StackExchange
DESEC: Unable to run full integration test due to rate limit
Describe the bug
Unable to run full integration test due to rate limit
To Reproduce Steps to reproduce the behavior:
-
cd integrationTest -
DESEC_TOKEN=xxx go test -run TestDNSProviders -v -verbose -provider DESEC
Expected behavior
All tests passed, even they have some rate limit settings, program should wait and retry.
Actual behavior
Tests failed due to rate limit
integration_test.go:252: failed create RRset (deSEC): rate limiting exceeded
DNS Provider
- DESEC
Additional context
https://desec.readthedocs.io/en/latest/rate-limits.html
https://github.com/StackExchange/dnscontrol/blob/f5bb6e658b3917d5052e6c96aea11a9cdfa2d5b2/providers/desec/protocol.go#L304-L306
It seems to be by designed not to wait more than 180 seconds.
I printed the Retry-After header to console, they want us to retry after 2800 seconds.
CC @D3luxee (maintainer of the deSEC provider)
Thanks for filing this.
If you change 180 -> 2800 does it work? (I don't have a test account with deSEC so I appreciate any testing you can do)
Changing to 2800 doesn't work. I see 3201 seconds during my tests. I simply remove those line and let it wait enough time.
diff --git a/providers/desec/protocol.go b/providers/desec/protocol.go
index f056352b..e96799bf 100644
--- a/providers/desec/protocol.go
+++ b/providers/desec/protocol.go
@@ -301,9 +301,6 @@ retry:
if waitfor != "" {
wait, err := strconv.ParseInt(waitfor, 10, 64)
if err == nil {
- if wait > 180 {
- return []byte{}, resp, fmt.Errorf("rate limiting exceeded")
- }
printer.Warnf("Rate limiting.. waiting for %s seconds", waitfor)
time.Sleep(time.Duration(wait+1) * time.Second)
goto retry
@@ -368,9 +365,6 @@ retry:
if waitfor != "" {
wait, err := strconv.ParseInt(waitfor, 10, 64)
if err == nil {
- if wait > 180 {
- return []byte{}, fmt.Errorf("rate limiting exceeded")
- }
printer.Warnf("Rate limiting.. waiting for %s seconds", waitfor)
time.Sleep(time.Duration(wait+1) * time.Second)
goto retry
WARNING: Rate limiting.. waiting for 35 seconds
WARNING: Rate limiting.. waiting for 35 seconds
WARNING: Rate limiting.. waiting for 34 seconds
WARNING: Rate limiting.. waiting for 34 seconds
WARNING: Rate limiting.. waiting for 34 seconds
WARNING: Rate limiting.. waiting for 34 seconds
WARNING: Rate limiting.. waiting for 3201 seconds
WARNING: Rate limiting.. waiting for 33 seconds
WARNING: Rate limiting.. waiting for 32 seconds
WARNING: Rate limiting.. waiting for 24 seconds
WARNING: Rate limiting.. waiting for 29 seconds
Full test log: desec.22d96f2c2.log
Hi, The api simply has an ever extending backoff with rate limiting. I asked the deSec guys if it is possible to raise this limit for my account to ease development which is simply technically not possible on their end.
My way around this was to run the tests selectively over multiple days...
See: https://github.com/StackExchange/dnscontrol/pull/1876#issuecomment-1405232649
There is also a daily limit which is why i added the limit of 180 i think. See https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling
I think i did hit some daily limits back then when i completed the integration tests.
You are limited to 300 RRset creation/deletion/modification (per domain).
A daily limit of 300 RRset creation/deletion/modification (per domain)? That's the first time I've seen a provider do that. Thanks for checking with deSEC about having a different limit. It's a shame they can't make an exception.
If there is a daily limit, there's nothing we can do. Normally we try to write code to abide by limits (sleeping and re-trying, and so on) but we can't sleep for 24 hours to wait for the daily limit to reset.
I've started a PR to update the docs so that users are aware: https://github.com/StackExchange/dnscontrol/pull/2835
Tom
P.S. Does deSEC have an "OTE" environment? It might have different limits, or permit us to register many test (fake) domains and divide the work over all of them.
I'm closing this issue since there is a notice on the provider page and nothing we can do about it anymore.