From 9a8500412b8f3e1ceccfa158fc8fa3fd1c923905 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Mon, 2 Jul 2018 16:12:06 -0400
Subject: [PATCH] Only allow 1 CNAME when querying for a service.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
---
 agent/dns.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/agent/dns.go b/agent/dns.go
index 2372d16c86..77d155f57f 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1143,6 +1143,7 @@ func (d *DNSServer) serviceNodeRecords(dc string, nodes structs.CheckServiceNode
 	qType := req.Question[0].Qtype
 	handled := make(map[string]struct{})
 	edns := req.IsEdns0() != nil
+	haveCNAME := false
 
 	count := 0
 	for _, node := range nodes {
@@ -1169,6 +1170,16 @@ func (d *DNSServer) serviceNodeRecords(dc string, nodes structs.CheckServiceNode
 		// Add the node record
 		records := d.formatNodeRecord(node.Node, addr, qName, qType, ttl, edns, true)
 		if records != nil {
+			// only allow at most 1 CNAME record
+			switch records[0].(type) {
+			case *dns.CNAME:
+				if haveCNAME {
+					continue
+				} else {
+					haveCNAME = true
+				}
+			}
+
 			resp.Answer = append(resp.Answer, records...)
 			count++
 			if count == d.config.ARecordLimit {