consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

DNS : recurse for ptr records only if recursion is desired and configured

Open the-nando opened this issue 1 year ago • 0 comments

Description

This PR checks that the DNS request for the PTR has rd set (RecursionDesired) and we have recursors configured before calling the handleRecurse function.

Fixes:

Testing & Reproduction steps

Issue with calling handleRecurse if not neeed:

  • Start Consul without recursors configured
  • dig -p 8600 -x 127.0.0.3 @localhost
  • It should return NXDOMAIN but returns SERVFAIL

Issue with lack of handling of the rd flag:

  • Start Consul with recursors = ["1.1.1.1"] configured
  • dig -p 8600-x 1.1.1.1 @localhost +norecurse
  • It should return NXDOMAIN but returns one.one.one.one.

Links

Fixes: https://github.com/hashicorp/consul/issues/20413

PR Checklist

  • [ ] updated test coverage
  • [x] external facing docs updated
  • [x] appropriate backport labels added
  • [x] not a security concern

the-nando avatar Jan 31 '24 12:01 the-nando