consul does not resolve CNAME to A-record for local service

Created on 10 Sep 2015  路  16Comments  路  Source: hashicorp/consul

When registering an external service in the catalog (https://www.consul.io/docs/guides/external.html), consul returns a CNAME-record on the dns-interface.
Adding the recursors config option makes consul resolve the A-record an return that as well.

However, consul should always resolve CNAMEs for internal services.

example
consul 0.5.2, started like this :
consul agent --client 0.0.0.0 --server --data-dir . --bootstrap-expect 1

(Using httpie as a curl alternative:)

$  http PUT :8500/v1/agent/service/register << EOF
 {
   "ID": "srvtest1",
   "Name": "srvtest1",
   "Tags": [
     "master",
     "v1"
   ],
   "Address": "127.0.0.1",
   "Port": 8000
 } 
EOF

$ http PUT :8500/v1/catalog/register << EOF
 {
    "Datacenter": "dc1", 
    "Node": "aliastest",
    "Address": "srvtest1.service.consul",
    "Service": {
            "Service": "srvalias1", 
            "Port": 80
            }
 }
EOF

This registers the internal service srvtest1.service.consul and the alias srvalias1.service.consul

When querying the consul DNS for the alias, i would expect the CNAME to be resolved, but it is not.

$ dig @localhost -p 8600 srvalias1.service.consul 
---- snip ----
;; ANSWER SECTION:
srvalias1.service.consul. 0 IN  CNAME   srvtest1.service.consul.

However, when I start consul with the parameter --recursor localhost:8600, the CNAME is resolved to its correct A record

$ dig @localhost -p 8600 srvalias1.service.consul 

---- snip ----
;; ANSWER SECTION:
srvalias1.service.consul. 0 IN  CNAME   srvtest1.service.consul.
srvtest1.service.consul. 0  IN  A   127.0.0.1

expected behaviour
Consul should consider if the external service is on the local domain and resolve CNAME->A accordingly without consiguring a recursor,

typbug
Source
picture nilsotto
👍9

Most helpful comment

Fixed in #2444

picture kyhavlov on 27 Oct 2016
🎉2

All 16 comments

+1

DanyC97 picture DanyC97 on 15 Sep 2015

Enabling --recursor localhost:8600 gives me tons of errors like this in logs:

2015/10/05 15:16:12 [ERR] dns: recurse failed: read udp 127.0.0.1:8600: i/o timeout

Btw cname resolution works but with 100% CPU usage :-1: Any idea?

cdosso picture cdosso on 5 Oct 2015

Hi @cdosso can you provide an example that gets into this state? Your issue should probably be filed separately from this one, which looks like an enhancement.

slackpad picture slackpad on 16 Nov 2015

+1 @nilsotto
Adding --recursor do not fix for me :
Consul v0.5.2
Consul Protocol: 2 (Understands back to: 1)

goacid picture goacid on 24 Nov 2015

+1

Nomon picture Nomon on 25 Nov 2015

label enhancement seems not appropriate. Without recurse DNS is not usable in many cases

goacid picture goacid on 14 Jan 2016

@goacid that's fair - changing to a bug.

slackpad picture slackpad on 14 Jan 2016

+1

nitram509 picture nitram509 on 29 Jan 2016

+1

bestdeveloperever picture bestdeveloperever on 29 Jan 2016

+1

waswrongassembled picture waswrongassembled on 29 Jan 2016

+1

dnltsk picture dnltsk on 31 Jan 2016
👍1

Any progress on this issue?

Solisol picture Solisol on 10 May 2016

same question here: any progress on this? Would be nice to remove the dnsmasq hack we currently have to use :)

kesselborn picture kesselborn on 30 May 2016
👍2

Any good workarounds for this issue that do not involve enabling recursor mode?

n2taylor picture n2taylor on 6 Sep 2016

Fixed in #2444

kyhavlov picture kyhavlov on 27 Oct 2016
🎉2

+1

vtahlani picture vtahlani on 10 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wargamez picture wargamez  路  4Comments
achille-roussel picture achille-roussel  路  4Comments
nicholasjackson picture nicholasjackson  路  3Comments
hooksie1 picture hooksie1  路  3Comments
sandstrom picture sandstrom  路  3Comments