Skip to content

Commit

Permalink
coredns: use a TTL of 0 for our names
Browse files Browse the repository at this point in the history
Containers can be be restarted with a different ip at any time so
allowing caches here doesn't make much sense given the server is local
and queries should be fast enough anyway.

Fixes containers#429

Signed-off-by: Paul Holzinger <[email protected]>
  • Loading branch information
Luap99 committed Sep 18, 2024
1 parent 6ec9581 commit edbe4e9
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 17 deletions.
13 changes: 4 additions & 9 deletions src/dns/coredns.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,6 @@ use std::time::Duration;
use tokio::net::TcpListener;
use tokio::net::UdpSocket;

// Containers can be recreated with different ips quickly so
// do not let the clients cache to dns response for to long,
// aardvark-dns runs on the same host so caching is not that important.
// see https://github.com/containers/netavark/discussions/644
const CONTAINER_TTL: u32 = 60;

pub struct CoreDns {
rx: flume::Receiver<()>, // kill switch receiver
inner: CoreDnsData,
Expand Down Expand Up @@ -434,7 +428,6 @@ fn reply_ptr(
let mut record = Record::new();
record
.set_name(Name::from_str_relaxed(name).unwrap_or_default())
.set_ttl(CONTAINER_TTL)
.set_rr_type(RecordType::PTR)
.set_dns_class(DNSClass::IN)
.set_data(Some(RData::PTR(rdata::PTR(answer))));
Expand Down Expand Up @@ -481,9 +474,12 @@ fn reply_ip<'a>(
for record_addr in resolved_ip_list {
if let IpAddr::V4(ipv4) = record_addr {
let mut record = Record::new();
// DO NOT SET A TTL, the default is 0 which means client should not cache it.
// Containers can be be restarted with a different ip at any time so allowing
// caches here doesn't make much sense given the server is local and queries
// should be fast enough anyway.
record
.set_name(request_name.clone())
.set_ttl(CONTAINER_TTL)
.set_rr_type(RecordType::A)
.set_dns_class(DNSClass::IN)
.set_data(Some(RData::A(rdata::A(ipv4))));
Expand All @@ -496,7 +492,6 @@ fn reply_ip<'a>(
let mut record = Record::new();
record
.set_name(request_name.clone())
.set_ttl(CONTAINER_TTL)
.set_rr_type(RecordType::AAAA)
.set_dns_class(DNSClass::IN)
.set_data(Some(RData::AAAA(rdata::AAAA(ipv6))));
Expand Down
5 changes: 3 additions & 2 deletions test/100-basic-name-resolution.bats
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@ load helpers
gw=$(echo "$config_a1" | jq -r .network_info.podman1.subnets[0].gateway)
create_container "$config_a1"
a1_pid=$CONTAINER_NS_PID
run_in_container_netns "$a1_pid" "dig" "+short" "aone" "@$gw"
assert "$ip_a1"
run_in_container_netns "$a1_pid" "dig" "aone" "@$gw"
# check for TTL 0 here as well
assert "$output" =~ "aone\.[[:space:]]*0[[:space:]]*IN[[:space:]]*A[[:space:]]*$ip_a1"
# Set recursion bit is already set if requested so output must not
# contain unexpected warning.
assert "$output" !~ "WARNING: recursion requested but not available"
Expand Down
12 changes: 6 additions & 6 deletions test/500-reverse-lookups.bats
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,15 @@ load helpers
dig_reverse "$a1_pid" "$a2_ip" "$gw"
echo -e "Output:\n${output}\n"
a2_expected_name=$(echo $a2_ip | awk -F. '{printf "%d.%d.%d.%d.in-addr.arpa.", $4, $3, $2, $1}')
assert "$output" =~ "$a2_expected_name[ ].*[ ]atwo\."
assert "$output" =~ "$a2_expected_name[ ].*[ ]a2\."
assert "$output" =~ "$a2_expected_name[ ].*[ ]2a\."
assert "$output" =~ "$a2_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*atwo\."
assert "$output" =~ "$a2_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*a2\."
assert "$output" =~ "$a2_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*2a\."
dig_reverse "$a2_pid" "$a1_ip" "$gw"
echo -e "Output:\n${output}\n"
a1_expected_name=$(echo $a1_ip | awk -F. '{printf "%d.%d.%d.%d.in-addr.arpa.", $4, $3, $2, $1}')
assert "$output" =~ "$a1_expected_name[ ].*[ ]aone\."
assert "$output" =~ "$a1_expected_name[ ].*[ ]a1\."
assert "$output" =~ "$a1_expected_name[ ].*[ ]1a\."
assert "$output" =~ "$a1_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*aone\."
assert "$output" =~ "$a1_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*a1\."
assert "$output" =~ "$a1_expected_name[[:space:]]*0[[:space:]]*IN[[:space:]]*PTR[[:space:]]*1a\."
}

@test "check reverse lookups on ipaddress v6" {
Expand Down

0 comments on commit edbe4e9

Please sign in to comment.