Consul 1.8.0 not recognising custom DNS domain

Consul
1

Hey folks,

I have a consul cluster and a number of agents running across my infrastructure.

The architecture is that the agents act as “local” DNS lookup servers for services registered for the cluster.

DNS lookups on each host are via DNSMasq configured to pass the query on to Consul at localhost:8600

In my configuration on the consul server and on the consul agent, I have the following:

 "datacenter": "proffalken",
 "domain": "proffalken",

however all my services and other DNS lookups are only served on the .consul. domain

I’ve read through the documentation repeatedly, and this definitely worked with 1.7, did I miss a flag somewhere?

TL;DR: I’ve set the domain and datacenter variables to proffalken, but a dig/ping against consul.service.proffalken fails, whereas the same command works for consul.service.consul

2

Did you configure the resursor to point to “external” dns?

3

No, because my value for the consul. domain should be proffalken. not .consul. unless I’ve misunderstood how this flag works?

Consul should be managing .proffalken. as the “internal TLD” for this cluster, all services should resolve to servicename.services.proffalken etc.

Consul shouldn’t be going anywhere else to resolve any of these domains, it should be resolving itself from within the cluster.

4

OK, I think I misunderstood the question.

5

No worries.

So the situation I have is as follows:

  1. I have a consul cluster with the domain configuration flag set to proffalken
  2. I have consul agent running on all hosts in my infrastructure talking back to the cluster
  3. The consul agent configuration is also configured to listen on 127.0.0.1:8600
  4. DNSMasq is configured to send all requests for the proffalken domain to 127.0.0.1:8600
  5. The hosts are all configured to use 127.0.0.1, 8.8.8.8, 8.8.4.4 as their resolvers in /etc/resolv.conf
  6. ping consul.service.proffalken fails (although the DNSMasq logs show that it correctly routed the request to 127.0.0.1:8600)
  7. ping consul.service.consul works
  8. dig @127.0.0.1 -p 8600 consul.service.proffalken. ANY fails
  9. dig @127.0.0.1 -p 8600 consul.service.consul. ANY works

I’m struggling to understand why Consul is still accepting and resolving requests for .consul. when it’s configured to use .proffalken. as it’s domain.

Hopefully that makes more sense?