[dns] what should go into DNS when a container has multiple weave IPs? #219
Comments
|
As noted in #218, one of the reasons you might have two IP addresses is to talk to clients on two subnets that are isolated from each other. So, if one of these clients requests your IP address via DNS, the answer they get should be one that is reachable from their weave IP address. The API for weavedns was designed with this in mind, though the feature is not implemented. |
|
Containers talk to weaveDNS via the docker bridge, so the request will always come from a container's docker network IP. weaveDNS could correlate that to a container ID, find out its weave subnets, and filter results based on that. This is a rather unusual thing to do for a DNS server though, i.e. return different results based on who is asking. The more standard solution is to ensure that the topologies for naming and networking are aligned. e.g. use one sub-domain per sub-net. |
Maybe not in this environment, but this is just geolocation...
That filtering is kind of hackish. We could do a proper geolocation mechanism: we could implement But I don't know if this is really worth all the trouble: maybe we should just return all possible answers and let the client try to connect to all of them... |
|
I believe this is fixed by #1065. If a container has multiple IPs, they will all get returned in a random order by WeaveDNS. |
|
Due to #1245, resolvers will actually prefer addresses on their own network. For once this is a good thing. |
Currently, when a container has multiple weave IPs - e.g. we've run
weave attachon it several times, we tell DNS about each of the IPs and DNS returns one of them (we leave it unspecified which one, and whether that answer changes over time). Is that sensible?What other options are there?
Anything else?
I suspect ultimately this will become a moot point due to issue #218.
The text was updated successfully, but these errors were encountered: