Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS : SERVFAIL when resolving PTR records #20413

Closed
the-nando opened this issue Jan 31, 2024 · 0 comments · Fixed by #20679
Closed

DNS : SERVFAIL when resolving PTR records #20413

the-nando opened this issue Jan 31, 2024 · 0 comments · Fixed by #20679

Comments

@the-nando
Copy link

the-nando commented Jan 31, 2024
edited
Loading

Overview of the Issue

The current implementation of the DNS PTR records resolver iterates through all services and nodes and, if nothing is found, proceeds to call the function which handles recursion without checking if recursion is desired (rd flag) and if we have recursors configured.
This causes two issues:

  • PTR queries for non-existent IPs return SERVFAIL instead of NXDOMAIN as we end up here.
  • Request without the rd flag set are recursed.

Reproduction Steps

Issue with calling handleRecurse if not neeed:

  • Start Consul without recursors configured
  • dig -p 8600 -x 127.0.0.3 @localhost
    It should return NXDOMAIN but returns SERVFAIL and in the logs:
2024-01-31T08:47:14.946Z [ERROR] agent.dns: all resolvers failed for question from client: question="{3.0.0.127.in-addr.arpa. 12 1}" client=127.0.0.1:41033 client_network=udp

Issue with lack of handling of the rd flag:

  • Start Consul with recursors = ["1.1.1.1"] configured
  • dig -p 8600-x 1.1.1.1 @localhost +norecurse
    It should return NXDOMAIN but returns one.one.one.one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@the-nando