XMPP Service Operators - 2021-12-18

  1. neox

    Hi there

  2. neox

    I'm the operator of a-lec.org XMPP service

  3. neox

    I can't connect anymore to xmpp.org (s2s) and don't know why

  4. Licaon_Kter

    neox: log says what?

  5. neox

    Licaon_Kter, "connection refused"

  6. MattJ

    Does it say what IP/port it is connecting to?

  7. neox

    Precisely : "Failed to establish outbound s2s connection a-lec.org -> muc.xmpp.org: Connection failed: connection refused; bouncing for 139 seconds"

  8. neox

    MattJ, hm ejabberd does not indicate that information in logs, is there a way I can find it ?

  9. MattJ

    Probably if you enable more verbose logging

  10. neox

    Ok I'm doing it right now

  11. Licaon_Kter

    DNS resolvs fine?

  12. neox

    Licaon_Kter, I see that `dig muc.xmpp.org A` resolves to, but `AAAA` is empty

  13. neox

    Hm btw I just tried to `telnet muc.xmpp.org 5269` and it's connection refused

  14. Holger

    neox: You need to check the SRV records: ``` $ host -t SRV _xmpp-server._tcp.muc.xmpp.org _xmpp-server._tcp.muc.xmpp.org has SRV record 1 1 9269 xmpp.xmpp.org. $ host xmpp.xmpp.org xmpp.xmpp.org has address xmpp.xmpp.org has IPv6 address 2604:a880:800:c1::2a:a001 ```

  15. neox

    Oh yeah thanks Holger

  16. Holger

    So port 9269 instead. Both v4 and v6 work fine for me.

  17. neox

    Yes, works for me with telnet now

  18. neox

    But why ejabberd does not work ?

  19. Holger

    neox: `ejabberdctl stop_s2s_connections`, still doesn't work then?

  20. neox

    By "does not work" I mean "does no do the same to find which port to use", but I'm unsure that's exactly what's happening

  21. neox

    I tried stop_s2s_connections, still does not work for muc.xmpp.org

  22. Holger

    `tcpdump -i eth0 port 9269` (or whatever the outgoing `-i`nterface is called)?

  23. neox

    Good idea

  24. Sapotaceae

    is this the issue jonas mentioned where selinux prevents ejabberd from s2s on non-standard ports?

  25. neox

    Holger, absolutely nothing

  26. neox

    But ejabberd log states "connection refused" at the same time

  27. neox

    Just attempted `sudo tcpdump -i enp1s0 | grep`

  28. neox

    I obtain : ``` 22:47:41.949189 IP xmpp.lan.58085 > Flags [S], seq 1856696913, win 64240, options [mss 1460,sackOK,TS val 4076834855 ecr 0,nop,wscale 7], length 0 22:47:42.033548 IP > xmpp.lan.58085: Flags [R.], seq 0, ack 1856696914, win 0, length 0 ```

  29. neox

    So ejabberd still uses 5269

  30. Holger

    You're doing the SRV lookup on the same system as ejabberd?

  31. neox


  32. neox

    `host -t SRV _xmpp-server._tcp.muc.xmpp.org` gives me `_xmpp-server._tcp.muc.xmpp.org has no SRV record`

  33. Holger

    neox: Does `host -t SRV _xmpp-server._tcp.muc.xmpp.org ns1.xmpp.org` work?

  34. neox

    And on my own computer : `Host _xmpp-server._tcp.muc.xmpp.org not found: 3(NXDOMAIN)`

  35. neox

    > neox: Does `host -t SRV _xmpp-server._tcp.muc.xmpp.org ns1.xmpp.org` work? It works on our server, but not on my own computer

  36. Holger

    `host -v` should tell you which DNS server is queried.

  37. neox

    Well it tells me, which is logical

  38. neox

    I tried to clean the cache, but it does not change anything

  39. neox

    So... It seems that's a DNS propagation problem

  40. neox

    Ok, I changed my upstream DNS server and now I'm connected

  41. neox

    Thank you all for your help

  42. moparisthebest

    neox: a haiku for you: > It’s not DNS > There’s no way it’s DNS > It was DNS