Always return both A and AAAA records no matter what QTYPE is specified in DNS request
xiaoyar opened this issue · 2 comments
xiaoyar commented
Version of aardvark-dns
Name : aardvark-dns
Version : 1.0.2
Release : 1.el8
Architecture: x86_64
Configuration
Dual stack network
{
"name": "dual",
"id": "2697203bf4180da9e7a6d074e38cbafb2fad4c8a3436522bde4ac573c059caa6",
"driver": "bridge",
"network_interface": "podman1",
"created": "2022-08-24T04:03:37.236675178-05:00",
"subnets": [
{
"subnet": "192.168.227.0/24",
"gateway": "192.168.227.1"
},
{
"subnet": "fdf8:192:168:227::/120",
"gateway": "fdf8:192:168:227::1"
}
],
"ipv6_enabled": true,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}
Two containers, foo and bar, both running Nginx, by following configuration, Nginx in foo forwards request to Nginx in bar.
location /bar {
resolver 192.168.227.1;
set $upstream bar.dns.podman;
proxy_pass http://$upstream;
}
Issue observed
The web request fails with 502 error.
[root@foo /]# curl -vvv http://localhost/bar
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 80 (#0)
> GET /bar HTTP/1.1
> Host: localhost
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
It's because Nginx fails to resolve hostname of "bar.dns.podman".
We can see Nginx error.log is filled up with plenty of the following errors:
2022/08/26 09:54:58 [error] 88#0: unexpected AAAA record in DNS response
2022/08/26 09:54:58 [error] 88#0: unexpected A record in DNS response
The root cause is because aardvark-dns
always returns both A and AAAA records no matter what QTYPE is specified in DNS request.
[root@foo /]# nslookup -type=A bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: 192.168.227.5
Name: bar.dns.podman
Address: fdf8:192:168:227::5
[root@foo /]# nslookup -type=AAAA bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: 192.168.227.5
Name: bar.dns.podman
Address: fdf8:192:168:227::5
[root@foo /]# nslookup bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: 192.168.227.5
Name: bar.dns.podman
Address: fdf8:192:168:227::5
Name: bar.dns.podman
Address: 192.168.227.5
Name: bar.dns.podman
Address: fdf8:192:168:227::5
flouthoc commented
xiaoyar commented
@flouthoc I tried with manually applying above PR #205, the issue is not observed any more. Thanks for your quick turnaround.
[root@foo /]# curl http://localhost/bar
Hello bar!
[root@foo /]# nslookup -type=A bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: 192.168.227.5
[root@foo /]# nslookup -type=AAAA bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: fdf8:192:168:227::5
[root@foo /]# nslookup bar 192.168.227.1
Server: 192.168.227.1
Address: 192.168.227.1#53
Non-authoritative answer:
Name: bar.dns.podman
Address: 192.168.227.5
Name: bar.dns.podman
Address: fdf8:192:168:227::5