Matt Keeler
0fd7e97c2d
Merge remote-tracking branch 'origin/master' into bugfix/prevent-multi-cname
2018-07-10 10:26:45 -04:00
Matt Keeler
cbf8f14451
Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
...
This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied.
formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.
2018-07-09 12:30:11 -04:00
Matt Keeler
e3783a75e7
Refactor to make this much less confusing
2018-07-03 11:04:19 -04:00
Matt Keeler
554035974e
Add a bunch of comments about preventing multi-cname
...
Hopefully this a bit clearer as to the reasoning
2018-07-03 10:32:52 -04:00
Matt Keeler
22c2be5bf1
Fix some edge cases and add some tests.
2018-07-02 16:58:52 -04:00
Matt Keeler
9a8500412b
Only allow 1 CNAME when querying for a service.
...
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
2018-07-02 16:12:06 -04:00
mkeeler
6813a99081
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Kyle Havlovitz
050da22473
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
Matt Keeler
8216816e3f
Make filtering out TXT RRs only apply when they would end up in Additional section
...
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
Mitchell Hashimoto
406366c45b
agent: working DNS for Connect queries, I think, but have to
...
implement Health endpoints to be sure
2018-06-14 09:41:47 -07:00
Matt Keeler
6cc0422408
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Matt Keeler
27fe219918
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
...
Enable full dns compression
2018-06-01 10:42:03 -04:00
Pierre Souchay
fa37f262eb
Fixed comments for max DNS records returned as requested by @mkeeler
2018-05-31 18:15:52 +02:00
Wim
d10e6d0292
Do reverse service lookup only if address doesn't match node
2018-05-21 22:27:41 +02:00
Wim
5c04864b28
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
Pierre Souchay
486417a0fc
Ensure to never send messages more than 64k
2018-05-16 12:47:35 +02:00
Pierre Souchay
cfa5986df7
Fixed unit tests and updated limits
2018-05-16 12:11:49 +02:00
Pierre Souchay
6e80b6b127
Re-Enable compression while computing Len(), so we can send more answers
...
This will fix https://github.com/hashicorp/consul/issues/4071
2018-05-16 11:00:51 +02:00
Kyle Havlovitz
ba3971d2c1
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
Pierre Souchay
076ecf9712
Removed unecessary copy of Extra and index
2018-04-20 22:51:04 +02:00
Pierre Souchay
728c5308df
Fixed sync of Extra in binarySearch
2018-04-18 14:17:44 +02:00
Pierre Souchay
fadfb95e07
Added Unit tests + fixed boudary limit
2018-04-17 09:31:30 +02:00
Pierre Souchay
c838376dfa
Added comment for function dnsBinaryTruncate
2018-04-17 01:10:52 +02:00
Pierre Souchay
94c0bf978a
Perform a binary search to find optimal size of DNS responses
...
Will fix https://github.com/hashicorp/consul/issues/4036
Instead of removing one by one the entries, find the optimal
size using binary search.
For SRV records, with 5k nodes, duration of DNS lookups is
divided by 4 or more.
2018-04-17 00:50:00 +02:00
Kyle Havlovitz
af4be34a2a
Update make static-assets goal and run format
2018-04-13 09:57:25 -07:00
Matt Keeler
0619efc254
GH-3798: More PR Updates
...
Update docs a little
Update/add tests. Make sure all the various ways of determining the source IP work
Update X-Forwarded-For header parsing. This can be a comma separated list with the first element being the original IP so we now handle csv data there.
Got rid of error return from sourceAddrFromRequest
2018-04-12 10:40:46 -04:00
Matt Keeler
cec8d5145b
GH-3798: A few more PR updates
2018-04-11 20:32:35 -04:00
Matt Keeler
d065d3a6db
GH-3798: Updates for PR
...
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
Matt Keeler
45a537def9
GH-3798: Add near=_ip support for prepared queries
2018-04-10 14:50:50 -04:00
Matt Keeler
27899f9f46
Merge pull request #3948 from pierresouchay/fix_tcp_dns_limit
...
[BUGFIX] do not break when TCP DNS answer exceeds 64k
2018-03-30 16:25:23 -04:00
Matt Keeler
ebc6f414ac
Formatting update
2018-03-27 16:31:27 -04:00
Matt Keeler
3facce6bfa
GH-3854: Warn when node name isnt a valid DNS label
2018-03-27 15:00:33 -04:00
Pierre Souchay
93fa1f6f49
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Pierre Souchay
ce3f47a75d
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
Pierre Souchay
7d59249d96
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
Pierre Souchay
b77fd5ce9d
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
be39fb20cc
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Pierre Souchay
0b7f620dc6
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Andrei Burd
b608091014
adding human readability for dns requests debug log ( #3751 )
2018-02-11 09:02:28 -06:00
Veselkov Konstantin
5f38e1148a
fix refactoring
2018-01-28 22:53:30 +04:00
Veselkov Konstantin
7de57ba4de
remove golint warnings
2018-01-28 22:40:13 +04:00
Frank Schröder
350932161d
dns: return NXDOMAIN if datacenter is invalid ( #3200 ) ( #3596 )
...
Queries to the DNS server can contain an optional datacenter
name in the query name. You can query for 'foo.service.consul'
or 'foo.service.dc.consul' to get a response for either the
default or a specific datacenter.
Datacenter names cannot have dots, therefore the datacenter
name can refer to only one element in the DNS query name.
The DNS server allowed extra labels between the optional
datacenter name and the domain and returned a valid response
instead of returning NXDOMAIN. For example, if the domain
is set to '.consul' then 'foo.service.dc1.extra.consul'
should return NXDOMAIN because of 'extra' being between
the datacenter name 'dc1' and the domain '.consul'.
Fixes #3200
2017-10-20 16:49:17 -07:00
Ryan Slade
85e4aea9d1
Replace time.Now().Sub(x) with time.Since(x)
2017-10-17 20:38:24 +02:00
Kyle Havlovitz
c728564994
Update metric names and add a legacy config flag
2017-10-04 16:43:27 -07:00
Patrick Sodré
7501331d13
Implement encodeKVasRFC1464 function
2017-09-28 12:32:46 +02:00
Patrick Sodré
865f087ec9
Turn encodeKVasRFC1464 into a plain function
2017-09-28 12:32:45 +02:00
Patrick Sodré
d5e3b9d843
Refactor formatTxtRecords as encodeKVasRFC1464
...
- Move the logic of rfc1035 out of the encoding function
- Left basic version of encodingKV as 'k=v'
2017-09-28 12:32:45 +02:00
Patrick Sodré
655c89ee10
Fix editorial suggestions
2017-09-28 12:32:45 +02:00
Patrick Sodré
afb0c92334
Remove redundant check of Node.Meta size
2017-09-28 12:32:45 +02:00
Patrick Sodré
53e812e759
Return Node.Meta info using the DNS interface
2017-09-28 12:32:45 +02:00