Return all CNAME's during service DNS resolution

[ryanuber]

Fixes #321. This adds all of the CNAME's in the resolution chain to the result when a service's Address field contains a name which chains DNS CNAME's. An example is RDS. Simple change, hard test.

Thanks to @alouche and @cwstrommer for the repro and example fix.

[armon]

@ryanuber I'm not sure I understand, this looks like it will pass through the CNAME but won't actually resolve it.

[ryanuber]

@armon so maybe we were thinking two different things. If a recursor is provided in Consul's configuration, the recursor handles resolving the CNAME as it should. However, when Consul crafts the DNS reply, it currently returns only the first CNAME, and the resulting A or AAAA record, so the response ends up looking something like this:

;; ANSWER SECTION:
rds-mysql.service.consul. 0 IN  CNAME   test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com.
ec2-52-4-216-238.compute-1.amazonaws.com. 21599 IN A 52.4.216.238

Notice that the above CNAME chain is broken because we are missing the intermediate CNAME's. It was my understanding that this is what was breaking the clients. After patching, we get the full chain:

;; ANSWER SECTION:
rds-mysql.service.consul. 0 IN  CNAME   test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com.
test.ci74qqqtbwwo.us-east-1.rds.amazonaws.com. 4 IN CNAME ec2-52-4-216-238.compute-1.amazonaws.com.
ec2-52-4-216-238.compute-1.amazonaws.com. 21599 IN A 52.4.216.238

Were you thinking that Consul would act as its own DNS recursor if none was configured?

One other thing I was going to ask about was the limit on # of records. I am guessing that it was to make DNS responses smaller if many A records are returned, but in these cases this might be limiting, which is why I bumped it slightly to 5. Any thoughts on that?

[armon]

@ryanuber I see. Makes sense!

[bradmurray]

I don't see this as fixed. I have an RDS instance added to consul with this:

curl -X PUT -d '{"Datacenter": "dc1", "Node": "mysql", "Address": "proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com", "Service": {"Service": "mysql", "Port": 3306}}' http://localhost:8500/v1/catalog/register

If I dig mysql.service.consul SRV I get:

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> mysql.service.consul SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mysql.service.consul.      IN  SRV

;; ANSWER SECTION:
mysql.service.consul.   0   IN  SRV 1 1 3306 mysql.node.dc1.consul.

;; ADDITIONAL SECTION:
mysql.node.dc1.consul.  0   IN  CNAME   proddb.bt2txgrjdr7s.us-west-2.rds.amazonaws.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 08 21:17:24 UTC 2015
;; MSG SIZE  rcvd: 189

I have dnsmasq configured with the following as the 10-consul file:

server=/consul./127.0.0.1#8600

I have tried it with both "consul" and "consul." in the configuration.

[armon]

@bradmurray Do you have a recursor configured for Consul?

[bradmurray]

I don't. I will try that.