It's always DNS: the solution to a perplexing Matrix federation problem

This page summarizes the projects mentioned and recommended in the original post on /r/SelfHosting

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • Synapse

    Discontinued Synapse: Matrix homeserver written in Python/Twisted.

    After a good deal of frustration and sifting through Github issues, I tracked down the problem (see here, here, and here): I was using Duck DNS for dynamic DNS with free wildcard DNS (to register one DDNS name and automatically get resolution for multiple subdomains, e.g., register example.duckdns.org and automatically get resolution for nextcloud.example.duckdns.org, pihole.example.duckdns.org, synapse.example.duckdns.org), and Duck DNS's implementation of wildcard functionality involves improperly returns A records when SRV records are requested. Some DNS resolvers let this go, and so federation will work with servers using such tolerant resolvers, but other resolvers return SERVFAIL, which breaks the "complicated dance" that federation involves. Once I understood the problem, I was able to work around it by adding explicit delegation to the configuration.

  • matrix-federation-tester

    Tester for matrix federation written in golang.

    After a good deal of frustration and sifting through Github issues, I tracked down the problem (see here, here, and here): I was using Duck DNS for dynamic DNS with free wildcard DNS (to register one DDNS name and automatically get resolution for multiple subdomains, e.g., register example.duckdns.org and automatically get resolution for nextcloud.example.duckdns.org, pihole.example.duckdns.org, synapse.example.duckdns.org), and Duck DNS's implementation of wildcard functionality involves improperly returns A records when SRV records are requested. Some DNS resolvers let this go, and so federation will work with servers using such tolerant resolvers, but other resolvers return SERVFAIL, which breaks the "complicated dance" that federation involves. Once I understood the problem, I was able to work around it by adding explicit delegation to the configuration.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts