Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns.config.udp_answer_limit not taken into account if edns is used #3355

Closed
kamaradclimber opened this issue Aug 3, 2017 · 1 comment · Fixed by #3940
Closed

dns.config.udp_answer_limit not taken into account if edns is used #3355

kamaradclimber opened this issue Aug 3, 2017 · 1 comment · Fixed by #3940

Comments

@kamaradclimber
Copy link
Contributor

When filing a bug, please include the following:

consul version for both Client and Server

Client: 0.8.5
Server: 0.8.4

consul info for both Client and Server

Client:

agent:
	check_monitors = 0
	check_ttls = 0
	checks = 1
	services = 2
build:
	prerelease = 
	revision = 2c77151
	version = 0.8.5
consul:
	known_servers = 3
	server = false
runtime:
	arch = amd64
	cpu_count = 32
	goroutines = 41
	max_procs = 2
	os = linux
	version = go1.8.3
serf_lan:
	coordinate_resets = 0
	encrypted = false
	event_queue = 0
	event_time = 3006
	failed = 10
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 1073708
	members = 3625
	query_queue = 0
	query_time = 1935

Server:

agent:
	check_monitors = 0
	check_ttls = 0
	checks = 1
	services = 3
build:
	prerelease = 
	revision = f436077
	version = 0.8.4
consul:
	bootstrap = false
	known_datacenters = 8
	leader = false
	leader_addr = 10.71.0.171:8300
	server = true
raft:
	applied_index = 119308751
	commit_index = 119308751
	fsm_pending = 0
	last_contact = 18.798146ms
	last_log_index = 119308751
	last_log_term = 462751
	last_snapshot_index = 119303064
	last_snapshot_term = 462751
	latest_configuration = [{Suffrage:Voter ID:10.71.0.173:8300 Address:10.71.0.173:8300} {Suffrage:Voter ID:10.71.0.171:8300 Address:10.71.0.171:8300} {Suffrage:Voter ID:10.71.0.187:8300 Address:10.71.0.187:8300}]
	latest_configuration_index = 1
	num_peers = 2
	protocol_version = 2
	protocol_version_max = 3
	protocol_version_min = 0
	snapshot_version_max = 1
	snapshot_version_min = 0
	state = Follower
	term = 462751
runtime:
	arch = amd64
	cpu_count = 24
	goroutines = 14691
	max_procs = 23
	os = linux
	version = go1.8.3
serf_lan:
	coordinate_resets = 0
	encrypted = false
	event_queue = 0
	event_time = 3006
	failed = 9
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 1073708
	members = 3624
	query_queue = 0
	query_time = 1935
serf_wan:
	coordinate_resets = 0
	encrypted = false
	event_queue = 0
	event_time = 1
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 66258
	members = 24
	query_queue = 0
	query_time = 1

Operating system and Environment details

centos 7.2 or centos 6.8

Description of the Issue (and unexpected/desired result)

Consul agent is configured with dns.config.udp_answer_limit to 1.
We configure bind to query consul dns api:

zone "consul" IN {
	type forward;
	forwarders {
	127.0.0.1 port 8600;
	};
	forward only;
};

When asking bind about consul zone, we get more than 1 results.

Reproduction steps

dig consul.service.consul @localhost -p 8600 gives 1 result
dig consul.service.consul @localhost gives 3 results.

Early investiguations

After analyzing a tcpdump, it seems that bind is using edns fields to allow udp payload size to be larger than the default 512.
In this case consul seems to ignore udp_answer_limit parameter and return as many results as possible.

This is confirmed by

consul/agent/dns.go

Line 570 in 496b0bc

if maxSize == defaultMaxUDPSize && numAnswers > maxAnswers {

kamaradclimber added a commit to criteo-forks/consul that referenced this issue Aug 3, 2017
@kamaradclimber
Respect udp_answer_limit parameter even if UDP payload size is not 512
6dafbfa 
Fix hashicorp#3355

Change-Id: I3f6893224776d064b920ada9e1bf7e0fc58805ab
Signed-off-by: Grégoire Seux <g.seux@criteo.com>
@kamaradclimber kamaradclimber mentioned this issue Aug 3, 2017
Closed
@hsmade
Copy link

hsmade commented Feb 15, 2018

Can this please be either corrected or documented?

@pierresouchay pierresouchay mentioned this issue Mar 5, 2018
Closed
pierresouchay added a commit to pierresouchay/consul that referenced this issue Mar 6, 2018
@pierresouchay
Allow to control the number of A/AAAA Record returned by DNS
0b7f620 
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix hashicorp#3355 and
hashicorp#3937

See hashicorp#3937 (comment)
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
@pierresouchay pierresouchay mentioned this issue Mar 6, 2018
Merged
pierresouchay added a commit to criteo-forks/consul that referenced this issue Mar 8, 2018
@pierresouchay
Allow to control the number of A/AAAA Record returned by DNS
b9901ab 
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix hashicorp#3355 and
hashicorp#3937

See hashicorp#3937 (comment)
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow to control the number of A/AAAA Record returned by DNS pierresouchay/consul
2 participants
@kamaradclimber @hsmade