-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return all CNAME's during service DNS resolution #862
Conversation
cbe5539
to
3e1bf55
Compare
3e1bf55
to
c9fd3eb
Compare
@ryanuber I'm not sure I understand, this looks like it will pass through the CNAME but won't actually resolve it. |
@armon so maybe we were thinking two different things. If a recursor is provided in Consul's configuration, the recursor handles resolving the CNAME as it should. However, when Consul crafts the DNS reply, it currently returns only the first CNAME, and the resulting A or AAAA record, so the response ends up looking something like this:
Notice that the above CNAME chain is broken because we are missing the intermediate CNAME's. It was my understanding that this is what was breaking the clients. After patching, we get the full chain:
Were you thinking that Consul would act as its own DNS recursor if none was configured? One other thing I was going to ask about was the limit on # of records. I am guessing that it was to make DNS responses smaller if many A records are returned, but in these cases this might be limiting, which is why I bumped it slightly to 5. Any thoughts on that? |
@ryanuber I see. Makes sense! |
Return all CNAME's during service DNS resolution
I don't see this as fixed. I have an RDS instance added to consul with this: curl -X PUT -d '{"Datacenter": "dc1", "Node": "mysql", "Address": "proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com", "Service": {"Service": "mysql", "Port": 3306}}' http://localhost:8500/v1/catalog/register If I ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> mysql.service.consul SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mysql.service.consul. IN SRV
;; ANSWER SECTION:
mysql.service.consul. 0 IN SRV 1 1 3306 mysql.node.dc1.consul.
;; ADDITIONAL SECTION:
mysql.node.dc1.consul. 0 IN CNAME proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 08 21:17:24 UTC 2015
;; MSG SIZE rcvd: 189 I have dnsmasq configured with the following as the 10-consul file:
I have tried it with both "consul" and "consul." in the configuration. |
@bradmurray Do you have a |
I don't. I will try that. |
Fixes #321. This adds all of the CNAME's in the resolution chain to the result when a service's
Address
field contains a name which chains DNS CNAME's. An example is RDS. Simple change, hard test.Thanks to @alouche and @cwstrommer for the repro and example fix.