Krydos Posted October 22, 2022 Posted October 22, 2022 13 hours ago, wolstech said: What we don't understand is how this is working for you without an A record present, unless it's doing something weird like only responding for requests in a certain part of the world You can use this tool https://dnschecker.org/#A/radtech.p4cyn.mongodb.net to check A records from 33 DNS servers all around the world. They all report that there is no A record for that domain. I don't understand why there is so much discussion on what should be a fairly open and shut case. Just use the IP of the mongodb host, or find a domain that actually resolves.
rarahim Posted October 25, 2022 Author Posted October 25, 2022 I managed to gather some feedbacks from MongoDB forum.. and this is what they say: Quote The mongodb+srv connection string format uses SRV and TXT records to discover the cluster hostnames and connection settings. For more background, see MongoDB 3.6: Here to SRV you with easier replica set connections. And regarding the last comment on using dnschecker.org to check A records of the host, this is their feedback: Quote This suggestion incorrectly assumes that an SRV hostname will have an A record (it will not).
wolstech Posted October 25, 2022 Posted October 25, 2022 Well that’s not standard at all. In 15 years doing this I’ve never heard of a DB server getting host info this way. My guess is either they’re returning IPs that are still blocked (and possibly a different one every time) or the python libs we have installed doesn’t have support for that connection method. It’s be nice to get their IP ranges so we can whitelist that, but in the meantime I wonder if opening the port outbound to * would work…
Krydos Posted October 25, 2022 Posted October 25, 2022 Since port 27017 is the standard port for MongoDB, and MongoDB is common enough that other people in the future will surely have use of connecting to external databases as well, I went ahead and opened port 27017 to all IPs. Does it work now? This page seems to indicate that it does:
Krydos Posted October 26, 2022 Posted October 26, 2022 Yeah, sorry for the runaround. I've never heard of a service that looks up IP addresses without using an A record before. That's really bizarre since A records are specifically designed for converting names into numbers. So using some other type of record to convert names into numbers is not only inconsistent but probably a violation of the specifications. I'm curious if MongoDB thinks they have a good reason for doing it that way, or they're just trying to intentionally confuse people as much as possible?
Recommended Posts