Heroku a very long email in which I have explained our situation and asked them for any help / advice they could have. Hope they will help us to resolve this.

I don't want to drastically change the setup (at least for now). Heroku / DB / code everything stays. However I will consider digging (not literally) into the DNS settings whenever I get time. Maybe there is a better solution than dark magic (for me) which I described above.

If you have sufficient knowledge in this area I will appreciate any help.

User avatar
mngrif
Fast Inserter
Fast Inserter
Posts: 173
Joined: Wed Feb 13, 2013 10:44 am
Contact:

Re: DNS Failing at factorio.com?

Post by mngrif »

Change the TTL to a very short value, such as 3600. This is the time (seconds) that a DNS server will keep the resolution cached, before asking upstream DNS if it has changed. It is also safe to CNAME the main domain name. If you can do it as short as 1800, go for it. It is "bad manners" to do anything shorter than 30 minutes.

After digging around their site a bit, it seems that Heroku is doing all/most of the front end load balancing with DNS, also probably based on the geographic location of the client. Setting a low TTL threshold will mean that the domain will rarely if ever point to a stale "dyno".

Heroku looks like a solid platform. About the only thing that I can think of that comes close is CloudBees.
My Silly Factorian Tricks
<_aD> OBSERVE SIGNAL ASPECT BEFORE CROSSING TRACK

Post Reply

Return to “General discussion”