Consul client using DNS default token instead of anonymous one

0xalex88 · November 29, 2022, 12:58am

Hi everyone,

I’ve followed this guide Deploy Consul server | Consul | HashiCorp Developer and I’ve created the dns default token.

Now I’m trying to configure a new client+envoy container and without any token set to it I get

Error registering service ... token with AccessorID 'xxxx-xxxx-xxxx-xxxx-xxxx'

that accessor ID is the DNS default token created above, why a client without any credential set it’s using that token?
Is it because that’s the default acl token set in the server default with consul acl set-agent-token default that’s shown in the guide?

Thanks!

maxb · November 29, 2022, 6:41am

Yes.

There’s no such thing as the “DNS default token” - just the “default token”.

default - When provided, this agent will use this token by default when making requests to the Consul servers instead of the anonymous token. Consul HTTP API requests can provide an alternate token in their authorization header to override the default or anonymous token on a per-request basis, as described in HTTP API Authentication.