Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net: add configuration knob to force TCP-only DNS requests in the pure Go resolver on unix #29358

Closed
jfbus opened this issue Dec 20, 2018 · 4 comments
Closed

net: add configuration knob to force TCP-only DNS requests in the pure Go resolver on unix #29358

jfbus opened this issue Dec 20, 2018 · 4 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Proposal Proposal-Accepted
Milestone
Go1.13

Comments

@jfbus
Copy link
Contributor

jfbus commented Dec 20, 2018
edited

Context

There is a DNS resolution bug in Kubernetes (UDP response packets get dropped by conntrack, causing timeouts in DNS queries) : kubernetes/kubernetes#56903

A work-around is to configure the linux resolver to use TCP (e.g. using the use-vc option in resolv.conf).

This workaround works with the cgo resolver on glibc-based platforms, but not on musl-based plaforms (e.g. Alpine).

This workaround cannot be used with the pure Go resolver, as it always tries UDP before switching to TCP.

Proposal 1

A solution would be to look for the use-vc option in resolv.conf, and switch to TCP when found.

=> https://go-review.googlesource.com/c/go/+/156366

Proposal 2

Another solution would be to be able to configure the Go resolver to use TCP, either using the GODEBUG env var (e.g. GODEBUG=netdns=go+tcp) or using a net.Resolver flag (e.g. PreferTCP).

in net/dnsclient_unix.go

func (r *Resolver) exchange(ctx context.Context, server string, q dnsmessage.Question, timeout time.Duration) (dnsmessage.Parser, dnsmessage.Header, error) {
[...]
    var networks []string
    if r.PreferTCP || systemConf().preferTCP {
        networks = []string{"tcp"}
    } else {
        networks = []string{"udp", "tcp"}
    }
    for _, network := range networks {

=> https://go-review.googlesource.com/c/go/+/155378
@jfbus jfbus mentioned this issue Dec 20, 2018
Closed
@gopherbot
Copy link

Change https://golang.org/cl/155378 mentions this issue: net: allow TCP only DNS requests in the pure Go resolver on unix

@bradfitz bradfitz changed the title net: allow TCP only DNS requests in the pure Go resolver on unix proposal: net: add configuration knob to force TCP-only DNS requests in the pure Go resolver on unix Dec 20, 2018
@gopherbot gopherbot added this to the Proposal milestone Dec 20, 2018
@cdrage cdrage mentioned this issue Dec 21, 2018
Closed
@jfbus
Copy link
Contributor Author

jfbus commented Jan 4, 2019

An alternative implementation would be to look for use-vc in dnsReadConfig and force dns-over-tcp if found.

jfbus added a commit to jfbus/go that referenced this issue Jan 7, 2019
@jfbus
net: use DNS over TCP when use-vc is set in resolv.conf
b7d396f 
Fixes golang#29358
@jfbus jfbus mentioned this issue Jan 7, 2019
Closed
@gopherbot
Copy link

Change https://golang.org/cl/156366 mentions this issue: net: use DNS over TCP when use-vc is set in resolv.conf

@rsc
Copy link
Contributor

rsc commented Jan 9, 2019

Accepted (proposal 1) for Go 1.13. This is easy and simply implements the existing resolv.conf files more faithfully.

@rsc rsc modified the milestones: Proposal, Go1.13 Jan 9, 2019
@ianlancetaylor ianlancetaylor added the NeedsFix The path to resolution is known, but the work has not been done. label Jan 9, 2019
@jfbus jfbus mentioned this issue Jan 9, 2019
Closed
@rsc rsc changed the title proposal: net: add configuration knob to force TCP-only DNS requests in the pure Go resolver on unix net: add configuration knob to force TCP-only DNS requests in the pure Go resolver on unix Jan 16, 2019
jfbus added a commit to jfbus/go that referenced this issue Apr 18, 2019
@jfbus
net: use DNS over TCP when use-vc is set in resolv.conf
8ce0afd 
Fixes golang#29358
@golang golang locked and limited conversation to collaborators Apr 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Proposal Proposal-Accepted
Projects
None yet
Milestone
Go1.13
4 participants
@rsc @jfbus @ianlancetaylor @gopherbot