1. 5

    We’ve bricked ourselves into a corner with this where I work. A few years ago we started developing a CLI for some internal web services, and the tool is used across a large estate of platforms now. Unfortunately, as with many financial services institutions, legacy tech is prevalent, and I do mean legacy. We still have some RHEL-4 boxes kicking around. When we started building this tool, we hadn’t actually looked at the kernel versions Go was supported on - and we didn’t notice a problem. All the builds of the tool ran everywhere.

    Then we updated our go tool chain above 1.10, and suddenly we were getting panics from the new binary on these old platforms. Turns out the kernel they run is not support by Go - but we had had no idea up to that point.

    Now that means we’re stuck building our tool with 1.10, and cannot use any new Go language features as a result. Sad times.

    1. 1

      I feel both sides of this problem. One of the products I deal with at work is still using Java 6 (due to a tool that calls the Java directly). Even in Java’s slow moving ecosystem that’s old. This is logjamming a whole bunch of other toolchain/infrastructrue/framework updates as well.

      With the product that’s in Go, they had been updating the OS underneath and the upgrades (with several years between touching the product) was pretty pleasant; modules were welcome despite being some initial work.

    1. 1

      I didn’t dig into DoH RFC, but how is that supposed to work:

      https://doh.libredns.gr/dns-query
      

      I understand how 1.1.1.1 works over HTTP as this do not need DNS resolution, but how I can resolve DNS query without DNS?

      1. 2

        My guess is it’s bootstrapped via traditional DNS.

        1. 0

          DoH in layman’s terms, uses HTTPS (S <— stands for security) to ask a remote DNS server and get the reply in firefox. The traditional way is for firefox to ask your operating system and your operating system ask your DNS via UDP that means cleartext & unencrypted traffic.

          1. 1

            Did you mean to reply to me? I’m well aware of how DNS (intimately) and DoH (from the spec) work. The GP was asking how it was possible to use a domain name to reference a DoH server, to which the obvious answer is that it finds the DoH server’s IP address by querying traditional DNS.

        2. 2

          For Firefox at least, the set of DOH settings (actually all prefixed in about:config with “network.trr”), there is a ‘network.trr.bootstrapAddress’ setting which allows you to specify a traditional DNS server to bootstrap the DOH system with. If it’s left empty, the bootstrapping defaults to your OS configured DNS resolver.

          1. 2

            Actually:

            network.trr.bootstrapAddress

            https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.bootstrapAddress

            by setting this field to the IP address of the host name used in “network.trr.uri”, you can bypass using the system native resolver for it

        1. 1

          A lot of the people in that list I’ve never heard of until now. I would argue that an obvious omission is Daniel Stenberg, the principal author and maintainer for curl.