DNS Rebind
How the Trust1Connector solves the DNS rebind issue
DNS Rebind automatic resolution is implemented starting from v3.8.4, older version can solve this by following the troubleshooting guide: Connector Connection Issues
Introduction
The connector is using a DNS (depending on the connector partner), with a default value of:
The given URL is registered with DNSSEC enabled, and resolves to a 'localhost' domain.
Although the connector can run in a different mode (http, localhost, custom domain name, etc.), to solve the above issue, the following causes are probable:
DNS Rebind is enforced from your router or ISP (Internet Service Provider)
The domain name is not whitelisted in your internal network
A local proxy is running and prevents the internal connector communication
An antivirus is blocking the connector communication
Your (custom) DNS server does not contain resolution for localhost and t1c.t1t.io
The functionality for automatic DNS Rebind resolutation solves the local connectivity issue by adding the DNS used by the connector to the host file of the device.
As the connector is running in user-mode, and thus not have elevated rights, a separate process will be started on the operating system, asking the user to enter the `admin password` only with the purpose of adding the record to the host file of the system.
When a user does not have `administrator` access to his device, and IT administrator can solve the issue (an apply it to all users from that domain).
When installing the Trust1Connector in an owned system network, by default we ask to:
allow the outbound DNS for the Distribution Server
whitelist the local DNS used (t1c.t1t.io) on the router(s) or firewall(s)
allow or whitelist the local DNS in anti-virus agents
Typically when one of the above apply, and is not executed, the connector will run, but may not be reachable.
Logical Flow
The following diagram show the logic begin the one-time check. The process runs on startup on a seperate system thread, and when executed succesfully, persists a marker file (.dnsrebind) in the installation directory of the connector.
Process States
Clean
Starting from from a clean installation, it will go trough the flow above and based on the outcome of the DNS resolving, the process will update the hostfile and create the markerfile
Success - marker present
The process will go trough the flow above and when successful, a DNS check is executed which a successful response.
Success - no marker present
The process will go trough the flow above and when successful, the process will create the marker file without the need of updating the hostfile
Failure - marker present
The process will go trough the flow above and when `failure`, the process will see the marker file, resulting in a error message that it could not resolve the domain. In this scenario, the markerfile indicates that the hostfile has been updated so the problem must be elsewhere.
Failure - no marker present
The process will go trough the flow above and when `failure`, the process will create the marker file and update the hostfile. When the final DNS check fails and it will return an error message.
Here the markerfile also indicates that the hostfile has been updated so the problem must be elsewhere.
When the markerfile `.dnsrebind` is present in the connector directory, this means that the DNS entry has been added (or is already present) in the local host file.
Adding the .dnsrebind file in the user folder, prevents the logic to be executed at service startup.
Last updated