Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return all CNAME's during service DNS resolution #862

Merged
merged 3 commits into from
May 4, 2015
Merged

Conversation

ryanuber
Copy link
Member

Fixes #321. This adds all of the CNAME's in the resolution chain to the result when a service's Address field contains a name which chains DNS CNAME's. An example is RDS. Simple change, hard test.

Thanks to @alouche and @cwstrommer for the repro and example fix.

@armon
Copy link
Member

armon commented Apr 18, 2015

@ryanuber I'm not sure I understand, this looks like it will pass through the CNAME but won't actually resolve it.

@ryanuber
Copy link
Member Author

@armon so maybe we were thinking two different things. If a recursor is provided in Consul's configuration, the recursor handles resolving the CNAME as it should. However, when Consul crafts the DNS reply, it currently returns only the first CNAME, and the resulting A or AAAA record, so the response ends up looking something like this:

;; ANSWER SECTION:
rds-mysql.service.consul. 0 IN  CNAME   test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com.
ec2-52-4-216-238.compute-1.amazonaws.com. 21599 IN A 52.4.216.238

Notice that the above CNAME chain is broken because we are missing the intermediate CNAME's. It was my understanding that this is what was breaking the clients. After patching, we get the full chain:

;; ANSWER SECTION:
rds-mysql.service.consul. 0 IN  CNAME   test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com.
test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com. 4 IN CNAME ec2-52-4-216-238.compute-1.amazonaws.com.
ec2-52-4-216-238.compute-1.amazonaws.com. 21599 IN A 52.4.216.238

Were you thinking that Consul would act as its own DNS recursor if none was configured?

One other thing I was going to ask about was the limit on # of records. I am guessing that it was to make DNS responses smaller if many A records are returned, but in these cases this might be limiting, which is why I bumped it slightly to 5. Any thoughts on that?

@armon
Copy link
Member

armon commented May 4, 2015

@ryanuber I see. Makes sense!

armon added a commit that referenced this pull request May 4, 2015
Return all CNAME's during service DNS resolution
@armon armon merged commit 0dc5814 into master May 4, 2015
@armon armon deleted the f-recurse-cname branch May 4, 2015 22:19
@bradmurray
Copy link

I don't see this as fixed. I have an RDS instance added to consul with this:

curl -X PUT -d '{"Datacenter": "dc1", "Node": "mysql", "Address": "proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com", "Service": {"Service": "mysql", "Port": 3306}}' http://localhost:8500/v1/catalog/register

If I dig mysql.service.consul SRV I get:

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> mysql.service.consul SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mysql.service.consul.      IN  SRV

;; ANSWER SECTION:
mysql.service.consul.   0   IN  SRV 1 1 3306 mysql.node.dc1.consul.

;; ADDITIONAL SECTION:
mysql.node.dc1.consul.  0   IN  CNAME   proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 08 21:17:24 UTC 2015
;; MSG SIZE  rcvd: 189

I have dnsmasq configured with the following as the 10-consul file:

server=/consul./127.0.0.1#8600

I have tried it with both "consul" and "consul." in the configuration.

@armon
Copy link
Member

armon commented Sep 11, 2015

@bradmurray Do you have a recursor configured for Consul?

@bradmurray
Copy link

I don't. I will try that.

duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Chained CNAME resolution fails
3 participants