Consul internal DNS does not work

Hey,

I have an issue with internal Consul DNS, even a service is registered and all health checks pass, Consul internal DNS are not set…

$ dig @127.0.0.1 app.service.consul. -p 8600 ANY

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.4 <<>> @127.0.0.1 app.service.consul. -p 8600 ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7627
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;app.service.consul.            IN      ANY

;; AUTHORITY SECTION:
consul.                 0       IN      SOA     ns.consul. hostmaster.consul. 1594204518 3600 600 86400 0

;; Query time: 1 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: wed jul 08 10:35:18 UTC 2020
;; MSG SIZE  rcvd: 97
  • app is the service name, it’s also present as a tag
  • I run dig command on the client (where the service is running)
  • dig returns the same output on masters

any thoughts?

UPDATE: ok, it works now. I forgot to mention that I enabled ACL with default policy set to deny.

More or less anonymous token needs an access for some stuff on consul’s end.

resource "consul_acl_policy" "service_consul_read" {
  name  = "service-consul-read"
  rules = <<-RULE
    service "consul" {
      policy = "read"
    }
  RULE
}
resource "consul_acl_policy" "list_all_nodes" {
  name  = "list-all-nodes"
  rules = <<-RULE
    node_prefix "" {
      policy = "read"
    }
  RULE
}

resource "consul_acl_token_policy_attachment" "service_consul_read" {
  token_id = "00000000-0000-0000-0000-000000000002"
  policy   = consul_acl_policy.service_consul_read.name
}

resource "consul_acl_token_policy_attachment" "list_all_nodes" {
  token_id = "00000000-0000-0000-0000-000000000002"
  policy   = consul_acl_policy.list_all_nodes.name
}
2 Likes