Recent searches


No recent searches

Proxy error: DNS resolution error



Posted Jul 31, 2023

We're using Zendesk's Secure Settings feature, but it fails in error, "Proxy error: DNS resolution error". The domain is subdomain of openai.azure.com, like oursubdomain.openai.azure.com.

- secure:true in ZAFClient request options

- set "domainWhitelist" in manifest.json

- without secure:true option, it works. This means the subdomain and parameters are correct.

- installed the app as private app

What can we do next to solve this error?

 

 

 


0

8

8 comments

image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Megumi! Do you have CORS set to false in your request options? If you do, could you share the full request snippet, along with the options?

1


Hi Greg, thank you for the comment.

I tried with `cors: false`, but it also failed in the same DNS error. This is the request I am using.

var params = {...};
var headers = {
'Content-Type': 'application/json',
'api-key': '...',
};
var settings = {
url: 'https://....openai.azure.com/openai/...,
contentType: 'application/json',
secure: true,
cors: false,
type: 'POST',
headers: headers,
data: JSON.stringify(params),
};
return client.request(settings)...

The "api-key" param is `{{setting.api_key}}` (api_key param is in the parameters of manifest.json), but I tried both with the raw value and `{{setting.api_key}}`.

If I remove the line "cors: false" (means use only secure:true), this failed in DNS error.

If I remove the line "secure: true" and use api-key with raw value (means use only cors:false), this request works.

Can you find something?

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Megumi, thanks so much for your patience! I've been reviewing this and I think I have an idea of what may be causing the issue, however I need to run it by the dev team that handles our proxy. My theory is related to the CNAME depth from the URL that you're requesting until it reaches the actual A record, as it looks like it has 7 "hops" through (what I'm guessing is) a series of load balances and regional servers. While I don't fully understand the way that side of the internet works, I did find a post that explains how this could theoretically cause issues. I don't want to expose your full URL publicly, so I won't share the results here, but if you run these commands on Mac dig +trace e...openai.azure.com or on Windows nslookup -debug e...openai.azure.com, you'll see the full resolution path.
 
Since this is working when you're not passing it through our proxy (by removing secure: true), I'm assuming that there is something deeper that occurs on this particular path, so I'm going to bring my findings to that team to hear what they have to say. I'll drop you a line when I hear back from them, hopefully later this week.

0


Hi Greg, thank you for the update :) 

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi again! I did hear back and it looks like this is indeed an issue with our proxy when it has 7 or more hops. The dev team has an open investigation for this and they would like to understand a bit more of the business impact for you so that they can prioritize a fix. Since you don't have control over Azure's servers and the need to keep your token hidden with secure settings, I did convey that level of importance already, but if you have a bit more that you can share about how this is impacting the business, that will help out a lot.
 
For the time being, the only workaround that I can think of would be building out a middleware layer that you can use to pass the secure request to, let that layer send out the request to Azure and receive the response back and then pass it back to the app. I know that's not a great solution, it's just the only thing I can think of it right now.
 
Looking forward to your response on business impact!

0


Hi Greg, Thank you for information.

This investigation is for our customer and the customer has asked to support in ticket 11779265. The business impact of this issue is as described in the ticket.

And thank you for about workaround. I hope this issue fixed, but if we need to implement before that, I consider the workaround.

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Ah, thanks for that! I see that everything that I just mentioned was already covered in there, so apologies for any duplication of information on my side. I've let the dev team know about this, which they were actually already aware of. For full disclosure, they did mention that this may take some time to implement a solution, so I would definitely recommend looking into a middleware layer for the time being. 
 
I'll keep an eye on that work as it progresses and I'll update you down the road. Let me know if you have any other questions in the interim.

0


thank you!

0


Please sign in to leave a comment.

Didn't find what you're looking for?

New post