Consul client using DNS default token instead of anonymous one

0xalex88 · November 29, 2022, 12:58am

Hi everyone,

I’ve followed this guide Deploy Consul server | Consul | HashiCorp Developer and I’ve created the dns default token.

Now I’m trying to configure a new client+envoy container and without any token set to it I get

Error registering service ... token with AccessorID 'xxxx-xxxx-xxxx-xxxx-xxxx'

that accessor ID is the DNS default token created above, why a client without any credential set it’s using that token?
Is it because that’s the default acl token set in the server default with consul acl set-agent-token default that’s shown in the guide?

Thanks!

maxb · November 29, 2022, 6:41am

Yes.

There’s no such thing as the “DNS default token” - just the “default token”.

default - When provided, this agent will use this token by default when making requests to the Consul servers instead of the anonymous token. Consul HTTP API requests can provide an alternate token in their authorization header to override the default or anonymous token on a per-request basis, as described in HTTP API Authentication.

Topic		Replies	Views
DNS resolution issue after enabling Consul ACL Consul dns , acl	7	1071	May 28, 2021
Question about ACL Consul	2	2313	January 20, 2020
ACL policy for DNS and UI Consul	1	419	September 22, 2020
Default ACLs and Consul Address security Consul	1	437	December 6, 2021
Consul ACL - Policies Consul acl	2	257	March 18, 2024

Consul client using DNS default token instead of anonymous one

Related topics