containers/aardvark-dns

Always return both A and AAAA records no matter what QTYPE is specified in DNS request

xiaoyar opened this issue · 2 comments

xiaoyar commented

Version of aardvark-dns

Name        : aardvark-dns
Version     : 1.0.2
Release     : 1.el8
Architecture: x86_64

Configuration

Dual stack network

{
  "name": "dual",
  "id": "2697203bf4180da9e7a6d074e38cbafb2fad4c8a3436522bde4ac573c059caa6",
  "driver": "bridge",
  "network_interface": "podman1",
  "created": "2022-08-24T04:03:37.236675178-05:00",
  "subnets": [
    {
      "subnet": "192.168.227.0/24",
      "gateway": "192.168.227.1"
    },
    {
      "subnet": "fdf8:192:168:227::/120",
      "gateway": "fdf8:192:168:227::1"
    }
  ],
  "ipv6_enabled": true,
  "internal": false,
  "dns_enabled": true,
  "ipam_options": {
    "driver": "host-local"
  }
}

Two containers, foo and bar, both running Nginx, by following configuration, Nginx in foo forwards request to Nginx in bar.

        location /bar {
                resolver        192.168.227.1;
                set $upstream   bar.dns.podman;
                proxy_pass http://$upstream;
        }

Issue observed

The web request fails with 502 error.

[root@foo /]# curl -vvv http://localhost/bar
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 80 (#0)
> GET /bar HTTP/1.1
> Host: localhost
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway

It's because Nginx fails to resolve hostname of "bar.dns.podman".

We can see Nginx error.log is filled up with plenty of the following errors:

2022/08/26 09:54:58 [error] 88#0: unexpected AAAA record in DNS response
2022/08/26 09:54:58 [error] 88#0: unexpected A record in DNS response

The root cause is because aardvark-dns always returns both A and AAAA records no matter what QTYPE is specified in DNS request.

[root@foo /]# nslookup -type=A bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5

[root@foo /]# nslookup -type=AAAA bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5

[root@foo /]# nslookup bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5
flouthoc commented

@xiaoyar Thanks for reporting above PR #205 closes this. If possible could you try the patch ?

xiaoyar commented

@flouthoc I tried with manually applying above PR #205, the issue is not observed any more. Thanks for your quick turnaround.

[root@foo /]# curl http://localhost/bar
Hello bar!

[root@foo /]# nslookup -type=A bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5

[root@foo /]# nslookup -type=AAAA bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: fdf8:192:168:227::5

[root@foo /]# nslookup bar 192.168.227.1
Server:		192.168.227.1
Address:	192.168.227.1#53

Non-authoritative answer:
Name:	bar.dns.podman
Address: 192.168.227.5
Name:	bar.dns.podman
Address: fdf8:192:168:227::5