New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: go 1.11 DNS client incompatible with SRV records from kube-dns #27546

Open
jnewmano opened this Issue Sep 6, 2018 · 10 comments

Comments

Projects
None yet
5 participants
@jnewmano

jnewmano commented Sep 6, 2018

What version of Go are you using (go version)?

go1.11

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

linux amd64

What did you do?

Running the following application in Kubernetes exits with an error:

https://play.golang.org/p/EW5NVeHJMrV

What did you expect to see?

Expected to get SRV records back

What did you see instead?

When running in Kubernetes with kube-dns 1.14.10 the application exits with error: "cannot unmarshal DNS message" (underlying error is "Target: compressed name in SRV resource data")

https://play.golang.org/p/EW5NVeHJMrV

A pcap of the DNS request: https://github.com/jnewmano/kube-dns/blob/master/dns_111_2.pcap

When built with Go1.10, it behaves as expected.

Golang-nuts discussion https://groups.google.com/forum/#!searchin/golang-nuts/dns%7Csort:date/golang-nuts/vAbjprJNPV0/HSh9635hBQAJ

@andybons andybons changed the title from Go 1.11 DNS client incompatible with SRV records from kube-dns to net: go 1.11 DNS client incompatible with SRV records from kube-dns Sep 6, 2018

@andybons

This comment has been minimized.

Member

andybons commented Sep 6, 2018

@jnewmano

This comment has been minimized.

jnewmano commented Sep 7, 2018

kube-dns 1.14.11 has now been tagged. This version works with go1.11

https://github.com/kubernetes/dns/releases/tag/1.14.11

@andybons andybons added this to the Unplanned milestone Sep 7, 2018

@paddycarver

This comment has been minimized.

paddycarver commented Sep 9, 2018

I'm not sure if this is the same underlying issue, but SRV responses from systemd-resolved can't be parsed on ubuntu 18.04, and return the same error message (though I'm not sure how to get to the underlying error message, unfortunately). go test . within the net directory fails with the mentioned error. Disabling systemd-resolved and setting the DNS server to 8.8.8.8, then running go test net passes, as expected.

@iangudger

This comment has been minimized.

Contributor

iangudger commented Sep 19, 2018

This was an intentional change. See #10622.

@mikioh

This comment has been minimized.

Contributor

mikioh commented Sep 20, 2018

For what it's worth, the reason I requested to file this issue is that I guess this could be a roadblock for operating DNS-SD in near future. Nowadays DNS-SD is becoming important not only for consumer plug-and-pray-or-play use but for label distribution over unicast DNS with k8s-like scheduler stuff. As described in RFC 8222, we still don't see the end of the label handling conflict between classical/conventional unicast DNS, and latest unicast and/or multicast DNS and DNS-SD, but need to find out a comprimise for both use cases.

One easy option would be just adding a control knob to net.Resolver and x/net/dnsmessge package without changing the current defaut, classical/conventional unicast DNS, behavior in the net package of standard library (see also #24870).

@iangudger

This comment has been minimized.

Contributor

iangudger commented Sep 20, 2018

Doesn't the DNS client in the standard library only support unicast DNS? Multicast DNS is different in a number of ways. For example, I believe the way that it uses the truncated bit is incompatible with our DNS client.

SRV records in unicast DNS must not be compressed. DNS servers which compress SRV records are either broken or doing multicast DNS.

@jnewmano

This comment has been minimized.

jnewmano commented Sep 20, 2018

A line item in the go1.11 release notes and a control knob to continue permitting non compliant DNS SRV responses would have been sufficient for us to have a smooth upgrade to 1.11.

@iangudger

This comment has been minimized.

Contributor

iangudger commented Sep 20, 2018

@jnewmano I agree that mentioning the DNS changes in the release notes would have been nice.

@mikioh

This comment has been minimized.

Contributor

mikioh commented Sep 20, 2018

Doesn't the DNS client in the standard library only support unicast DNS?

Yup, basically we don't want to bring fancy and complicated features into the "built-in" DNS stub resolver in the net package, though, GODEBUG=netdns=cgo allows to use the external stub resolvers.

SRV records in unicast DNS must not be compressed.

For now, I agree with you, but won't ignore the https://tools.ietf.org/html/draft-ietf-dnssd-hybrid endeavor in near future.

@iangudger

This comment has been minimized.

Contributor

iangudger commented Oct 30, 2018

The reasoning for rejecting these malformed responses was laid out in #10622.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment