search directive in resolv.conf is ignored.

[eugpermar]

Summary

Hi all!

I know that many changes have been made to kong v0.10.x DNS solving, in particular, that kong will be able to read resolv.conf file. However, is kong able to process the search option in this file?

The problem I'm facing is that k8s append the namespace in this entry, so if I have a service SVC in namespace NSNS, and I try to (for example) ping it, DNS resolution will look for the actual name (SVC.NSNS.svc.cluster.local), but kong is still giving me DNS resolution error. Previous to this update, I was using a local dnsmasq service, but I was hoping to remove that dependency with this version.

I've tried to search through issues db, doc and changelog with no luck. Also, kong say that resolv.conf is used by default, so I assume at this point that the feature is not desired/not included by some reason. Is this possible in current kong version?

Steps To Reproduce

1. Create a echo service & deployment with k8s, and kong service and deployment.
2. From kong container, try to ping it, and see how it resolves proper DNS domain.
3. Add echo API to kong
4. Try to make kong resolv it.

Additional Details & Logs

• Kong version 0.10.0
• Kong error logs:

2017/03/14 08:59:12 [error] 75#0: *2112 [lua] responses.lua:101: before(): failed the initial dns/balancer resolve for 'SVC' with: dns server error; 2 server failure, client: 10.128.0.4, server: kong, request: "POST /echo HTTP/1.1", host: "104.197.93.173:8000"

[Tieske]

The current dns implementation does not honor the search option.

see also https://github.com/Mashape/lua-resty-dns-client/blob/master/src/resty/dns/client.lua#L248

[Tieske]

can you post the resolv.conf file for your example?

[eugpermar]

Sure:

search default.svc.cluster.local svc.cluster.local cluster.local google.internal
nameserver 10.7.240.10
options ndots:5

Also, If I try to go back with the previous configuration (intermediate dnsmasqd), and set env KONG_DNS_RESOLVER to localhost:53 kong says me:

Error: dns_resolver must be a comma separated list in the form of IPv4 or IPv4:port, got 'localhost:53'

I could create a separate issue for that if you want

[Tieske]

well, that error is exactly what it says. Change "localhost:53" to "127.0.0.1:53" in your config and you'll probably be fine.

[eugpermar]

Sorry, I though that you wanted to maintain that kind of retro compatibility :) fixed that part then.

Is there something in mind to support resolv.conf search domains? this way, I would not need dnsmasq in my installation anymore. I can try to send PR, but it would be my first time in lua, if you do agree that is a valid use case.

[Tieske]

if you use fully qualified names, it should work.

I think it can be added, but it would be related to another module that Kong uses under the hood; https://github.com/Mashape/lua-resty-dns-client

It would involve honouring the search and ndots parameters from resolv.conf. Those parameters are already parsed iirc, just not used when the client actually resolves names.

[eugpermar]

if you use fully qualified names, it should work.

Yes, in that case all works OK, but then I have to add (and duplicate) more logic. If it makes sense to you, I can try to send you a PR.

[Tieske]

I probably won't get to it on a short notice, so feel free to take a stab at it

[p0pr0ck5]

Closing, this is going into 0.11! :D

[eugpermar]

Great! I'll be looking forward into it! :D thanks a lot!