Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NET-7813 - DNS : SERVFAIL when resolving PTR records #20679

Merged
merged 3 commits into from
Feb 21, 2024
Merged

NET-7813 - DNS : SERVFAIL when resolving PTR records #20679

merged 3 commits into from
Feb 21, 2024

Conversation

jmurret
Copy link
Member

@jmurret jmurret commented Feb 20, 2024
edited
Loading

Description

For PTR records, the recursors enabled flag is not obeyed. It will return a SERVFAIL record in this case.

The acceptance criteria is:

  • Given recursors are not enabled and regardless of whether the recursors collection is populated, when a PTR record is requested that does not exist, then a response with the following is returned:
    • no answer or extra information
    • SOA record for the NS / NXDOMAIN
    • RCode is Name Error

NOTE: Some reverse lookup tests were moved from dns_test.go and dns_service_lookup_test.go into the new dns_reverse_lookup_test.go file so that we did not have to add the new TestDNS_ReverseLookup_NotFound() test into dns_test.go as it it already huge and has issues displaying in Github's UI

Testing & Reproduction steps

without recursors:

  1. consul agent -dev
  2. dig -p 8600 -x 127.0.0.3 @localhost
    Expected Result:
; <<>> DiG 9.10.6 <<>> -p 8600 -x 127.0.0.3 @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1214
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.0.0.127.in-addr.arpa.		IN	PTR

;; AUTHORITY SECTION:
consul.			0	IN	SOA	ns.consul. hostmaster.consul. 1708456317 3600 600 86400 0

;; Query time: 1 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Tue Feb 20 12:11:57 MST 2024
;; MSG SIZE  rcvd: 107

with recursors array defined but without recursors enabled:

  1. consul agent -dev -log-level=debug -hcl 'recursors = ["1.1.1.1"]'
  2. dig -p 8600-x 1.1.1.1 @localhost +norecurse`
    Expected Result:
; <<>> DiG 9.10.6 <<>> -p 8600 -x 1.1.1.1 @localhost +norecurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7655
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa.		IN	PTR

;; AUTHORITY SECTION:
consul.			0	IN	SOA	ns.consul. hostmaster.consul. 1708456427 3600 600 86400 0

;; Query time: 0 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Tue Feb 20 12:13:47 MST 2024
;; MSG SIZE  rcvd: 105

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@jmurret jmurret added the backport/1.17 This release series is no longer active on CE. Use backport/ent/1.17. label Feb 20, 2024
zalimeni
zalimeni approved these changes Feb 20, 2024
View reviewed changes
Copy link
Member

@zalimeni zalimeni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small non-blocking comment, but otherwise LGTM - thank you!

agent/dns.go Outdated Show resolved Hide resolved
@david-yu david-yu linked an issue Feb 20, 2024 that may be closed by this pull request
DNS : SERVFAIL when resolving PTR records #20413
Closed
DanStough
DanStough approved these changes Feb 21, 2024
View reviewed changes
Copy link
Contributor

@DanStough DanStough left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

agent/dns.go Outdated Show resolved Hide resolved
agent/dns_reverse_lookup_test.go
Comment on lines +440 to +476
func TestDNS_ReverseLookup_NotFound(t *testing.T) {
if testing.Short() {
t.Skip("too slow for testing.Short")
}

for name, experimentsHCL := range getVersionHCL(true) {
t.Run(name, func(t *testing.T) {
// do not configure recursors
a := NewTestAgent(t, experimentsHCL)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")

// Do not register any nodes
m := new(dns.Msg)
qName := "2.0.0.127.in-addr.arpa."
m.SetQuestion(qName, dns.TypeANY)

c := new(dns.Client)
in, _, err := c.Exchange(m, a.DNSAddr())
require.NoError(t, err)
require.Nil(t, in.Answer)
require.Nil(t, in.Extra)

require.Equal(t, dns.RcodeNameError, in.Rcode)

question := in.Question[0]
require.Equal(t, qName, question.Name)
require.Equal(t, dns.TypeANY, question.Qtype)
require.Equal(t, uint16(dns.ClassINET), question.Qclass)

soa, ok := in.Ns[0].(*dns.SOA)
require.True(t, ok)
require.Equal(t, "ns.consul.", soa.Ns)
require.Equal(t, "hostmaster.consul.", soa.Mbox)
})
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jmurret jmurret requested a review from a team as a code owner February 21, 2024 17:00
jmurret and others added 2 commits February 21, 2024 10:00
@jmurret
NET-7813 - DNS : SERVFAIL when resolving PTR records
6f643c0
@jmurret @zalimeni
Update agent/dns.go
fbe92df 
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
@jmurret jmurret enabled auto-merge (squash) February 21, 2024 17:03
@jmurret jmurret merged commit 26eed12 into main Feb 21, 2024
84 checks passed
@jmurret jmurret deleted the jm/NET-7813 branch February 21, 2024 17:44
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Feb 21, 2024
Merged
4 tasks
@david-yu david-yu mentioned this pull request Feb 21, 2024
Closed
4 tasks
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Feb 21, 2024
Merged
4 tasks
jmurret added a commit that referenced this pull request Feb 21, 2024
@jmurret @zalimeni
NET-7813 - DNS : SERVFAIL when resolving PTR records (#20679)
9eb7101 
* NET-7813 - DNS : SERVFAIL when resolving PTR records

* Update agent/dns.go

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* PR feedback

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
@NicoletaPopoviciu NicoletaPopoviciu mentioned this pull request Feb 26, 2024
Merged
4 tasks
This was referenced Sep 27, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DanStough DanStough DanStough approved these changes

@zalimeni zalimeni zalimeni approved these changes

Assignees
No one assigned
Labels
backport/1.17 This release series is no longer active on CE. Use backport/ent/1.17.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DNS : SERVFAIL when resolving PTR records
3 participants
@jmurret @zalimeni @DanStough