k8s/autopath: Add CNAMES (#771)

* Add unit tests & cnames * more progress * fix * next mw dependent unit tests * add tests for OnNXDOMAIN * Add AAAA and ndots unit tests; fix request.NewWithQuestion * Correct default value in README * add CNAMEs to readme * review * fix autopath examples * fix and test CNAME response order
2025-12-22 01:55:13 -05:00 · 2017-07-11 18:05:32 -04:00
parent 0049230a93
commit 8495e48297
7 changed files with 586 additions and 28 deletions
--- a/middleware/kubernetes/README.md
+++ b/middleware/kubernetes/README.md
@@ -156,7 +156,7 @@ specified).

  If no domains in the path produce an answer, a lookup on the bare question will be attempted.	

-  A successful response will contain a question section with the original question, and an answer section containing the record for the question that actually had an answer.  This means that the question and answer will not match. For example:
+  A successful response will contain a question section with the original question, and an answer section containing the record for the question that actually had an answer.  This means that the question and answer will not match. To avoid potential client confusion, a dynamically generated CNAME entry is added to join the two. For example:

  ```
    # host -v -t a google.com
@@ -168,6 +168,7 @@ specified).
    ;google.com.default.svc.cluster.local. IN A

    ;; ANSWER SECTION:
+    google.com.default.svc.cluster.local. 175 IN CNAME google.com.
    google.com.		175	IN	A	216.58.194.206
  ```

@@ -178,14 +179,16 @@ specified).
  ```
 	# host -t a google.com
 	google.com has address 216.58.194.206
+	google.com.default.svc.cluster.local is an alias for google.com.
 	
 	# host -t a google.com.default.svc.cluster.local.
 	google.com has address 216.58.194.206
+	google.com.default.svc.cluster.local is an alias for google.com.
  ```
 
  **NDOTS** (default: `0`) This provides an adjustable threshold to prevent server side lookups from triggering. If the number of dots before the first search domain is less than this number, then the search path will not executed on the server side.  When autopath is enabled with default settings, the search path is always conducted when the query is in the first search domain `<pod-namespace>.svc.<zone>.`.
 	
-  **RESPONSE** (default: `SERVFAIL`) This option causes the kubernetes middleware to return the given response instead of NXDOMAIN when the all searches in the path produce no results. Valid values: `NXDOMAIN`, `SERVFAIL` or `NOERROR`. Setting this to `SERVFAIL` or `NOERROR` should prevent the client from fruitlessly continuing the client side searches in the path after the server already checked them.
+  **RESPONSE** (default: `NOERROR`) This option causes the kubernetes middleware to return the given response instead of NXDOMAIN when the all searches in the path produce no results. Valid values: `NXDOMAIN`, `SERVFAIL` or `NOERROR`. Setting this to `SERVFAIL` or `NOERROR` should prevent the client from fruitlessly continuing the client side searches in the path after the server already checked them.

  **RESOLV-CONF** (default: `/etc/resolv.conf`) If specified, the kubernetes middleware uses this file to get the host's search domains. The kubernetes middleware performs a lookup on these domains if the in-cluster search domains in the path fail to produce an answer. If not specified, the values will be read from the local resolv.conf file (i.e the resolv.conf file in the pod containing CoreDNS).  In practice, this option should only need to be used if running CoreDNS outside of the cluster and the search path in /etc/resolv.conf does not match the cluster's "default" dns-policiy.

@@ -245,7 +248,7 @@ specified).
 		cidrs 10.0.0.0/24
 		pods verified
 		upstream 10.102.3.10:53
-		autopath 0 SERVFAIL cluster.conf
+		autopath 0 NOERROR cluster.conf
 	}