can't disable DNS server in consul v0.8.4 with DNS port < 0

[cwharvey]

consul version for both Client and Server

Client: none
Server: v0.8.4

Server:

[Server `consul info` here]
agent:
        check_monitors = 0
        check_ttls = 0
        checks = 0
        services = 1
build:
        prerelease =
        revision = f436077
        version = 0.8.4
consul:
        bootstrap = false
        known_datacenters = 1
        leader = false
        leader_addr = 192.168.132.45:8300
        server = true
raft:
        applied_index = 21
        commit_index = 21
        fsm_pending = 0
        last_contact = 23.072296ms
        last_log_index = 21
        last_log_term = 117
        last_snapshot_index = 0
        last_snapshot_term = 0
        latest_configuration = [{Suffrage:Voter ID:6aeef61c-7772-83d8-977c-a7028810f8b5 Address:192.168.132.45:8300} {Suffrage:Voter ID:f77dd935-e0ec-2275-1f0e-ec8c12ed55a0 Address:192.168.132.43:8300} {Suffrage:Nonvoter ID:276f2c06-0c9d-f56e-d623-65ab0571eb54 Address:192.168.132.44:8300}]
        latest_configuration_index = 5
        num_peers = 1
        protocol_version = 3
        protocol_version_max = 3
        protocol_version_min = 0
        snapshot_version_max = 1
        snapshot_version_min = 0
        state = Follower
        term = 117
runtime:
        arch = amd64
        cpu_count = 2
        goroutines = 85
        max_procs = 2
        os = linux
        version = go1.8.3
serf_lan:
        coordinate_resets = 0
        encrypted = false
        event_queue = 0
        event_time = 2
        failed = 0
        health_score = 0
        intent_queue = 0
        left = 0
        member_time = 6
        members = 3
        query_queue = 0
        query_time = 1
serf_wan:
        coordinate_resets = 0
        encrypted = false
        event_queue = 0
        event_time = 1
        failed = 0
        health_score = 0
        intent_queue = 0
        left = 0
        member_time = 6
        members = 3
        query_queue = 0
        query_time = 1

### Operating system and Environment details
linux 64 bit contos 7

### Description of the Issue (and unexpected/desired result)
Can't seem to disable DNS server in consul v0.8.4

### Reproduction steps
create a consul.conf file with the following snippet:

        "ports":        {
                "dns":  -1,
                "https":        -1,
                "serf_lan":     8301,
                "serf_wan":     8302,
                "server":       8300
        }

start a server agent and note the following logs:

### Log Fragments
==> WARNING: Expect Mode enabled, expecting 2 servers
==> Starting Consul agent...
==> Error starting agent: agent: timeout starting DNS servers

(log_level = TRACE)

this used to work in consul v0.8.1, and setting the dns port to 0 works fine.

[slackpad]

Thanks @TheLorax this looks like a possible regression - will look at this for the next release.

[magiconair]

Try setting the port to 0 instead of -1. That should disable it.

[magiconair]

We'll fix it to require the port to be > 0 again.

[magiconair]

DNS: https://github.com/hashicorp/consul/blob/master/command/agent/config.go#L793-L795
HTTP: https://github.com/hashicorp/consul/blob/master/command/agent/config.go#L810-L827

[cwharvey]

if I understand this fix correctly, it is no longer possible to not bind the DNS listen port in consul v0.8.4?

[preetapan]

Prior to consul 0.8.4 you could turn off DNS by setting the port to a number <=0. There was a regression in the 0.8.4 release that made a DNS disable conditional be port == 0 instead of port <=0, but that conflated with the way a 0 value was interpreted when merging configs, port 0 got turned into 8600 so effectively in the consul 0.8.4 binary there is no way to turn off DNS. The fix for issue #3135 that's in master but not in the released 0.8.4 binary gets it back to how it worked before - setting port to -1 should cause DNS to be disabled.

[cwharvey]

When I tried setting the port to 0 in v0.8.4 the DNS port was bound and the service was enabled, but on the default DNS port number. (8400 I think)

[preetapan]

@TheLorax you are right, I was able to reproduce this in master setting dns to 0 using the above config (it still started it on port 8600). Setting it to -1 worked as expected and it didn't start a DNS server. For now, could you set your port to -1, (building consul from source).

[preetapan]

I updated my comment above. I am relatively new, so apologies for the back and forth on this. If this is blocking you, I would recommend building consul master branch from source to be able to use your existing config file with "dns": -1 to turn off dns.

[magiconair]

@preetapan is correct. I assumed 0 is disabled but it means enabled on default port (which is 8600 for DNS). So yes, in 0.8.4 you cannot disable the DNS server. You can either build from master, set it to some unused port or use firewall rules to prevent access.