Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FeatureRequest: Redirect to alternate upstream in no data in ANSWER section #24

Open
Kisuke-CZE opened this issue Dec 8, 2022 · 6 comments

Comments

@Kisuke-CZE
Copy link

Hello,

Would it be possible to add condition to redirect if there are no data in ANSWER section of response from first upstream?

For example:
I am querying for TXT record of example.com
CoreDNS will query first backend and will got response with NOERROR, but no data in ANSWER section (there is no TXT record for this domain on first backend, but domain exists and has an A record for example).
But there is second backend, which does have TXT record for example.com.

@chrisohaver
Copy link
Member

chrisohaver commented Dec 8, 2022

The fanout external plugin may act this way. Per the fanout README, it says that it forwards the first "non-negative" response. A NODATA response (i.e. a NOERROR with zero answers) is considered a "negative response" in DNS. Setting worker_count to 1 should check the upstreams sequentially instead of in parallel.

@Kisuke-CZE
Copy link
Author

Thanks for the suggestion. Wanted to test it out, but it seems that fanout plugin does not work with worker_count 1. If I do that it just ends whole Coredns with this:
plugin/fanout: worker count should be more or equal 2. Consider to use Forward plugin

Anyway, I am not sure if it'll work. I believe that NOERROR with no answers is valid positive response (at least in logical DNS meaning, but sure, can be implemented in different way), so it will probably not work.

Also fanout does not do same thing as alternate. With alternate it is possible to target multiple servers and use another group of servers as alternative.

I am just playing with different DNS servers and CoreDNS seems to be kinda nice - would be nice to have all-in-one software. So I was just suggesting if someone wants to implement this.

The behavior I am describing can be achieved in real, but I have to combine two softwares. It is possible to use dnsdist (can be running locally) as primary target (which is able to change RCODE to SERVFAIL for example when there are no ANSWER data), and then alternate will work. I could post a configuration for that, but I believe it is not the right place to talk about configs for totally different software.

@chrisohaver
Copy link
Member

worker count should be more or equal 2.

That's unfortunate. Should be an easy fix though. I suspect the 2 minimum is as arbitrary as it is undocumented.

I believe that NOERROR with no answers is valid positive response (at least in logical DNS meaning ...

Per the DNS RFCs, a "NODATA" response is a considered a negative response. IMO, this makes logical sense, since no answer is present in a NODATA response - hence it is negative.

I don't know how fanout actually behaves. I haven't tested it or looked a the code to see what it actually does. I'm just going on what the README says.

With alternate it is possible to target multiple servers and use another group of servers as alternative.

You can do the same with fanout using local forwarding. E.g. fanout can "fan out" to other server blocks which each forward to a group of servers. Kinda hacky though.

That said - adding the pseudo "NODATA" type as an option in alternate is probably not hard to add.

@AliveDevil
Copy link

AliveDevil commented May 23, 2024

Added support for the NODATA-type, tested internally, works fine.

go mod edit --replace=github.com/coredns/alternate=github.com/alivedevil/alternate@v0.2.7-dev.1

Before building coredns worked out for me.
This is based on the v0.2.7-tag, due to CoreDNS 1.11.2 not being available.

@Kisuke-CZE
Copy link
Author

Many thanks! It seems to work as I was suggesting. That's great.

@AliveDevil
Copy link

Yeah, using it since then for split-brian(sic!) DNS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants