Skip to content

Commit

Permalink
fix: retry with another upstream if the previous failed.
Browse files Browse the repository at this point in the history
Do not return response to the client if we got SERVFAIL or REFUSED,
until we run out of upstreams.

Fixes siderolabs#9143

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
  • Loading branch information
DmitriyMV committed Aug 14, 2024
1 parent 872599c commit 86ce171
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
4 changes: 4 additions & 0 deletions internal/pkg/dns/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ func (h *Handler) ServeDNS(ctx context.Context, wrt dns.ResponseWriter, msg *dns
break
}

if resp != nil && (resp.Rcode == dns.RcodeServerFailure || resp.Rcode == dns.RcodeRefused) {
continue
}

if ctx.Err() != nil || err == nil {
break
}
Expand Down
12 changes: 9 additions & 3 deletions internal/pkg/dns/dns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,20 @@ func TestDNS(t *testing.T) {
expectedCode: dnssrv.RcodeNameError,
errCheck: check.NoError(),
},
{
// The first one will return SERVFAIL and the second will return REFUSED. We should try both.
name: `should return "refused"`,
hostname: "dnssec-failed.org",
nameservers: []string{"1.1.1.1", "ns-1098.awsdns-09.org."},
expectedCode: dnssrv.RcodeRefused,
errCheck: check.NoError(),
},
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
stop := newServer(t, test.nameservers...)
defer stop()
t.Cleanup(stop)

time.Sleep(10 * time.Millisecond)

Expand All @@ -81,8 +89,6 @@ func TestDNS(t *testing.T) {
}

t.Logf("r: %s", r)

stop()
})
}
}
Expand Down

0 comments on commit 86ce171

Please sign in to comment.