Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: go 1.11 DNS client incompatible with SRV records from kube-dns #27546

Closed
jnewmano opened this issue Sep 6, 2018 · 16 comments
Closed

net: go 1.11 DNS client incompatible with SRV records from kube-dns #27546

jnewmano opened this issue Sep 6, 2018 · 16 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone

Comments

@jnewmano
Copy link

jnewmano commented Sep 6, 2018

What version of Go are you using (go version)?

go1.11

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

linux amd64

What did you do?

Running the following application in Kubernetes exits with an error:

https://play.golang.org/p/EW5NVeHJMrV

What did you expect to see?

Expected to get SRV records back

What did you see instead?

When running in Kubernetes with kube-dns 1.14.10 the application exits with error: "cannot unmarshal DNS message" (underlying error is "Target: compressed name in SRV resource data")

https://play.golang.org/p/EW5NVeHJMrV

A pcap of the DNS request: https://github.com/jnewmano/kube-dns/blob/master/dns_111_2.pcap

When built with Go1.10, it behaves as expected.

Golang-nuts discussion https://groups.google.com/forum/#!searchin/golang-nuts/dns%7Csort:date/golang-nuts/vAbjprJNPV0/HSh9635hBQAJ

@andybons andybons changed the title Go 1.11 DNS client incompatible with SRV records from kube-dns net: go 1.11 DNS client incompatible with SRV records from kube-dns Sep 6, 2018
@andybons
Copy link
Member

andybons commented Sep 6, 2018

@mikioh

@jnewmano
Copy link
Author

jnewmano commented Sep 7, 2018

kube-dns 1.14.11 has now been tagged. This version works with go1.11

https://github.com/kubernetes/dns/releases/tag/1.14.11

@andybons andybons added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 7, 2018
@andybons andybons added this to the Unplanned milestone Sep 7, 2018
@paddycarver
Copy link

I'm not sure if this is the same underlying issue, but SRV responses from systemd-resolved can't be parsed on ubuntu 18.04, and return the same error message (though I'm not sure how to get to the underlying error message, unfortunately). go test . within the net directory fails with the mentioned error. Disabling systemd-resolved and setting the DNS server to 8.8.8.8, then running go test net passes, as expected.

@iangudger
Copy link
Contributor

This was an intentional change. See #10622.

@mikioh
Copy link
Contributor

mikioh commented Sep 20, 2018

For what it's worth, the reason I requested to file this issue is that I guess this could be a roadblock for operating DNS-SD in near future. Nowadays DNS-SD is becoming important not only for consumer plug-and-pray-or-play use but for label distribution over unicast DNS with k8s-like scheduler stuff. As described in RFC 8222, we still don't see the end of the label handling conflict between classical/conventional unicast DNS, and latest unicast and/or multicast DNS and DNS-SD, but need to find out a comprimise for both use cases.

One easy option would be just adding a control knob to net.Resolver and x/net/dnsmessge package without changing the current defaut, classical/conventional unicast DNS, behavior in the net package of standard library (see also #24870).

@iangudger
Copy link
Contributor

Doesn't the DNS client in the standard library only support unicast DNS? Multicast DNS is different in a number of ways. For example, I believe the way that it uses the truncated bit is incompatible with our DNS client.

SRV records in unicast DNS must not be compressed. DNS servers which compress SRV records are either broken or doing multicast DNS.

@jnewmano
Copy link
Author

A line item in the go1.11 release notes and a control knob to continue permitting non compliant DNS SRV responses would have been sufficient for us to have a smooth upgrade to 1.11.

@iangudger
Copy link
Contributor

@jnewmano I agree that mentioning the DNS changes in the release notes would have been nice.

@mikioh
Copy link
Contributor

mikioh commented Sep 20, 2018

Doesn't the DNS client in the standard library only support unicast DNS?

Yup, basically we don't want to bring fancy and complicated features into the "built-in" DNS stub resolver in the net package, though, GODEBUG=netdns=cgo allows to use the external stub resolvers.

SRV records in unicast DNS must not be compressed.

For now, I agree with you, but won't ignore the https://tools.ietf.org/html/draft-ietf-dnssd-hybrid endeavor in near future.

@iangudger
Copy link
Contributor

The reasoning for rejecting these malformed responses was laid out in #10622.

@gnydick

This comment has been minimized.

@iangudger
Copy link
Contributor

It appears that this issue has been fixed on the kube-dns end. Does anyone know if this is still an issue?

@andybons
Copy link
Member

@mikioh what do you think?

@andybons andybons added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Aug 18, 2019
@gnydick
Copy link

gnydick commented Aug 18, 2019 via email

@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@strk
Copy link

strk commented Sep 24, 2019

I also think behavioral difference with dig should be taken into account

@golang golang locked and limited conversation to collaborators Sep 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Development

No branches or pull requests

8 participants