Running TCP DNS server?

QUICK NOTE.

Somehow, for reasons I promise you don’t want us to get into, getting DNS open was more complicated than getting 25565/tcp-udp open for Minecraft. If you check this evening, you should be able to run a Minecraft server, though don’t quote me, because I’m not going to try to actually run one until this evening.

There will probably be some wonkiness: 25565/udp will only work on your fly-global-services address (all edge UDP gets directed there). What I’m saying here is: don’t bang your head against the wall too much on it; if you have problems, let us know, and we’ll try to be the ones who spend time debugging, not you.

53/tcp is still not open. In the meantime I recommend running DNS over 25565/tcp.

1 Like

I KID. 53/tcp should work sometime early next week.

Getting every port working is on our docket. The simple way for us to that is with socket-steering eBPF code, but to make that work we’ll need to do a fleet kernel update, and since we have the luxury, it’ll probably be a couple weeks out.

I can knock out 6443 early next week too, and I’m happy to take requests for other ports if it’s likely that more than 1 person wants it. (I say “I’m happy” but really it’s Steve doing the heavy lifting here and just me taking the credit. Except for DNS-over-Minecraft, an idea I expect full credit for.l)

Having port 6443 for kubernetes would be really awesome.

Also 8443 for dendrite (Matrix.org home server) would be also really awesome. Matrix uses 8443 for federation with other servers.

The matrix port is a good idea!

What are you doing with kubernetes? It weirds me out a little to expose the k8s API publicly. I think for k8s, it’d be better to setup a wireguard peer and connect through the private network (and all ports work over the private network).

1 Like

3 posts were split to a new topic: kubernetes on fly

You should no longer get this error! I’m able to launch 53/tcp things now.

We also added 8443/tcp (and, of course, the Minecraft port).

(Correction: I spoke too soon on 8443/tcp, that may be a couple hours; it’ll go in with the next fly-proxy deploy. 53/tcp and 8443/tcp are, so far, the weird ones; everything else is a one-liner.)

1 Like

Confirmed that 53/tcp is live at my end. Fantastic!

4 Likes

Could you also open up port 853/TCP?

Trying to deploy a DNS over TLS app. Already tested it to be working on 53/TCP (over TLS), but the required port is 853.

2 Likes

Yep, this shouldn’t be a problem. I’ll ping back when it’s done (if I take too long, please feel free to yell at me).

2 Likes

Hi thomas: Is this still in fly’s backlog?

Curious: What’s weird about those? Something specific to fly’s load-balancer? :smiley:

It’s still in our backlog! The way we want to fix this is with a BPF program to redirect all anycast traffic on any port to our proxy; to get that working, we need to get all our machines on a specific kernel. We’re currently working on fixing an incompatibility between that kernel and our existing BPF code.

We spent a good amount of time last week working on this; it’s definitely being actively worked on, and is annoying the hell out of us.

1 Like

@thomas We have a request for 7777 as well: Deploying on unsupported port

Yep, on it!

A post was split to a new topic: DNS over TCP works, but UDP doesn’t

Was able to deploy over TCP/853. But no connections seems to reach it.

Also tried using fly-global-services as hostname, then even TCP/53 stops working with [error] Error 2000: problem connecting to app instance.

Not ready yet?

@thomas ^ we have open requests for 853 and 7777.

Hey! 853/tcp should work now (you don’t need fly-global-services for this! You only need that for UDP, so that our XDP code doesn’t mess with the UDP DNS that your VM already generates).

7777/tcp turns out to be slightly tricky for reasons I am too embarassed to report here but will explain once we’ve fixed it, which is the next thing on my docket.

Sorry for the delay on the first port; I added it to our API, but it was waiting on a fleet deploy to actually work. It is very silly that we have to do big deploys to add ports, and that too is something we are working on fixing.

3 Likes

Hi, 853/tcp is still not working. Tried a redeployment a few mins ago.

Unable to connect to it, getting Connection refused error.

Edit (3h later): It is working now! Thanks!

1 Like

Is this port 853 not available in all regions?

Port are mapped like so:

Services
PROTOCOL PORTS           
TCP      443 => 8080 []  
TCP      853 => 10000 []

I’m having trouble with deploying to all regions and with autoscaling:

Hi @Rowan_Hamilton , it should be, per https://community.fly.io/t/new-feature-every-public-port-now-allowed-for-tcp-services-this-means-http-too.

Can you check Troubleshooting your Deployment to see if your port-related config in the fly.toml is per this.

You can also look in the logs to see if you find anything that looks like an error, i.e., flyctl logs.