Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNS discovery should not trim final dot #3196

Open
bboreham opened this Issue Sep 20, 2017 · 5 comments

Comments

Assignees
No one assigned
Labels
component/service discovery not-as-easy-as-it-looks priority/Pmaybe
Projects
None yet
Milestone
No milestone
5 participants
@bboreham @simonpasquier @juliusv @grobie @brian-brazil
@bboreham
Copy link
Contributor

bboreham commented Sep 20, 2017
edited

I wish to question this line. It is commented:

// Remove the final dot from rooted DNS names to make them look more usual.

but why do we care how it looks? A rooted name has a different meaning from a non-rooted name.

More practically, in a typical Kubernetes installation it causes 4-5 pointless DNS lookups as the search path is traversed.

@brian-brazil brian-brazil added priority/Pmaybe component/service discovery labels Sep 28, 2017

@simonpasquier

This comment has been minimized.

Sign in to view
Copy link
Member

simonpasquier commented Sep 6, 2018

The code has been there since the inception of the DNS SD [1] but I agree that it should be removed. Maybe @juliusv has some opinion?

[1] https://github.com/prometheus/prometheus/pull/297/files#diff-de6c481fa836cf8897a7b6d1ae60e5d5R74
@juliusv

This comment has been minimized.

Sign in to view
Copy link
Member

juliusv commented Sep 6, 2018

I don't remember what motivated that, but it certainly seems bogus and IMO should just be fixed.

@bboreham bboreham referenced this issue Sep 7, 2018

Merged

Stop removing the final dot from rooted DNS names #4586

@gouthamve gouthamve closed this in #4586 Sep 13, 2018

@grobie grobie reopened this Oct 24, 2018

@grobie grobie added the not-as-easy-as-it-looks label Oct 24, 2018

@grobie

This comment has been minimized.

Sign in to view
Copy link
Member

grobie commented Oct 24, 2018
edited

This is not as easy as it looks. The returned target name is used in many contexts, not only in the context of DNS lookups. In the context of HTTP as Host header or in the context of TLS as server name, the final dot is not only uncommon but usually unsupported.

I expect a solution to the problem to require a more complex solution, e.g. by using different names for DNS lookups and HTTP requests, or by making the DNS lookup at an earlier stage. Open for ideas and discussion @bboreham.

Possible workarounds:

  • configure /etc/resolv.conf ndots option in a way to avoid additional search domain lookups
  • configure a relabel rule to add the final dot to all returned SRV targets
  • use templated DNS responses to return a NXDOMAIN response with a high negative TTL for such pointless DNS lookups (easy with CoreDNS)

More details can be found in this PR: #4766

@grobie grobie referenced this issue Oct 24, 2018

Merged

Cut 2.5.0-rc.0 #4775

@bboreham

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

bboreham commented Oct 24, 2018

Can we start by agreeing on the nature of the problem, which I think is something like:

“Prometheus alters the SD results it gets from a DNS SRV lookup by removing any final dot, transforming fully-qualified names into relative names. Removing this artefact proved to inconvenience some users, so we choose to retain it”

If we agree on this, I think my suggestion would be to add another Prometheus SD type which uses the unaltered DNS response.
@juliusv

This comment has been minimized.

Sign in to view
Copy link
Member

juliusv commented Oct 24, 2018

@bboreham Fully agreed on the problem description. We probably wouldn't need a completely new SD type, but just add an option to the DNS SD?

@simonpasquier simonpasquier referenced a pull request that will close this issue Nov 22, 2018

Open

discovery/dns: add trim_final_dot option for SRV records #4895

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.