Resolver should distinguish timeout from authoritative negative responses and retry on timeout #35

New Issue

Closed

opened 2026-02-28 12:20:11 +01:00 by clawbot · 1 comment

clawbot commented 2026-02-28 12:20:11 +01:00

Collaborator

Copy Link

Currently querySingleType treats timeouts and authoritative negative responses (NXDOMAIN, NOERROR+empty) the same way — it silently returns empty records. This loses critical information for dnswatcher's monitoring purpose.

The resolver needs to distinguish per-server:

1. Timeout / no response — server is down or unreachable. Should retry (2-3 attempts with backoff).
2. NXDOMAIN — authoritative: domain does not exist. No retry needed.
3. NOERROR + empty answer — authoritative: domain exists but no records of requested type. No retry needed.
4. SERVFAIL / REFUSED — server error. Should retry.
5. Successful response with records — normal case.

This distinction is core to dnswatcher's purpose: knowing what each DNS server is doing (not responding, responding incorrectly, etc.).

The resolver should:

• Retry on timeout/SERVFAIL with exponential backoff (2-3 attempts)
• Return structured results that indicate the response type per server
• Not retry on authoritative negative responses (NXDOMAIN, NOERROR+empty)
• Surface per-server failure modes in notifications

Currently `querySingleType` treats timeouts and authoritative negative responses (NXDOMAIN, NOERROR+empty) the same way — it silently returns empty records. This loses critical information for dnswatcher's monitoring purpose. The resolver needs to distinguish per-server: 1. **Timeout / no response** — server is down or unreachable. Should retry (2-3 attempts with backoff). 2. **NXDOMAIN** — authoritative: domain does not exist. No retry needed. 3. **NOERROR + empty answer** — authoritative: domain exists but no records of requested type. No retry needed. 4. **SERVFAIL / REFUSED** — server error. Should retry. 5. **Successful response with records** — normal case. This distinction is core to dnswatcher's purpose: knowing what each DNS server is doing (not responding, responding incorrectly, etc.). The resolver should: - Retry on timeout/SERVFAIL with exponential backoff (2-3 attempts) - Return structured results that indicate the response type per server - Not retry on authoritative negative responses (NXDOMAIN, NOERROR+empty) - Surface per-server failure modes in notifications

clawbot self-assigned this 2026-02-28 12:20:11 +01:00

clawbot referenced this issue from a commit 2026-02-28 12:22:59 +01:00

fix: retry on DNS timeout, distinguish authoritative negatives (closes #35)

clawbot referenced a pull request that will close this issue 2026-02-28 12:23:10 +01:00

fix: retry on DNS timeout, distinguish authoritative negatives (closes #35) #36

clawbot commented 2026-02-28 12:23:24 +01:00

Author

Collaborator

Copy Link

Fix submitted in PR #36.

The resolver now:

• Retries on timeout and SERVFAIL (3 attempts, exponential backoff from 100ms)
• Returns StatusTimeout for persistent timeouts (distinct from StatusError)
• Returns StatusNXDomain / StatusNoData for authoritative negatives without retry
• Populates NameserverResponse.Error with structured failure descriptions

make check passes clean (0 linter issues, all tests pass).

Fix submitted in PR #36. The resolver now: - Retries on timeout and SERVFAIL (3 attempts, exponential backoff from 100ms) - Returns `StatusTimeout` for persistent timeouts (distinct from `StatusError`) - Returns `StatusNXDomain` / `StatusNoData` for authoritative negatives without retry - Populates `NameserverResponse.Error` with structured failure descriptions `make check` passes clean (0 linter issues, all tests pass).

clawbot referenced this issue from a commit 2026-02-28 12:27:17 +01:00

fix: distinguish timeout from negative DNS responses (closes #35)

clawbot referenced a pull request that will close this issue 2026-02-28 12:27:28 +01:00

fix: distinguish timeout from negative DNS responses (closes #35) #37

clawbot referenced this issue from a commit 2026-02-28 12:29:29 +01:00

fix: distinguish timeout from negative DNS responses (closes #35)

clawbot referenced this issue from a commit 2026-02-28 12:35:56 +01:00

fix: distinguish timeout from negative DNS responses (closes #35)

sneak closed this issue 2026-02-28 12:38:18 +01:00

sneak referenced this issue from a commit 2026-02-28 12:38:19 +01:00

Merge pull request 'fix: distinguish timeout from negative DNS responses (closes #35)' (#37) from fix/timeout-vs-negative-response into main

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/62-notification-retry-backoff

fix/empty-targets-validation

fix/67-readme-api-endpoints

fix/issue-39-repo-policies

fix/issue-35-retry-timeout

fix/mock-resolver-tests

fix/dns-timeout-and-root-fanout

fix/query-timeout-and-recursive-resolution

fix/make-check-resolver-tests

fix/state-save-data-race

fix/gosec-g704-ssrf

feature/watcher-implementation

feature/unified-targets

No results found.

Labels

Clear labels

bot

Agent's turn to work

merge-ready

All checks pass, reviewed, rebased, ready for merge

needs-checks

make check does not pass cleanly

needs-rebase

PR has merge conflicts or is behind main

needs-review

Code review not yet done

needs-rework

Code review found issues to fix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

clawbot sneak

No Assignees clawbot

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sneak/dnswatcher#35