trafficserver icon indicating copy to clipboard operation
trafficserver copied to clipboard

Published 20 hours ago verified publisher icon apache

splitdns.config: multiple ips in named argument ignored

Open Cyborgscode opened this issue 1 year ago • 4 comments

HostOS: Fedora 37 Version: 9.0.20 Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=2208215

Issue:

Inside ATS the splitdns.config regulates, which backendserver is used for a specific domainname to connect to. According to the doc page:

https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/splitdns.config.en.html

this looks like this:

dest_domain=domain.de named="10.0.0.1;10.0.0.2" dest_domain=domain.de named="10.0.0.1 10.0.0.2"

In Ubuntu man pages there is even a more wired example:

dest_domain=domain.de named=10.0.0.1:290 10.0.0.2 ....

The Issue now is, that the 2+ dns server is ignored by ATS. If dns #1 (10.0.0.1) fails, it does not switch to dns #2 (or more), which is the whole sense of having multiply dns servers.

The doc states about the named parameter:

"Specify multiple DNS servers with spaces or semicolons (;) as separators."

Neither does work. It does not produce a syntax error if it's used, which means, it's intended to be configured like this.

This happens in reallife:

[May 18 12:29:58.596] [ET_NET 0] WARNING: connection to DNS server 10.0.0.1 lost, marking as down [May 18 12:29:58.596] [ET_NET 0] WARNING: connection to all DNS servers lost, retrying

...restart.. and next fail simulation...

[May 18 12:34:03.136] [ET_NET 0] WARNING: connection to DNS server 10.0.0.1 lost, marking as down [May 18 12:34:03.136] [ET_NET 0] WARNING: connection to all DNS servers lost, retrying

same result.

It's getting even worse, if splitdns is disabled and those two dns servers are added to the records.config. Now the service starts to randomly disresolve the domainnames after a few seconds.

Admin Workaround:

ATS -> splitdns.conf -> named=10.0.0.1

move your internal dns to 10.0.0.2 and 10.0.0.3 bind Bind's named on 10.0.0.1 and use as local proxy for 10.0.0.2 and 10.0.0.3

Note: It's still a single point of failure, but named is rock solid

Cyborgscode avatar May 18 '23 14:05 Cyborgscode

Sorry for the delay, I"m looking at this now.

SolidWallOfCode avatar Jun 05 '23 20:06 SolidWallOfCode

Running this in the debugger, but I need to ask a basic question. Did you enable split DNS in "records.config" via

proxy.config.dns.splitDNS.enabled: INT 1

SolidWallOfCode avatar Jun 07 '23 21:06 SolidWallOfCode

Yes:

# grep proxy.config.dns.splitDNS.enabled /etc/trafficserver/records.config
CONFIG proxy.config.dns.splitDNS.enabled INT 1

Cyborgscode avatar Jun 08 '23 07:06 Cyborgscode

Anti-Stale Ping.

Cyborgscode avatar Jan 15 '24 12:01 Cyborgscode