XMPP Service Operators

Stefan 09:57:58
Hello
Licaon_Kter 10:09:46
Stefan: yo, what brings you here?
Stefan 10:12:18
Hi! It seems I have a problem with my server records. the thing is, gajim needs more than 15 seconds to connect. (psi+ connects immediately). and I could first not connect to this muc, said "not reachable" (second try worked then). I thought it could be a problem with ipv6 not available (had this with putty), but others said i should check my server records. I have a dynip setup with a myfritz domain.
Stefan 10:18:30
compliance tester from inputmice didn't pass the server-records test formerly.
Licaon_Kter 10:30:52
Stefan: what did it complain about?
Licaon_Kter 10:31:07
Gajim logs say what? DNS SRV records are fine?
Stefan 10:31:24
I don't remember exactly, and now it doesn't work anymore.
Stefan 10:32:53
> DNS SRV records are fine? i don't know enough about it to be able to answer that. could i show you the records?
Licaon_Kter 10:33:52
Maybe
Stefan 10:36:45
https://chat.rxmpp.de:5443/upload/5680bcb646ac9f3fe800312b92506ad84e990a48/tRYepj1xok0ythz5qDuy/64dcb28a-7870-4419-8e6f-33827f74297c.png
Stefan 10:37:21
I remember I saw failures in the ejabberd log too, somethin with certificates.
Licaon_Kter 10:44:03
Which client sent a picture as link?
Stefan 10:44:19
gajim?
Licaon_Kter 10:44:31
1.8.4? Odd
jonas’ 10:44:47
Licaon_Kter, embeddings may be stripped here.
jonas’ 10:44:51
for reasons
Licaon_Kter 10:44:53
Ah
Stefan 10:44:58
yes, 1.8.4
jonas’ 10:45:10
Stefan, * CNAME is..... potentially causing issues
Licaon_Kter 10:45:11
Good to know. jonas’: how? MUC server manipulates messages?
jonas’ 10:45:14
Licaon_Kter, yes.
jonas’ 10:45:47
Licaon_Kter, I suspect https://modules.prosody.im/mod_muc_restrict_media.html is loaded here
Stefan 10:45:54
I changed settings on my router, so the daily disconnection doesn't take place anymore. I think of putting in the ip directly now. ip change every 180 days should be not too bad?
jonas’ 10:46:44
Stefan, the ****.de suffix on conference.chat.*****.de needs to be removed
Stefan 10:46:59
I even read about some methods of automatically change dns settings, it was an article in c't
jonas’ 10:47:19
and try removing the `*` CNAME.
jonas’ 10:47:34
that may cause issues depending on the particular DNS software used.
Stefan 10:47:43
jonas’, thank you!
Stefan 10:48:34
so only "conference.chat" ist enough?
jonas’ 10:48:37
yes
jonas’ 10:49:00
(probably—the DNS provider will add that suffix on their own)
Stefan 10:53:24
ok, I changed the settings. I will check later to see if there has been a change.
jonas’ 10:55:41
good luck!
jonas’ 10:56:08
if it still doesn't work, you can tell us the domain name and we can take a look---it's often easier to poke at these kind of things from the outside because in particular with CNAMEs there's a lot that can go wrong.
Stefan 10:59:41
can't you see the domain name in my upload link?
jonas’ 10:59:52
oh :)
jonas’ 10:59:53
yeah
Stefan 11:00:08
I didn't think of it when posting..;-)
jonas’ 11:00:28
ok so the first thing I notice is that the SRV records don't seem to be actually present?
jonas’ 11:00:44
ah, you didn't set them up correctly
jonas’ 11:00:55
but even the other ones don't show up
Stefan 11:01:00
perhaps because of the change?
Stefan 11:01:16
how do you lookup that?
jonas’ 11:01:46
I use `dig` on the commandline: `dig +short SRV _xmpp-server._tcp.chat.rxmpp.de` (empty)
Stefan 11:05:21
perhaps it doesn't work with cname with my provider at all?
Stefan 11:06:01
or it takes a while, I just changed them, so perhaps that is the reason. thank you very much !
jonas’ 11:08:29
no, even when asking their servers directly (`dig +short @ns01.1blu.de. SRV _xmpp-server._tcp.chat.rxmpp.de`) the SRV record does not show up, but the `*` CNAME is gone already.
Stefan 11:08:44
ah..
jonas’ 11:09:11
but that shouldn't be an issue, actually, quite the opposite. The chat.rxmpp.de record exists and seems to work
jonas’ 11:09:25
and a server answers on that (looks like an ejabberd?)
Stefan 11:09:34
yes.
jonas’ 11:09:35
so it should work
jonas’ 11:09:58
so maybe the stuff with the MUC component will sort itself out now that you fixed the CNAMEs
jonas’ 11:10:14
I'd delete the SRV records in your case, because (a) they do not work and (b) it's not correct to point an SRV at a CNAME
jonas’ 11:10:29
and (c) you don't need them because you have CNAMEs pointing at A records for your XMPP domains
Stefan 11:10:35
ok. but I could change the cnames to my ip?
jonas’ 11:10:51
no need for that
Stefan 11:11:01
i mean, remove the cnames, and use ip instead
jonas’ 11:11:05
yeah, no need for that
Stefan 11:12:01
so what do you think is the reason for the delayed connection in gajim?
jonas’ 11:13:06
~~does it happen alwyas?~~ ✎
jonas’ 11:13:09
does it happen always? ✏
Stefan 11:13:37
yes. but psi+ is faster, always.
Stefan 11:13:46
15-20 seconds
Stefan 11:14:30
i have only ipv4 enabled for my server.
jonas’ 11:14:40
weird
jonas’ 11:15:14
in that case one would probably have to look at network traces. the connection to your server is fast. maybe that's something to ask in the gajim room though, maybe there are debug logs you can look at before shooting with the big guns (wireshark) at the problem.
Stefan 11:16:26
I asked there already, they said me I should check the server records ;-)
jonas’ 11:17:03
right, but Psi+ seems to work and your server records look ok now to me.
jonas’ 11:17:44
oh, something weird *is* going on
jonas’ 11:17:57
ohhhh
jonas’ 11:17:58
yeah
Stefan 11:18:05
the problem is very similar to the one I had with ssh / putty, but with a different computer. switching from "auto" to "ipv4" in putty solved the problem and the connection was re-established without delay. the delay was also about 15-20 seconds.
jonas’ 11:18:09
Stefan, your myfritz domain publishes *both* IPv6 and IPv4 records
jonas’ 11:18:22
if your xmpp server only listens on IPv4, that's going to cause issues
jonas’ 11:18:33
you need to make your xmpp server listen on IPv6, or fix the myfritz to only show the IPv4 IP
Stefan 11:19:16
hmm I already thought about changing the server settings to support ipv6 too. but I don't have any knowledge about ipv6, so I didn't do it yet.
Stefan 11:20:22
first step i planned now was to not use the cname anymore but put the ip in there.
Stefan 11:21:10
> Stefan, your myfritz domain publishes *both* IPv6 and IPv4 records great that you noticed that, thank you!
Stefan 11:33:33
> Stefan, your myfritz domain publishes *both* IPv6 and IPv4 records it looks as if there is no way to change this behaviour of myfritz.
jonas’ 11:33:48
then you should enable IPv6 on your XMPP service :)
Guus 12:53:41
fun: https://github.com/berthubert/trifecta/issues/38
MattJ 13:01:07
~~Random issues like this is a reason Snikket uses a subdomain for HTTP upload, as "defence in depth"~~ ✎
MattJ 13:01:20
Random issues like this are a reason Snikket uses a subdomain for HTTP upload, as "defence in depth" ✏
jonas’ 13:39:26
if your http upload component doesn't already set a strict content security policy, yesterday was a good time to change that.
Stefan 13:52:12
> and (b) it's not correct to point an SRV at a CNAME now I'm a bit desoriented what would be the best way for me. (not regarding the problem with ipv4/ipv6). point an SRV at a CNAME ist not correct - but what is better now? setting it to the ip(v4), or deleting the SRV as jonas´ suggested? It seems that everything works without these Records? why do I need them at all?
MattJ 13:53:36
There is a good chance you don't
MattJ 13:54:28
They are necessary if you have non-standard ports or need to balance connections over multiple servers
Stefan 13:54:56
ah I see.
moparisthebest 14:26:35
> fun: https://github.com/berthubert/trifecta/issues/38 Ah yes, I assume everyone remembers this moment in their life, I know I do: > I never knew that SVG could contain javascript which would run... ↺
jonas’ 14:35:03
Stefan, *if* you wanted to keep SRV records (which you probably don't need to), you could point the SRV directly at your myfritz domain