fix(coredns) Add FORMERR and NOTIMP in alternate default coredns conf (…

…#2756) Currently when using the builtin DNS coreDNS would forward the NOTIMP error from Envoy rather than fallingback to the original DNS This makes sure that FORMERR and NOTIMP responses from Envoy will be retried against the original DNS server Signed-off-by: Charly Molter <charly.molter@konghq.com>
kumahq · Sep 13, 2021 · c9bf4d1 · c9bf4d1
1 parent 858034a
commit c9bf4d1
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 8 deletions.
diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go
@@ -31,9 +31,13 @@ type Opts struct {
 	Quit   chan struct{}
 }
 
+// DefaultCoreFileTemplate defines the template to use to configure coreDNS to use the envoy dns filter.
 const DefaultCoreFileTemplate = `.:{{ .CoreDNSPort }} {
     forward . 127.0.0.1:{{ .EnvoyDNSPort }}
-    alternate NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf
+    # We want all requests to be sent to the Envoy DNS Filter, unsuccessful responses should be forwarded to the original DNS server.
+    # For example: requests other than A, AAAA and SRV will return NOTIMP when hitting the envoy filter and should be sent to the original DNS server.
+    # Codes from: https://github.com/miekg/dns/blob/master/msg.go#L138
+    alternate NOTIMP,FORMERR,NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf
     prometheus localhost:{{ .PrometheusPort }}
     errors
 }

diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go
@@ -121,7 +121,10 @@ var _ = Describe("DNS Server", func() {
 			// and
 			Expect(string(actual)).To(Equal(`.:16001 {
     forward . 127.0.0.1:16002
-    alternate NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf
+    # We want all requests to be sent to the Envoy DNS Filter, unsuccessful responses should be forwarded to the original DNS server.
+    # For example: requests other than A, AAAA and SRV will return NOTIMP when hitting the envoy filter and should be sent to the original DNS server.
+    # Codes from: https://github.com/miekg/dns/blob/master/msg.go#L138
+    alternate NOTIMP,FORMERR,NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf
     prometheus localhost:16003
     errors
 }

diff --git a/app/kuma-dp/pkg/dataplane/envoy/envoy_test.go b/app/kuma-dp/pkg/dataplane/envoy/envoy_test.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"time"
 
@@ -116,10 +117,17 @@ var _ = Describe("Envoy", func() {
 			// then
 			Expect(err).ToNot(HaveOccurred())
 			// and
-			Expect(strings.TrimSpace(buf.String())).To(Equal(
-				fmt.Sprintf("--config-path %s --drain-time-s 15 --disable-hot-restart --log-level off --bootstrap-version 2 --cpuset-threads",
-					expectedConfigFile)),
-			)
+			if runtime.GOOS == "linux" {
+				Expect(strings.TrimSpace(buf.String())).To(Equal(
+					fmt.Sprintf("--config-path %s --drain-time-s 15 --disable-hot-restart --log-level off --bootstrap-version 2 --cpuset-threads",
+						expectedConfigFile)),
+				)
+			} else {
+				Expect(strings.TrimSpace(buf.String())).To(Equal(
+					fmt.Sprintf("--config-path %s --drain-time-s 15 --disable-hot-restart --log-level off --bootstrap-version 2",
+						expectedConfigFile)),
+				)
+			}
 
 			By("verifying the contents Envoy config file")
 			// when

diff --git a/pkg/xds/cache/cla/testdata/cla.get.0.json b/pkg/xds/cache/cla/testdata/cla.get.0.json
@@ -44,4 +44,4 @@
       ]
     }
   ]
-}
+}
diff --git a/pkg/xds/cache/cla/testdata/cla.get.1.json b/pkg/xds/cache/cla/testdata/cla.get.1.json
@@ -44,4 +44,4 @@
       ]
     }
   ]
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,4 +44,4 @@ @@
           ]
         }
       ]
-    }
+    }