fix(conf): remove CNAME from default dns_order option
#13107
Conversation
github-actions
bot
added
core/templates
cherry-pick kong-ee
chobits
force-pushed
the
fix/dns_order-remove-cname
branch
from
a069f1b to
016d19a
Compare
|
This PR removes Kong's DNS client's handling of CNAME. As a result, the logic for CNAME dereferencing and recursive loop detection becomes unnecessary and can be removed. However, removing them requires some effort, so for now, they're left as is. |
|
isn't this a breaking change? |
I reconsidered it, and changing the default behavior is a breaking change. I'll modify the However, users can actually be unaware of this behavior, because CNAME can still be configured in dns_order. This PR does not remove the CNAME-processing logic from DNS client. This means that customers can seamlessly upgrade to this version of the PR, whether they are using the default dns_order or have explicitly configured dns_order with CNAME, such as (dns_order=LAST,A,CNAME). What users will notice is that when they use the default dns_order option without explicit configuration, their local DNS servers will not receive any CNAME requests and there is no CNAME dereferencing for that query. |
chobits
force-pushed
the
fix/dns_order-remove-cname
branch
2 times, most recently
from
9ffaed6 to
401c08b
Compare
chobits
force-pushed
the
fix/dns_order-remove-cname
branch
from
dfb0891 to
8e7a60c
Compare
Because DNS servers are capable of performing recursive lookups on behalf of clients, it's often unnecessary for the client resolver to directly query CNAME records. KAG-4606
chobits
force-pushed
the
fix/dns_order-remove-cname
branch
from
cf37975 to
c34179f
Compare
| @@ -108,7 +108,7 @@ for _, strategy in helpers.each_strategy() do | |||
|
|
|||
| local service = bp.services:insert { | |||
| name = "tests-retries", | |||
| host = "nowthisdoesnotexistatall", | |||
| host = "nowthisdoesnotexistatall.test", | |||
There was a problem hiding this comment.
NOTE: The AWS route 53 DNS server will reply "(2) server failure" for an A-type domain without dot, like "nowthisdoesnotexistatall".
Because we have removed CNAME from LAST_ORDER, the final attempt is now changed from CNAME to A.
Summary
DNS servers are capable of performing recursive lookups on behalf of clients and DNS client could directly extract IP addresses from RRs due to #13002. Consequently, clients often don't need to query CNAME records.
The impact on customers is that when they use the default dns_order option without explicit configuration, their local DNS servers won't get any CNAME requests, and there won't be CNAME dereferencing for those queries.
Checklist
changelog/unreleased/kongorskip-changeloglabel added on PR if changelog is unnecessary. README.mdIssue reference
Fix KAG-4606