mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-26 05:51:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: retry with another upstream if the previous failed

Browse Source 
Do not return response to the client if we got SERVFAIL or REFUSED,
until we run out of upstreams.

Fixes #9143

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This commit is contained in:
Dmitriy Matrenichev 2024-08-14 21:48:30 +03:00
parent 82e19f38ac
commit a5bd770bf9
No known key found for this signature in database
GPG Key ID: 94B473337258BFD5
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/pkg/dns/dns.go
View File

@ -144,6 +144,10 @@ func (h *Handler) ServeDNS(ctx context.Context, wrt dns.ResponseWriter, msg *dns
break break
} }
if resp != nil && (resp.Rcode == dns.RcodeServerFailure || resp.Rcode == dns.RcodeRefused) {
continue
}
if ctx.Err() != nil || err == nil { if ctx.Err() != nil || err == nil {
break break
} }

12
internal/pkg/dns/dns_test.go
View File

@ -64,12 +64,20 @@ func TestDNS(t *testing.T) {
expectedCode: dnssrv.RcodeNameError, expectedCode: dnssrv.RcodeNameError,
errCheck: check.NoError(), errCheck: check.NoError(),
}, },
{
// The first one will return SERVFAIL and the second will return REFUSED. We should try both.
name: `should return "refused"`,
hostname: "dnssec-failed.org",
nameservers: []string{"1.1.1.1", "ns-1098.awsdns-09.org."},
expectedCode: dnssrv.RcodeRefused,
errCheck: check.NoError(),
},
} }
for _, test := range tests { for _, test := range tests {
t.Run(test.name, func(t *testing.T) { t.Run(test.name, func(t *testing.T) {
stop := newServer(t, test.nameservers...) stop := newServer(t, test.nameservers...)
defer stop() t.Cleanup(stop)
time.Sleep(10 * time.Millisecond) time.Sleep(10 * time.Millisecond)
@ -81,8 +89,6 @@ func TestDNS(t *testing.T) {
} }
t.Logf("r: %s", r) t.Logf("r: %s", r)
stop()
}) })
} }
} }