-
-
Notifications
You must be signed in to change notification settings - Fork 17
Open
Description
Bug Description
The DNS server has a critical concurrency bug where all DNS queries are serialized due to a global mutex being held during the entire request lifecycle, including external DNS forwarding.
Impact
- Under load, DNS queries timeout waiting for the mutex
- A single slow upstream DNS response (e.g., 200ms) blocks ALL other queries
- Cascading failures occur as timeouts cause retry storms
Root Cause
In handleDNSRequest(), the mutex is locked at the start and only released when the function returns:
func handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
mutex.Lock()
defer mutex.Unlock() // Not released until function returns!
// ... check blockedDomains, exceptionDomains ...
// PROBLEM: External DNS call takes 50-500ms while holding lock
resp, err := forwardDNSRequest(r)
}Additional Issues Found
- Race condition in filter initialization - Map pointer reassignments in
InitializeFilters()done without mutex protection - No TCP support - Server only supports UDP, causing issues with responses >512 bytes
Resolution
This has been fixed in PR #135: #135
Changes Made
- Changed
sync.Mutextosync.RWMutexfor concurrent read access - Release lock BEFORE external DNS forwarding
- Added proper locking in
InitializeFilters() - Added TCP protocol support
- Added environment variable configuration support
Test Results
- 85/85 tests passed (100% pass rate)
- Concurrent query test: 50 simultaneous queries complete in ~80ms (vs hanging before)
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels