75 Commits

Author SHA1 Message Date
Matt Keeler
cbf8f14451 Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied.

formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.
2018-07-09 12:30:11 -04:00
mkeeler
6813a99081 Merge remote-tracking branch 'connect/f-connect' 2018-06-25 19:42:51 +00:00
Kyle Havlovitz
050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault 2018-06-25 12:25:42 -07:00
Matt Keeler
8216816e3f Make filtering out TXT RRs only apply when they would end up in Additional section
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
Mitchell Hashimoto
406366c45b
agent: working DNS for Connect queries, I think, but have to
implement Health endpoints to be sure
2018-06-14 09:41:47 -07:00
Matt Keeler
6cc0422408 Add configuration entry to control including TXT records for node meta in DNS responses
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Matt Keeler
27fe219918
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
Enable full dns compression
2018-06-01 10:42:03 -04:00
Pierre Souchay
fa37f262eb Fixed comments for max DNS records returned as requested by @mkeeler 2018-05-31 18:15:52 +02:00
Wim
d10e6d0292 Do reverse service lookup only if address doesn't match node 2018-05-21 22:27:41 +02:00
Wim
5c04864b28 Add support for reverse lookup of services 2018-05-19 19:39:02 +02:00
Pierre Souchay
486417a0fc Ensure to never send messages more than 64k 2018-05-16 12:47:35 +02:00
Pierre Souchay
cfa5986df7 Fixed unit tests and updated limits 2018-05-16 12:11:49 +02:00
Pierre Souchay
6e80b6b127 Re-Enable compression while computing Len(), so we can send more answers
This will fix https://github.com/hashicorp/consul/issues/4071
2018-05-16 11:00:51 +02:00
Kyle Havlovitz
ba3971d2c1
Remove deprecated metric names 2018-05-08 16:23:15 -07:00
Pierre Souchay
076ecf9712 Removed unecessary copy of Extra and index 2018-04-20 22:51:04 +02:00
Pierre Souchay
728c5308df Fixed sync of Extra in binarySearch 2018-04-18 14:17:44 +02:00
Pierre Souchay
fadfb95e07 Added Unit tests + fixed boudary limit 2018-04-17 09:31:30 +02:00
Pierre Souchay
c838376dfa Added comment for function dnsBinaryTruncate 2018-04-17 01:10:52 +02:00
Pierre Souchay
94c0bf978a Perform a binary search to find optimal size of DNS responses
Will fix https://github.com/hashicorp/consul/issues/4036

Instead of removing one by one the entries, find the optimal
size using binary search.

For SRV records, with 5k nodes, duration of DNS lookups is
divided by 4 or more.
2018-04-17 00:50:00 +02:00
Kyle Havlovitz
af4be34a2a
Update make static-assets goal and run format 2018-04-13 09:57:25 -07:00
Matt Keeler
0619efc254 GH-3798: More PR Updates
Update docs a little
Update/add tests. Make sure all the various ways of determining the source IP work
Update X-Forwarded-For header parsing. This can be a comma separated list with the first element being the original IP so we now handle csv data there.
Got rid of error return from sourceAddrFromRequest
2018-04-12 10:40:46 -04:00
Matt Keeler
cec8d5145b GH-3798: A few more PR updates 2018-04-11 20:32:35 -04:00
Matt Keeler
d065d3a6db GH-3798: Updates for PR
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
Matt Keeler
45a537def9 GH-3798: Add near=_ip support for prepared queries 2018-04-10 14:50:50 -04:00
Matt Keeler
27899f9f46
Merge pull request #3948 from pierresouchay/fix_tcp_dns_limit
[BUGFIX] do not break when TCP DNS answer exceeds 64k
2018-03-30 16:25:23 -04:00
Matt Keeler
ebc6f414ac Formatting update 2018-03-27 16:31:27 -04:00
Matt Keeler
3facce6bfa GH-3854: Warn when node name isnt a valid DNS label 2018-03-27 15:00:33 -04:00
Pierre Souchay
93fa1f6f49 Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Pierre Souchay
ce3f47a75d Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay
7d59249d96 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay
b77fd5ce9d 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
be39fb20cc [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Pierre Souchay
0b7f620dc6 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Andrei Burd
b608091014 adding human readability for dns requests debug log (#3751) 2018-02-11 09:02:28 -06:00
Veselkov Konstantin
5f38e1148a fix refactoring 2018-01-28 22:53:30 +04:00
Veselkov Konstantin
7de57ba4de remove golint warnings 2018-01-28 22:40:13 +04:00
Frank Schröder
350932161d dns: return NXDOMAIN if datacenter is invalid (#3200) (#3596)
Queries to the DNS server can contain an optional datacenter
name in the query name. You can query for 'foo.service.consul'
or 'foo.service.dc.consul' to get a response for either the
default or a specific datacenter.

Datacenter names cannot have dots, therefore the datacenter
name can refer to only one element in the DNS query name.

The DNS server allowed extra labels between the optional
datacenter name and the domain and returned a valid response
instead of returning NXDOMAIN. For example, if the domain
is set to '.consul' then 'foo.service.dc1.extra.consul'
should return NXDOMAIN because of 'extra' being between
the datacenter name 'dc1' and the domain '.consul'.

Fixes #3200
2017-10-20 16:49:17 -07:00
Ryan Slade
85e4aea9d1 Replace time.Now().Sub(x) with time.Since(x) 2017-10-17 20:38:24 +02:00
Kyle Havlovitz
c728564994
Update metric names and add a legacy config flag 2017-10-04 16:43:27 -07:00
Patrick Sodré
7501331d13
Implement encodeKVasRFC1464 function 2017-09-28 12:32:46 +02:00
Patrick Sodré
865f087ec9
Turn encodeKVasRFC1464 into a plain function 2017-09-28 12:32:45 +02:00
Patrick Sodré
d5e3b9d843
Refactor formatTxtRecords as encodeKVasRFC1464
- Move the logic of rfc1035 out of the encoding function
  - Left basic version of encodingKV as 'k=v'
2017-09-28 12:32:45 +02:00
Patrick Sodré
655c89ee10
Fix editorial suggestions 2017-09-28 12:32:45 +02:00
Patrick Sodré
afb0c92334
Remove redundant check of Node.Meta size 2017-09-28 12:32:45 +02:00
Patrick Sodré
53e812e759
Return Node.Meta info using the DNS interface 2017-09-28 12:32:45 +02:00
Frank Schröder
12216583a1 New config parser, HCL support, multiple bind addrs (#3480)
* new config parser for agent

This patch implements a new config parser for the consul agent which
makes the following changes to the previous implementation:

 * add HCL support
 * all configuration fragments in tests and for default config are
   expressed as HCL fragments
 * HCL fragments can be provided on the command line so that they
   can eventually replace the command line flags.
 * HCL/JSON fragments are parsed into a temporary Config structure
   which can be merged using reflection (all values are pointers).
   The existing merge logic of overwrite for values and append
   for slices has been preserved.
 * A single builder process generates a typed runtime configuration
   for the agent.

The new implementation is more strict and fails in the builder process
if no valid runtime configuration can be generated. Therefore,
additional validations in other parts of the code should be removed.

The builder also pre-computes all required network addresses so that no
address/port magic should be required where the configuration is used
and should therefore be removed.

* Upgrade github.com/hashicorp/hcl to support int64

* improve error messages

* fix directory permission test

* Fix rtt test

* Fix ForceLeave test

* Skip performance test for now until we know what to do

* Update github.com/hashicorp/memberlist to update log prefix

* Make memberlist use the default logger

* improve config error handling

* do not fail on non-existing data-dir

* experiment with non-uniform timeouts to get a handle on stalled leader elections

* Run tests for packages separately to eliminate the spurious port conflicts

* refactor private address detection and unify approach for ipv4 and ipv6.

Fixes #2825

* do not allow unix sockets for DNS

* improve bind and advertise addr error handling

* go through builder using test coverage

* minimal update to the docs

* more coverage tests fixed

* more tests

* fix makefile

* cleanup

* fix port conflicts with external port server 'porter'

* stop test server on error

* do not run api test that change global ENV concurrently with the other tests

* Run remaining api tests concurrently

* no need for retry with the port number service

* monkey patch race condition in go-sockaddr until we understand why that fails

* monkey patch hcl decoder race condidtion until we understand why that fails

* monkey patch spurious errors in strings.EqualFold from here

* add test for hcl decoder race condition. Run with go test -parallel 128

* Increase timeout again

* cleanup

* don't log port allocations by default

* use base command arg parsing to format help output properly

* handle -dc deprecation case in Build

* switch autopilot.max_trailing_logs to int

* remove duplicate test case

* remove unused methods

* remove comments about flag/config value inconsistencies

* switch got and want around since the error message was misleading.

* Removes a stray debug log.

* Removes a stray newline in imports.

* Fixes TestACL_Version8.

* Runs go fmt.

* Adds a default case for unknown address types.

* Reoders and reformats some imports.

* Adds some comments and fixes typos.

* Reorders imports.

* add unix socket support for dns later

* drop all deprecated flags and arguments

* fix wrong field name

* remove stray node-id file

* drop unnecessary patch section in test

* drop duplicate test

* add test for LeaveOnTerm and SkipLeaveOnInt in client mode

* drop "bla" and add clarifying comment for the test

* split up tests to support enterprise/non-enterprise tests

* drop raft multiplier and derive values during build phase

* sanitize runtime config reflectively and add test

* detect invalid config fields

* fix tests with invalid config fields

* use different values for wan sanitiziation test

* drop recursor in favor of recursors

* allow dns_config.udp_answer_limit to be zero

* make sure tests run on machines with multiple ips

* Fix failing tests in a few more places by providing a bind address in the test

* Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder.

* Add porter to server_test.go to make tests there less flaky

* go fmt
2017-09-25 11:40:42 -07:00
Kyle Havlovitz
baa501e0c5
Fill in the segment in the QuerySource for prepared query lookups 2017-08-31 03:35:59 -07:00
Frank Schroeder
bf96857b17 dns: replace nameserver lookup with consistent rpc call
This patch replaces the code which determines the list of servers in the
current cluster with an RPC call to get the list of active consul
service instances which only run on servers.

This replaces the previous implementation which was more complex and
relied on serf messages which can provide a different view than the
consistent response from the raft log.

As a side effect it makes the implementation independent of the server
and the agent which means it works consistently across both. Different
behavior for server and agent was the root cause for the bug in
http://github.com/hashicorp/consul/issue/3047.

Fixes #3407
2017-08-22 00:02:46 +02:00
Frank Schroeder
4052c6d2d2 dns: split node lookup from request handling 2017-08-22 00:02:46 +02:00
Frank Schroeder
d4e3d4344a dns: refactor label by unrolling loop 2017-08-22 00:02:46 +02:00