Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS: support query recursion #278

Open
ekoby opened this issue Jan 24, 2022 · 1 comment · Fixed by #286
Open

DNS: support query recursion #278

ekoby opened this issue Jan 24, 2022 · 1 comment · Fixed by #286
Assignees
@ekoby

Comments

@ekoby
Copy link
Member

ekoby commented Jan 24, 2022

Ziti resolver get penalized for not offering query recursion (by dnsmasq specifically)
@ekoby ekoby self-assigned this Jan 24, 2022
@ekoby ekoby linked a pull request Feb 8, 2022 that will close this issue
Recursive DNS implementation #286
Merged
@qrkourier
Copy link
Member

@ekoby Will this allow Ziti DNS to resolve queries of type NS and other types too? I ask because I just ran into an issue where a non-Ziti app can't resolve an NS record while ziti-edge-tunnel is running because the tunneler has configured the stub resolver to use Ziti DNS which is responding with status: NOERROR and ANSWER: 0 (no answers) despite this being a valid record.

❯ sudo ss -lnp | grep -E ':53\s'                                               
udp   UNCONN 0      0                                                                               127.0.1.1:53                   0.0.0.0:*    users:(("dnsmasq",pid=616680,fd=4))                                                           
udp   UNCONN 0      0                                                                           127.0.0.53%lo:53                   0.0.0.0:*    users:(("systemd-resolve",pid=1644,fd=13))                                                    
tcp   LISTEN 0      32                                                                              127.0.1.1:53                   0.0.0.0:*    users:(("dnsmasq",pid=616680,fd=5))                                                           
tcp   LISTEN 0      4096                                                                        127.0.0.53%lo:53                   0.0.0.0:*    users:(("systemd-resolve",pid=1644,fd=14))                                                    

❯ resolvectl dns | grep -E ':\s+\S+$'
Global: 127.0.1.1
Link 3 (wlp3s0): 192.168.0.254
Link 60 (tun0): 100.65.0.2
Link 61 (tun1): 100.64.64.2

❯ for TCP in tcp notcp; do
    for NS in 127.0.0.53 127.0.1.1 192.168.0.254 1.1.1.1 100.65.0.2 100.64.64.2; do
        echo -e "\t-----------------\n\t TRY ${TCP/notcp/udp}://$NS\n\t-----------------\n"
        dig +${TCP} +timeout=1 -tNS solutions.netfoundry.io @${NS}
    done
done

	-----------------
	 TRY tcp://127.0.0.53
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @127.0.0.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20296
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Feb 16 16:53:19 EST 2022
;; MSG SIZE  rcvd: 52

	-----------------
	 TRY tcp://127.0.1.1
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @127.0.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65063
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 171362	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 171362	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 171362	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 171362	IN	NS	ns-555.awsdns-05.net.

;; Query time: 11 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Feb 16 16:53:19 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY tcp://192.168.0.254
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @192.168.0.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31065
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 172612	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 172612	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 172612	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 172612	IN	NS	ns-555.awsdns-05.net.

;; Query time: 11 msec
;; SERVER: 192.168.0.254#53(192.168.0.254)
;; WHEN: Wed Feb 16 16:53:19 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY tcp://1.1.1.1
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8209
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 171362	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 171362	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 171362	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 171362	IN	NS	ns-555.awsdns-05.net.

;; Query time: 7 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Feb 16 16:53:19 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY tcp://100.65.0.2
	-----------------

;; Connection to 100.65.0.2#53(100.65.0.2) for solutions.netfoundry.io failed: timed out.
;; Connection to 100.65.0.2#53(100.65.0.2) for solutions.netfoundry.io failed: timed out.

; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @100.65.0.2
;; global options: +cmd
;; connection timed out; no servers could be reached

;; Connection to 100.65.0.2#53(100.65.0.2) for solutions.netfoundry.io failed: timed out.
	-----------------
	 TRY tcp://100.64.64.2
	-----------------

;; Connection to 100.64.64.2#53(100.64.64.2) for solutions.netfoundry.io failed: timed out.
;; Connection to 100.64.64.2#53(100.64.64.2) for solutions.netfoundry.io failed: timed out.

; <<>> DiG 9.16.15-Ubuntu <<>> +tcp +timeout -tNS solutions.netfoundry.io @100.64.64.2
;; global options: +cmd
;; connection timed out; no servers could be reached

;; Connection to 100.64.64.2#53(100.64.64.2) for solutions.netfoundry.io failed: timed out.
	-----------------
	 TRY udp://127.0.0.53
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @127.0.0.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2240
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; Query time: 3 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Feb 16 16:53:25 EST 2022
;; MSG SIZE  rcvd: 52

	-----------------
	 TRY udp://127.0.1.1
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @127.0.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21380
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 172606	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 172606	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 172606	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 172606	IN	NS	ns-555.awsdns-05.net.

;; Query time: 15 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Feb 16 16:53:25 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY udp://192.168.0.254
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @192.168.0.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35314
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 171068	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 171068	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 171068	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 171068	IN	NS	ns-555.awsdns-05.net.

;; Query time: 7 msec
;; SERVER: 192.168.0.254#53(192.168.0.254)
;; WHEN: Wed Feb 16 16:53:26 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY udp://1.1.1.1
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64667
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; ANSWER SECTION:
solutions.netfoundry.io. 171356	IN	NS	ns-1476.awsdns-56.org.
solutions.netfoundry.io. 171356	IN	NS	ns-1846.awsdns-38.co.uk.
solutions.netfoundry.io. 171356	IN	NS	ns-368.awsdns-46.com.
solutions.netfoundry.io. 171356	IN	NS	ns-555.awsdns-05.net.

;; Query time: 15 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Feb 16 16:53:26 EST 2022
;; MSG SIZE  rcvd: 192

	-----------------
	 TRY udp://100.65.0.2
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @100.65.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57439
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; Query time: 0 msec
;; SERVER: 100.65.0.2#53(100.65.0.2)
;; WHEN: Wed Feb 16 16:53:26 EST 2022
;; MSG SIZE  rcvd: 52

	-----------------
	 TRY udp://100.64.64.2
	-----------------


; <<>> DiG 9.16.15-Ubuntu <<>> +notcp +timeout -tNS solutions.netfoundry.io @100.64.64.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51565
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;solutions.netfoundry.io.	IN	NS

;; Query time: 0 msec
;; SERVER: 100.64.64.2#53(100.64.64.2)
;; WHEN: Wed Feb 16 16:53:26 EST 2022
;; MSG SIZE  rcvd: 52

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ekoby ekoby

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Recursive DNS implementation openziti/ziti-tunnel-sdk-c
2 participants
@qrkourier @ekoby