[03:12:04] What tags should imports have? I see some with MW SRE and ImportDump, others with MW SRE and MW [03:13:15] wait import dump is the extention [03:13:17] mb [03:13:50] lmao CA beat me to fixing it [03:14:05] was wondering why the tag change was erroring [03:49:44] oh lol, I didn't see this, but the ImportDump tag is for issues affecting the ImportDump extension not for imports (confusing, I know) lol [12:00:27] failed bureau rights on wiki creation bug is back? [12:06:46] nvm I'm just dumb [13:37:13] Can rename the board or even better the extension [16:22:09] Did we have a status page site? I see mention to it in [[Tech:On-Off Boarding]] [16:22:11] [16:22:20] Yes [16:22:37] We still do [16:22:49] https://status.miraheze.wiki [16:22:56] It's barely used though [16:23:07] status.miraheze.org now [16:23:29] CosmicAlpha: err why [16:23:44] they want to drop miraheze.wiki [16:23:47] Was gonna say. For me the link it borked [16:23:49] What if there's a typo in MH.org dns [16:23:50] agent said so at least [16:23:51] Boooo [16:24:03] Or mh.org expires [16:24:12] miraheze.wiki is no longer used for services but I don't know if we will completely drop miraheze.wiki [16:24:12] There was logic behind it using another domain [16:24:23] then miraheze.wiki would go down also [16:24:23] Anyways @cosmicalpha can I update the page Raul? [16:24:24] Although I'd rather that other domain use other dns [16:24:34] Curse you auto correct [16:25:05] The logic is supposed to catch something wrong with Miraheze.org as a domain too [16:25:21] But I think there's probably still a single point of failure that can affect both [16:25:53] for example, what is both ns* servers are down? [16:25:54] We may move to something else IE miraheze.com, but for now we use miraheze.org, it's less likely to go down then any other domain tbh, due to longer term SSL, etc... [16:26:06] I can see the reason a little bit [16:26:12] then miraheze.wiki is down also as it is also hosted in there. [16:26:46] Why? [16:26:51] not like it matters where it is then [16:27:02] Why has Miraheze.wiki been moved off? [16:27:31] I’d think .org would be best, given its normally used for non commercial organizations like Miraheze and WikiMedia [16:27:32] miraheze.org doesn't use LetsEncrypt, it uses Sectigo so less likely to go down for expiring SSL etc... since it is long term also. [16:28:55] :DoneMH: updated the URL on the page [16:29:10] I'll be honest that's not a great argument, renewing LE certs isn't hard [16:29:56] If we used a normal cert rather than wildcard, you could automate it too [16:29:56] so .org is still the best? [16:30:21] You could probably automate wildcard if you tried [16:30:48] LE lets you automate wildcards [16:31:04] but only the DNS challenge is allowed [16:31:21] Maybe not but DNS is still not either as miraheze.wiki is hosted there also. [16:34:50] Ye and we don't have anyway to automate the challenge [16:37:51] well not like infra has ever had the need to automate the DNS challenge [16:38:35] https://issue-tracker.miraheze.org/T11849 another task for an extension that is already on ManageWiki [16:39:12] some phab admin should edit https://issue-tracker.miraheze.org/maniphest/task/edit/form/7/ to mention that most extensions are already on ManageWiki/extensions [16:59:06] Bruh [16:59:10] Istg [16:59:30] I’ll close [17:00:32] how I got logged out of phab now :moonch: [17:01:14] I'll copy paste reply from another task [17:01:28] ah, you wanted to [17:06:31] Hehehehe [17:10:18] @pixldev one little nickpick, that particular user is a bureaucrat at that wiki [17:10:50] when on Phab, you can go to their profiles and click on "Global Accounts" next to their username to see their group membership [17:11:17] Oh [17:11:20] The more you know [17:11:22] Thanks [17:12:41] I tried to see if the trusted group has perms to edit the form [17:12:43] Does not [17:12:45] Lol [17:12:48] Worth a shot [17:13:21] Also maybe using VisualEditor as an example in the form was a bad idea? [17:13:27] Maybe change to SME [17:13:29] why? [17:13:42] Because there’s no reason to make a task for VE [17:14:04] You're right :p [17:14:12] It’s a habit [17:14:21] I think that form was made back when the task numbers only had 3 digits btw [17:14:43] Reading old tasks, it seems you had to request these extensions to be enabled? [17:15:05] When was MW introduced [17:18:04] Why can’t Maniphest support sorting by date [17:18:24] check this out https://issue-tracker.miraheze.org/T194 [17:18:50] that was the task that led to ManageWiki being created [17:19:45] It wasn't until may 2018 that ManageWiki was put to work [17:20:24] Author by Southparkfan and assigned to John [17:20:25] Dang [17:20:41] Also I didn’t realize how many Central Auth accounts I had dang [17:21:01] if you know who Southparkfan was I believe you qualify for a OG badge on phab 🤣 [17:21:18] Oh I never met him [17:21:24] I joined Miraheze in [17:21:31] January of 23 I think [17:21:50] But I joined the wider Miraheze community when I joined this discord [17:21:53] But later [17:21:56] So later 23 [17:22:31] I love the possibility someone will see staff and cvt wiki and get confused thinking I’m Miraheze staff [17:22:36] :Kek: [17:23:10] I actually have edits on staffwiki, way ahead of you 😎 [17:23:26] https://tenor.com/view/waah-waa-sad-wah-waaah-gif-25875771 [17:23:51] Yeah he’s not much help [17:24:09] but that worked back when I tried it on #bots smh [17:24:17] srsly? [17:24:21] I’ve done this right after I authenticate too [17:25:07] https://cdn.discordapp.com/attachments/1006789349498699827/1207014604866191480/image0.jpg?ex=65de1af3&is=65cba5f3&hm=6e4be0432df6f5fa114c1109b057d071067cbdcbe86e6b5142a3089dbc594697& [17:25:22] Oh hey it broke differently [17:25:35] so we have two bots for verification [17:25:35] Last time I tried is just said not authenticated [17:25:40] and they both barely work 🤣 [17:25:51] Because one has fucking dementia [17:26:17] I’m borderline considering offering to try and code my own [17:26:25] So then we’ll have three that barely work! [17:26:26] why even keep it around then?! [17:26:47] At that point one of the three has to work at any given moment right? [17:26:52] Right?????? [17:27:01] ahem, we like to call this "redundancy" `round these parts [17:27:03] Idk, partly to make fun of it [17:27:11] indeed [17:27:11] :nutmoji: [17:27:12] Yes [17:27:48] But seriously I’m considering it [17:28:03] Discord bots are the thing that got me into Python [17:28:06] And I only know Python [17:28:28] idk who hard discord bots are to make, but the actual OAuth part on wiki is pretty easy [17:28:37] i'd say go for it [17:28:43] I have the code for one of mine on GitHub [17:29:08] https://github.com/pixDeVl/Bee-The-Indolent [17:29:17] It’s only kinda messy [17:29:25] I’m working on a new one rn but it’s a private repo [17:29:34] One that uses mystical things like [17:29:49] Config files!(why did autocorrect to girls) [17:30:00] And ORMs [17:30:07] So arcane [17:30:14] (I am not a great developer) [17:30:31] we all start somewhere [17:31:02] if only you could see my earliest software 😳 [17:31:18] and now I kinda know how stuff works [17:31:19] My first discord bot and really first coding project is on my GitHub [17:31:23] If you wanna laugh at me [17:31:45] Burn it in fire https://github.com/pixDeVl/Discord-Credit-Manager-Bot [17:32:23] The tutorial is strong with this one [17:32:57] Also [17:33:02] not that bad for a first program [17:33:03] LIST OF WORDS IN THE CODE [17:33:05] WHY [17:33:08] PIXL [17:33:13] 😭 [17:33:14] JAON [17:33:20] JSON* [17:33:22] TOML [17:33:25] TXT [17:33:29] SQL [17:33:30] ANYRHING [17:33:40] Any ring is powerful [17:33:54] `'''UPDATE luxCredits SET score = {amount} + score, name = '{user.name}', pin = '{user.discriminator}' WHERE uid = {user.id};'''` this however remembers me of good old bobby tables [17:34:09] also the funniest part was that when I first started I was tearing my hair out trying to figure out how to store data [17:34:15] I was using a dictionary at the time [17:34:31] Then I joined a server with a bot and chatted up the dev [17:34:40] (https://xkcd.com/327/) [17:34:41] Still a close acquaintance today [17:35:15] https://cdn.discordapp.com/attachments/1006789349498699827/1207017154239668344/image0.jpg?ex=65de1d52&is=65cba852&hm=5e9c4b12e5f29ec5aab9129ad3c29bcdc3577784f34c65143e0cf5945dd0db6c& [17:35:30] It was at this point i realized SQL existed! [17:35:50] The face palm was strong with this one [17:36:20] My original idea was Python pickles [17:36:52] no-one is born knowing all the 9000000000+ ways to do the same thing in programming [17:37:05] True [17:37:21] But I’m fairly sure I had learned of SQL sometime in the past [17:37:41] pls tell me it was not with MS Access [17:37:41] pls [17:38:01] No idea what that is :SunglassesThumbsUp: [17:38:05] good [17:38:11] We all start somewhere, and some of us start with hacking an ODBC connector. 😄 [17:38:40] I die everytime I see python [17:38:45] Why do people still use it [17:38:48] 🤢🤢🤢 [17:38:55] Because it's got a fun snake name [17:39:04] https://tenor.com/view/loops-in-python-gif-15818798436595170697 [17:39:16] you better not look at the puppet repo then 🤣 [17:39:20] It’s named after Monty python [17:39:23] What more do you need [17:39:32] Also [17:39:39] It’s ez to learn [17:39:48] I think Miraheze's puppet repo is 1000x more complicated than it needs to be personally [17:40:09] Seems to have fallen into the trap of following WMF and making the modules from scratch instead of just using puppetforge modules. [17:40:10] I don’t get anything that goes on in that mess [17:40:59] It's kind of like regular good-old configs [17:41:05] Achieves the same thing of course, at the expense of being so much more bloat than needed [17:41:17] Anyways I’m gonna try and stop procrastinating on work, then I’ll start working on MiraAwakeAuth bot [17:41:35] You'll get there in the end [17:41:36] Making sure to make it as pythonic as possible to drive OA insane :devilish: [17:41:50] My first Discord Bot was to purge fastlys cache on /purge command [17:41:59] What lang [17:42:34] Side note why is WikiBot being goofy and sending stuff in #verify now [17:42:52] JS I think [17:42:58] the actions of WikiBot are not meant to be understood by mere mortals [17:43:03] I need to learn js [17:43:08] https://gitlab.com/telepedia/tp-bot for reference [17:43:26] stopped working on it because I couldn't get the tests to work properly 😆 [17:43:47] If we don’t adopt a new wiki bot I’ll code a bot that only deletes messages in #verify [17:43:57] I’ve never made tests lmao [17:44:24] Working on mainly discord bots you really can’t test without a lot of very specific set up [17:44:56] Discord is insanely difficult to test I personally find. My test failed everytime because I couldn't figure out how to mock an embed [17:45:03] CI is a big tech scam anyway [17:45:07] thats probably me being dumb af not Discord's complexity, but ay [17:45:12] https://github.com/python-discord/bot/tree/main/tests only one I’ve seen [17:45:14] does it work on the dev's machine? that's all the testing you need [17:45:28] Yeah [17:45:46] https://tenor.com/5iIB.gif [17:46:29] I never understood itnwither [17:46:39] But it’s one of those things you just need apparently [17:47:10] I've never bothered with MediaWiki tests [17:47:18] just let it break in production and fix it then 🙂 [17:47:36] Production is the end to end testing [17:47:53] you guys have a production environment? [17:49:10] @bluemoon0332 sorry to come back to this and ruin the conversation but since you're around I wanted to ask if you thought of any ideas re the NS resolver issue in the meantime [17:54:13] guy’s procrastination won [17:54:29] time to work on MiraAwakeAuth [17:54:37] patent pending [17:54:39] u [17:54:48] open to uh better names ideas [17:55:00] wakey wakey pycharm [18:01:22] that's still happening? [18:02:03] well I mean we never did anything to fix it heh [18:02:17] it's the same thing, where it only recognises it as pointing to us _after_ the zone is added [18:03:27] also @originalauthority I've been meaning to ask if you've had any luck with the notification issue [18:29:31] [1/3] I have. I rewrote an entire backend in Go, which the extension would post notifs to with guzzle and then GET them to show a user their notifs etc. [18:29:31] [2/3] But I'm a bit concerned whether that would be the right way to go because it wouldn't support echo notifications from extensions natively and the extensions would have to be changed. Which is a bit iffy. [18:29:32] [3/3] But then thats probably how it would have to be done for any notification system we introduce that isn't echo. [18:32:17] https://tenor.com/view/golang-golang-halloween-gopher-gopher-halloween-gif-14710385853361001993 [18:39:36] I think I got it [18:41:13] Oh, that's interesting. Maybe @cosmicalpha has thoughts about that [18:41:17] oh? [18:41:36] wait a sec, I have to copy my shell output from the VM [18:41:53] I really don't like pip and won't let it touch my physical machine [18:45:51] [1/18] $ python3 [18:45:52] [2/18] Python 3.11.7 (main, Jan 24 2024, 13:28:48) [GCC 13.2.1 20231014] on linux [18:45:52] [3/18] Type "help", "copyright", "credits" or "license" for more information. [18:45:52] [4/18] > from dns import reversename, resolver [18:45:52] [5/18] > >>> dns_resolver = resolver.Resolver(configure=False) [18:45:53] [6/18] > >>> dns_resolver.nameservers = ['1.1.1.1'] [18:45:53] [7/18] > >>> data = dns_resolver.resolve("miraheze.org", 'NS') [18:45:53] [8/18] > >>> print(sorted(list(data))) [18:45:54] [9/18] > [, ] [18:45:54] [10/18] > >>> if sorted(list(data)) == sorted(["ns1.miraheze.org.", "ns2.miraheze.org."]): [18:45:54] [11/18] > ... print("OK") [18:45:55] [12/18] > ... [18:45:55] [13/18] > [18:45:55] [14/18] > [18:45:56] [15/18] > >>> if sorted(list(data)) != sorted(["ns1.miraheze.org.", "ns2.miraheze.org."]): [18:45:56] [16/18] > ... print("NOT OK") [18:45:57] [17/18] > ... [18:45:57] [18/18] > NOT OK [18:46:53] well miraheze.org works because it's in our NS configuration [18:47:04] but according to that even that doesn't work [18:47:14] but then how does it work with icinga? [18:47:16] if it's the same method? [18:47:19] I designed it this way for two reasons, one I wanted to eventually integrate TSPortal notifs into it and two, it didn't make sense to just follow the same way Echo did as we may aswell just keep echo 🤣 [18:47:46] Fair enough... though I really don't get how Echo works for ImportDump but doesn't for RequestSSL when it's the exact same code. I still can't figure that out [18:48:15] just like the NS resolver problem... the same code doesn't seem to work in a different place [18:48:49] Does this extension depend on Puppet? [18:49:28] `[, ]` that some funny strings [18:49:48] If sending the notification is doable without puppet, I can have a look at stepping through it with PhpStorm later tonight [18:49:55] no not yet, RequestSSL is just ImportDump really but without the interwiki prefix and upload options [18:50:06] so that's why I don't get why notifs just don't work [18:50:17] though my understanding was that even RequestWiki ones aren't working as intended [18:50:29] (for ImportDump I can say I've been receiving notifications) [18:51:10] I haven't recieved a single notif from ImportDump i don't think [18:51:36] I don't really check notifs that often but I can't say I've seen one when I have checked [18:52:13] do you have them on? I get ones for new requests via the separate method but I also get ones for comments [18:52:31] I'm in the config on github, do you need to toggle them in preferences or sttn? [18:52:51] If you're in the config you should get all new ID requests [18:52:57] but preferences is for comments to existing ones I think [18:53:59] I think for RequestSSL I did receive the config-based notification but not one for a comment [18:54:40] [1/2] Yeah I'm getting nothing [18:54:41] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1207037142044250163/image.png?ex=65de2ff0&is=65cbbaf0&hm=03927837a086f329bce839f964becf33d439af2e7ec05d54dea02b8b8f87c6c2& [18:54:53] @reception123 that method doesn't return strings, how did that ever work? [18:56:06] https://github.com/miraheze/mw-config/blob/master/LocalSettings.php#L2137 Yeah I'm confuzzled [18:56:46] oh it is a preference [18:57:59] ask icinga! [18:58:12] `Returns a ``dns.resolver.Answer`` instance.` (https://dnspython.readthedocs.io/en/latest/_modules/dns/resolver.html#Resolver) [19:00:35] hmm, see https://github.com/miraheze/puppet/blob/b3e910f85324500809bcd8e7b3b5816e9f990daa/modules/monitoring/files/check_reverse_dns.py [19:01:22] yeah I just recreated what that script thoes [19:03:29] You don't get messages for your own comments [19:03:43] I haven't made any [19:03:51] turns out I had it disabled in preferences [19:04:20] it should probably be default to yes for echo notifs. Seems it defaults to false for echo and true for email [19:05:09] hmm, I don't get it then [19:05:20] I also see an issue with notifs on both, you don't get any notifs from comments added when adding adding a comment with Status change CC @reception123 (I know exactly why also) [19:08:34] for RequestSSL I don't think I did either way [19:09:00] and for RequestWiki I don't remember exactly but I feel like there was something wrong there too [19:16:27] @reception123 can you try commenting on [19:19:19] or @originalauthority ^ [19:19:38] done [19:20:24] Thanks! I'm gonna hack it so own comments can send notifs so I don't keep bugging you while I debug this lol [19:20:59] im stepping through it now [19:21:07] and something seems off with how its selecting the user I think [19:21:38] Yeah I may know the issue [19:23:40] [1/2] at this point $involvedUsers is null, but it shouldn't be it should be 1. [19:23:40] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1207044436853395456/image.png?ex=65de36bb&is=65cbc1bb&hm=d6a5f978437cdf09c77dd91c857927f0f52ae15307942e726b354b54e69f529e& [19:29:33] getInvolvedUsers() returning nothing may be veen [19:31:27] it worked now, can you add a comment and see if it does [19:31:36] it seems I might just be wrong with what I said [19:31:47] the actual script does some more processing before the check [19:32:03] [1/2] yeah works [19:32:03] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1207046548970672148/image.png?ex=65de38b3&is=65cbc3b3&hm=3c6511861f6b5f436360ddc6d0ef117b9c68f1c6d5d8a457d802c90b18af1f1c& [19:32:06] just commented anyway [19:32:26] I know I hacked a change and reverted I want to see something else [19:32:41] I don't get it lol [19:33:02] Something is off with getRequester [19:33:06] I hacked a change, reverted, and no there is no changes but it suddenly started working with normal code [19:33:30] [1/2] should return 'OATESTSSL' because it correctly identifies the actor id and knows which user I want, but it returns null for the name [19:33:30] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1207046912033951744/image.png?ex=65de3909&is=65cbc409&hm=beac88f0b51e695870d861cb94abb608f6ace0e9f60314e6e2374d9d4beca352& [19:33:49] oh wait [19:34:02] its actually returning the user that made the comment, [19:34:22] what IDE is that? [19:34:26] PHPStorm? [19:34:47] Something odd is happening here [19:34:51] yep [19:35:55] that script actually works fine [19:36:15] re: the check_reverse_dns script, still think it really was just a caching issue [19:36:16] It is supposed to [19:36:38] yeah but then we're diffing the array between the requester and the user that made the comment, which is going to be null [19:37:19] it should be returning the name of the requester, not the one who made the comment? [19:37:21] no we are diffing the array between all involved users (everyone who commented + the requester), and the actor who is making the comment [19:37:50] Yes, but it looks like getRequester is returning the one who made the comment and not the requester [19:38:54] The code doesn't make that possible [19:39:06] `$this->row->request_actor` [19:39:26] unless that is the commenter, it is impossible for getRequester to be the commenter [19:39:49] yeah, and its getting the correct actor of the one who should recieve the notification, from what I'm seeing, but then something after that is going wrong [19:40:24] I think the issue lies with there being only 1 involved user besides the comment actor [19:40:44] So if only the requester is supposed to receive a comment there seems to be an issue [19:41:17] shouldn't be tho? [19:41:19] That actually can't be either [19:41:24] Because it works now [19:41:32] After I hacked a change and reverted [19:41:40] So no changes but suddenly works [19:42:23] I just hacked `array_diff( $this->getInvolvedUsers(), [ $user ] )` -> `$this->getInvolvedUsers()` but after I reverted it works fine [19:43:37] Actually I also changed my preferences, disabling web based notifs for comments then reenabling, maybe that had something to do with it. [19:49:18] [1/2] Well, thanks to @cosmicalpha I think we can officially start using RequestSSL now instead of Phorge for new SSL requests. [19:49:18] [2/2] Yes, it's not fully done yet but at least instead of having to copy/paste domains and stuff it's just one command and then mark as completed so it saves time [19:49:34] Woo! [19:51:27] so https://issue-tracker.miraheze.org/T11850 will be the final SSL to be done on Phorge and I guess it's fitting that I get to be the last one to do it given I've probably done most SSLs heh [19:52:39] opcode cache, preference caching, [19:52:46] likely some form of cache issues [19:53:10] @bluemoon0332 even better! [19:53:15] lads.wiki is pointed via DNS [19:53:22] so this is our chance to test out the resolver again [19:53:27] with a domain that isn't in DNS config yet [19:56:20] my version just says [19:56:22] [1/2] ```dns.resolver.NoNameservers: All nameservers failed to answer the query lads.wiki. IN CNAME: Server Do53:2606:4700:4700::1111@53 answered SERVFAIL [19:56:22] [2/2] ``` again [19:56:41] change the resolver to 1.1.1.1 [19:57:37] @cosmicalpha still waiting on for your review on https://github.com/miraheze/RequestSSL/pull/24/files btw [19:57:40] [1/3] interesting: [19:57:40] [2/3] ```dns.resolver.LifetimeTimeout: The resolution lifetime expired after 5.402 seconds: Server Do53:1.1.1.1@53 answered The DNS operation timed out.; Server Do53:1.1.1.1@53 answered The DNS operation timed out.; Server Do53:1.1.1.1@53 answered The DNS operation timed out. [19:57:41] [3/3] ``` [19:58:45] change it to 1.0.0.1 [19:58:53] @reception123 ^ [19:59:17] same thing [20:00:10] change it to quad9's ipv6 `2620:fe::fe` [20:00:26] just want to rule out any possibility of cache or rate-limiting [20:00:55] back to square one [20:00:57] ```dns.resolver.NoNameservers: All nameservers failed to answer the query lads.wiki. IN CNAME: Server Do53:2620:fe::fe@53 answered SERVFAIL``` [20:01:23] but here icinga would likely not work either as icinga only works because it's already added to our DNS zone [20:01:26] so the issue is somewhere else [20:01:50] I don't think it's a particular resolver. The fact that it's added as a DNS zone vs. when it's not clearly changes something [20:02:33] but it's really a catch-22. The DNS resolver only works if you add a DNS zone but you can only automatically add a DNS zone if the resolver runs to determine if it's actually pointed [20:03:02] I mean technically we could just add DNS zones for everything and then remove them automatically right after if the resolver determines they're not pointing but that feels super messy to do [20:05:38] When I recreated manually the steps of the script on Python3's interactive shell, everything worked fine [20:05:53] have you tried with lads.wiki? [20:06:01] I'll try and post the output here [20:06:14] maybe I'm doing something different that I'm not noticing? [20:06:15] but again, did you try with a domain that doesn't already have a DNS zone? [20:06:32] shouldn't matter [20:06:52] we want the NS record, that doesn't depend on the authoritative nameserver for that domain [20:07:00] it shouldn't but it seems to [20:07:07] I just tried it with allthetropes.org and it works [20:07:32] so that's the issue here - it refuses to work for wikis that don't already have a DNS zone [20:07:51] ohhh [20:08:00] I get the same thing [20:08:24] and actually got a traceback thanks to no exception handler [20:09:28] Hmm, this is the mystery I've been trying to solve for a long time but I never could understand why it differentiates this and what the problem is if there's no DNS zone for the domain [20:10:02] manual `kdig @1.1.1.1 lads.wiki NS` [20:10:19] also returns SERVFAIL, so not a problem from dnspython [20:10:54] Hmm, in that case it's a wider thing. But then how come WHOIS manages to return nameservers? [20:11:02] perhaps we should change method then if DNS resolvers don't work? [20:11:06] whois is independent from DNS [20:11:17] they do, but we need to skip the middleman [20:11:20] I think I once tried to do a whois method but that didn't work either [20:11:36] [1/13] ``` [20:11:36] [2/13] localhost:~$ kdig @a.nic.wiki lads.wiki NS [20:11:36] [3/13] ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 63117 [20:11:37] [4/13] ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 2; ADDITIONAL: 0 [20:11:37] [5/13] ;; QUESTION SECTION: [20:11:37] [6/13] ;; lads.wiki. IN NS [20:11:38] [7/13] ;; AUTHORITY SECTION: [20:11:38] [8/13] lads.wiki. 3600 IN NS ns2.miraheze.org. [20:11:38] [9/13] lads.wiki. 3600 IN NS ns1.miraheze.org. [20:11:39] [10/13] ;; Received 75 B [20:11:39] [11/13] ;; Time 2024-02-13 21:10:52 CET [20:11:39] [12/13] ;; From 37.209.192.10@53(UDP) in 16.2 ms [20:11:40] [13/13] ``` [20:12:08] huh [20:12:12] for some reason, recursive nameservers seem to be asking the authoritative nameserver for that domain [20:12:37] which, in our case returns `REFUSED` because ns* doesn't have a zonefile for them [20:12:51] recursive nameservers are masking that error [20:12:59] @bluemoon0332 @originalauthority I figured out notifs issue [20:12:59] yeah, that would explain things [20:13:38] solution is not bothering with these recursive nameservers and asking ourselves to the authoritative namservers for the TLDs [20:13:47] oh, how would that work? [20:14:07] idk, I would need to take a look at what lower-level methods dnspython has [20:14:20] @reception123 time for a phab task [20:14:23] It was not counting requester in getInvolvedUsers unless requester was also in comments because arrays merged wrong [20:15:03] Thanks! I hope we don't have to do my messy solution if there's nothing else [20:15:24] I also noticed when adding a comment this time it was 10x faster to submit the form, there must have been some performance issue the other way also... [20:15:52] @cosmicalpha and @originalauthority great job with RequestSSL [20:16:05] this turning out to be quite the productive day huh [20:16:16] Hey yeah lol [20:16:34] yes, it took a long time for me to submit actually [20:16:40] Also @bluemoon0332 https://github.com/miraheze/RequestSSL/pull/33 seem okay to you? [20:19:45] yeah [20:27:51] Also can I just say the name `check_reverse_dns.py` is a bit misleading for the script [20:28:00] it does not do only that [20:28:09] also srry for the reply, didn't mean to [20:28:56] @bluemoon0332 naming things is hard [20:29:28] @reception123 https://issue-tracker.miraheze.org/T11851 [20:29:51] Thanks! [20:30:12] @bluemoon0332 is that an us bug? [20:30:17] yes [20:30:48] though the conditions for it are impossible, that is until we rely on it for RequestSSL [20:31:18] @rhinosf1 yeah the issue is the resolver only works when the zone is actually added as a DNS zone [20:32:01] @reception123 which shouldn't technically be true for an NS record [20:32:01] so basically it's a catch-22 [20:32:07] yeah... [20:32:25] @bluemoon0332 do we have any code that works? [20:32:35] No [20:32:45] @bluemoon0332 so is this a bug in our code? [20:32:54] Or a bug in dnspython [20:33:06] not a bug in dnspython, they're doing things right [20:33:46] bug in our code, because we should be asking the nameserver of the TLD directly [20:34:40] @bluemoon0332 the nameserver of the TLD won't tell us if the domain is pointed at us [20:34:58] Even without a zone in our dns [20:35:03] > nameserversans = dns_resolver.resolve(root_domain, 'NS') [20:35:12] https://discord.com/channels/407504499280707585/1006789349498699827/1207056501856931911 [20:35:21] that's what I mean [20:36:09] @bluemoon0332 okay [20:36:20] I feel these are seperate problems in all honesty [20:37:07] check_records is checking the records for the domain to see if it's pointed correctly. If we've not created a zone, it's not pointed correctly. [20:37:38] What you're saying is requestssl needs to know what the nameservers registered against the domain is [20:38:40] requestssl only needs to care if the domain is pointed via setting us as the authoritative nameservers [20:39:00] because we need to know when we should generate the zonefile for it [20:39:17] Yeah you don't need to do a dns query on the TLD dns for that [20:39:31] ? [20:39:46] That's what Whois data is for [20:40:44] It is an option [20:41:48] I don't think check_reverse_dns should be doing that [20:42:06] Because it's a check of whether the domain has records that are pointed at us in a valid way [20:42:15] And if the rDNS is correct [20:42:30] I'm fine with either approach [20:42:39] you're the SWE in infra, your call [20:42:42] if we aren't returning anything from our nameservers, it's not a correctly pointed record [20:43:06] We can have a separate check for is the domain using our nameservers [20:43:49] @bluemoon0332 do you want to update the task for a new check or shall we close that? [20:44:21] I haven't followed request ssl too closely so I'm not sure how you rely on the nagios code [20:46:20] Heh i suspected it was that function [20:56:52] It's not relayed yet [20:57:04] This is just my separate python script for now [21:00:28] @reception123 do you want me to implement DNS checks into RequestSSL now? [21:00:41] Its easy [21:01:00] I mean sure but I thought OrangeStar was working on something like that [21:01:06] [1/6] ```php [21:01:07] [2/6] > var_dump(dns_get_record('allthetropes.org', DNS_NS)[0]['target']); [21:01:07] [3/6] string(16) "ns2.miraheze.org" [21:01:07] [4/6] > var_dump(dns_get_record('allthetropes.org', DNS_NS)[1]['target']); [21:01:08] [5/6] string(16) "ns1.miraheze.org" [21:01:08] [6/6] ``` [21:01:22] Oh wow, it's much easier than the resolve method then [21:01:38] So sure, I'll take it. Though i guess the actual creation of the zone would be tricky this way [21:01:48] It would have to wait until the puppet API [21:02:04] It would be yeah but at least you'd have an initial check on if its pointing [21:02:28] CC @bluemoon0332 on thoughts ^ [21:03:03] Yeah that would prevent the need for the comment function in most cases 😅 [21:05:14] [1/19] @reception123 also: [21:05:14] [2/19] ```php [21:05:15] [3/19] > var_dump(dns_get_record('bluearchive.wiki', DNS_CNAME)); [21:05:15] [4/19] array(1) { [21:05:15] [5/19] [0]=> [21:05:16] [6/19] array(5) { [21:05:16] [7/19] ["host"]=> [21:05:16] [8/19] string(16) "bluearchive.wiki" [21:05:16] [9/19] ["class"]=> [21:05:17] [10/19] string(2) "IN" [21:05:17] [11/19] ["ttl"]=> [21:05:17] [12/19] int(600) [21:05:18] [13/19] ["type"]=> [21:05:19] [14/19] string(5) "CNAME" [21:05:19] [15/19] ["target"]=> [21:05:19] [16/19] string(18) "mw-lb.miraheze.org" [21:05:20] [17/19] } [21:05:20] [18/19] } [21:05:21] [19/19] ``` [21:05:41] That's perfect!