mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-23 06:41:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete

Browse Source 
When a ADD item attached to a SRV item is removed because it is obsolete, we
must trigger a DNS resolution to be sure the hostname still resolves or
not. There is no other way to be the entry is still valid. And we cannot set
the server in RMAINT immediatly, because a DNS server may be inconsitent and
may stop to add some additionnal records.

The opposite is also true. If a valid ADD item is still attached to a SRV
item, any DNS resolution must be stopped. There is no reason to perform
extra resolution in this case.

This patch must be backported as far as 2.2.
This commit is contained in:
Christopher Faulet 2021-03-10 18:38:37 +01:00
parent 49531e8471
commit 3e0600fbbf
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/resolvers.c
View File

@ -583,6 +583,9 @@ static void resolv_check_response(struct resolv_resolution *res)
/* clean up obsolete Additional record */
if (ar_item && (ar_item->last_seen + resolvers->hold.obsolete / 1000) < now.tv_sec) {
/* Cleaning up the AR item will trigger an extra DNS resolution, except if the SRV
* item is also obsolete.
*/
pool_free(resolv_answer_item_pool, ar_item);
item->ar_item = NULL;
}
@ -655,10 +658,13 @@ static void resolv_check_response(struct resolv_resolution *res)
/* And update this server, if found (srv is locked here) */
if (srv) {
/* re-enable DNS resolution for this server by default */
srv->flags &= ~SRV_F_NO_RESOLUTION;
/* Check if an Additional Record is associated to this SRV record.
* Perform some sanity checks too to ensure the record can be used.
* If all fine, we simply pick up the IP address found and associate
* it to the server.
* it to the server. And DNS resolution is disabled for this server.
*/
if ((item->ar_item != NULL) &&
(item->ar_item->type == DNS_RTYPE_A || item->ar_item->type == DNS_RTYPE_AAAA))
@ -674,6 +680,11 @@ static void resolv_check_response(struct resolv_resolution *res)
}
srv->flags |= SRV_F_NO_RESOLUTION;
/* Unlink A/AAAA resolution for this server if there is an AR item.
* It is usless to perform an extra resolution
*/
resolv_unlink_resolution(srv->resolv_requester);
}
if (!srv->hostname_dn) {
@ -690,6 +701,14 @@ static void resolv_check_response(struct resolv_resolution *res)
send_log(srv->proxy, LOG_NOTICE, "%s", msg);
}
if (!(srv->flags & SRV_F_NO_RESOLUTION)) {
/* If there is no AR item responsible of the FQDN resolution,
* trigger a dedicated DNS resolution
*/
if (!srv->resolv_requester || !srv->resolv_requester->resolution)
resolv_link_resolution(srv, OBJ_TYPE_SERVER, 1);
}
/* Update the server status */
snr_update_srv_status(srv, (srv->addr.ss_family != AF_INET && srv->addr.ss_family != AF_INET6));