alternate
alternate copied to clipboard
coredns
FeatureRequest: Redirect to alternate upstream in no data in ANSWER section
Hello,
Would it be possible to add condition to redirect if there are no data in ANSWER section of response from first upstream?
For example:
I am querying for TXT record of example.com
CoreDNS will query first backend and will got response with NOERROR, but no data in ANSWER section (there is no TXT record for this domain on first backend, but domain exists and has an A record for example).
But there is second backend, which does have TXT record for example.com.
The fanout external plugin may act this way. Per the fanout README, it says that it forwards the first "non-negative" response. A NODATA response (i.e. a NOERROR with zero answers) is considered a "negative response" in DNS. Setting worker_count to 1 should check the upstreams sequentially instead of in parallel.
Thanks for the suggestion. Wanted to test it out, but it seems that fanout plugin does not work with worker_count 1. If I do that it just ends whole Coredns with this:
plugin/fanout: worker count should be more or equal 2. Consider to use Forward plugin
Anyway, I am not sure if it'll work. I believe that NOERROR with no answers is valid positive response (at least in logical DNS meaning, but sure, can be implemented in different way), so it will probably not work.
Also fanout does not do same thing as alternate. With alternate it is possible to target multiple servers and use another group of servers as alternative.
I am just playing with different DNS servers and CoreDNS seems to be kinda nice - would be nice to have all-in-one software. So I was just suggesting if someone wants to implement this.
The behavior I am describing can be achieved in real, but I have to combine two softwares. It is possible to use dnsdist (can be running locally) as primary target (which is able to change RCODE to SERVFAIL for example when there are no ANSWER data), and then alternate will work. I could post a configuration for that, but I believe it is not the right place to talk about configs for totally different software.
worker count should be more or equal 2.
That's unfortunate. Should be an easy fix though. I suspect the 2 minimum is as arbitrary as it is undocumented.
I believe that NOERROR with no answers is valid positive response (at least in logical DNS meaning ...
Per the DNS RFCs, a "NODATA" response is a considered a negative response. IMO, this makes logical sense, since no answer is present in a NODATA response - hence it is negative.
I don't know how fanout actually behaves. I haven't tested it or looked a the code to see what it actually does. I'm just going on what the README says.
With alternate it is possible to target multiple servers and use another group of servers as alternative.
You can do the same with fanout using local forwarding. E.g. fanout can "fan out" to other server blocks which each forward to a group of servers. Kinda hacky though.
That said - adding the pseudo "NODATA" type as an option in alternate is probably not hard to add.
Added support for the NODATA-type, tested internally, works fine.
go mod edit --replace=github.com/coredns/alternate=github.com/alivedevil/[email protected]
Before building coredns worked out for me. This is based on the v0.2.7-tag, due to CoreDNS 1.11.2 not being available.
