10

I use Cisco IPsec to connect to my workplace VPN. I connect using OS X's native Cisco IPSec client. We have an internal DNS server that holds records for internal sites, such as scotty.infinidat.com. Using curl to contact an internal site works as expected. Using the following Python code also works:

import requests

resp = requests.get("http://www.google.com")
resp.raise_for_status()

resp = requests.get("http://scotty.infinidat.com")
resp.raise_for_status()

However, trying to implement an equivalent in Go fails:

package main

import (
    "fmt"
    "net/http"
)

func main() {
    _, err := http.Get("http://google.com/") // This works
    if err != nil {
        panic(fmt.Sprintf("Error contacting Google: %s", err))
    }

    _, err = http.Get("http://scotty.infinidat.com/") // This doesn't
    if err != nil {
        panic(fmt.Sprintf("Error contacting an internal site: %s", err))
    }
}

Running the program above while connected to the VPN yields the following output:

panic: Error contacting internal site: Get http://scotty.infinidat.com/: dial tcp: lookup scotty.infinidat.com on 10.135.1.1:53: no such host

goroutine 1 [running]:
panic(0x290ca0, 0xc82010a490)
        /usr/local/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
main.main()
        /Users/roeyd/src/go/src/webtest/main.go:16 +0x2af

Where 10.135.1.1 is my local network's DNS server. To my understanding the pure Go DNS resolver isn't available on OS X. Forcing Go to use the cgo DNS resolver by setting GODEBUG=netdns=cgo doesn't make any difference.

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
reish
  • 831
  • 7
  • 18
  • 1
    This thread might be helpful to you: http://stackoverflow.com/questions/30043248/why-golang-lookup-function-cant-provide-a-server-parameter – lafolle May 03 '16 at 10:23
  • This seems like a bug, so you should file an [issue](https://github.com/golang/go/issues), also try to compile go from git and see if the problem is fixed in it (there was some DNS work in git few days ago). – OneOfOne May 03 '16 at 21:47
  • OSX uses cgo by default https://golang.org/src/net/conf.go#L68 – voutasaurus May 10 '16 at 16:34
  • This may be relevant: http://serverfault.com/questions/478534/how-is-dns-lookup-configured-for-osx-mountain-lion – voutasaurus May 10 '16 at 16:41
  • 1
    Please provide the output of `host -a scotty.infinidat.com` from the OSX command line while connected to the VPN, and while disconnected. (Assuming the behaviour is different whether connected or not) – John Weldon Apr 19 '17 at 19:02

2 Answers2

0

Perhaps you can use a complete DNS library to first resolve the IP:

 package main

 import (
    "log"

    "github.com/miekg/dns"
 )

 func main() {
    c := dns.Client{}
    m := dns.Msg{}
    m.SetQuestion("scotty.infinidat.com.", dns.TypeA)
    r, t, err := c.Exchange(&m, "10.135.1.1:53")
    if err != nil {
        log.Fatal(err)
    }
    log.Printf("Took %v", t)
    for _, ans := range r.Answer {
        Arecord := ans.(*dns.A)
        log.Printf("%s", Arecord.A)
    }
 }
robermorales
  • 3,293
  • 2
  • 27
  • 36
0

Probably you already did this but from my side when executing dig scotty.infinidat.com I got no records (matching your results):

$ dig scotty.infinidat.com

; <<>> DiG 9.8.3-P1 <<>> scotty.infinidat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53313
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;scotty.infinidat.com.          IN      A

;; AUTHORITY SECTION:
infinidat.com.          155     IN      SOA     ns1.dnsimple.com. admin.dnsimple.com. 1438782431 86400 7200 604800 300

;; Query time: 234 msec
;; SERVER: 10.132.0.1#53(10.132.0.1)
;; WHEN: Sun Jul 30 21:37:14 2017
;; MSG SIZE  rcvd: 93

So if for www.google.com is working, probably high are the changes is something more related to your DNS/ZONE.

nbari
  • 25,603
  • 10
  • 76
  • 131