Dns interface on consul client

Consul v1.14.4

There is HA cluster consisting of 3 servers and 5 clients.

I`ve set up the configuration file and acl policy to work with dns.

I’m trying to make some kind of request, but consul dns has a response section only on server nodes.

Сlient nodes do not have a answer section.

dns query within server nodes (203.16x):
ex.1

dig @127.0.0.1 -p 8600 consul.service.consul

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 consul.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39433
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul.         IN      A

;; ANSWER SECTION:
consul.service.consul.  0       IN      A       192.168.203.160
consul.service.consul.  0       IN      A       192.168.203.162
consul.service.consul.  0       IN      A       192.168.203.161

ex.2

dig @127.0.0.1 -p 8600 lb.service.consul

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 lb.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24520
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lb.service.consul.             IN      A

;; ANSWER SECTION:
lb.service.consul.      0       IN      A       192.168.203.142
lb.service.consul.      0       IN      A       192.168.203.141
lb.service.consul.      0       IN      A       192.168.203.140

dns query within client nodes (203.14x):

dig @127.0.0.1 -p 8600 lb.server.consul

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 lb.server.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5263
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lb.server.consul.              IN      A

;; AUTHORITY SECTION:
consul.                 0       IN      SOA     ns.consul. hostmaster.consul. 1702410212 3600 600 86400 0

consul client configuration:

"server"             = false
"datacenter"         = "dc1"
"data_dir"           = "/var/consul"
"log_level"          = "INFO"
"enable_syslog"      = true
"leave_on_terminate" = true

bind_addr = "192.168.203.140"

"start_join" = [
  "192.168.203.160",
  "192.168.203.161",
  "192.168.203.162"
]

addresses = {
  dns   = "127.0.0.1"
  https = "0.0.0.0"
  grpc  = "127.0.0.1"
  http  = "127.0.0.1"
}

ports = {
  http     = -1
  https    = 8501
  grpc_tls = 8503
}

connect {
  enabled = true
}

encrypt = "fmuytZwNllxMLQ9wdUhZOu02ZBcT9pA9/Zxm+dZKbU8="

tls {
  defaults {
    verify_incoming        = false
    verify_outgoing        = false
    ca_file                = "/etc/consul_certs/consul-ca.pem"
    cert_file              = "/etc/consul_certs/client.pem"
    key_file               = "/etc/consul_certs/client-key.pem"
  }

  internal_rpc {
    verify_server_hostname = true
  }
}

auto_encrypt = {
  tls = true
}

acl {
  enabled        = true
  default_policy = "deny"
  down_policy    = "extend-cache"

tokens {
  agent   = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
  default = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
}

}

consul server configuration:

"server"             = true
"bootstrap_expect"   = 3
"datacenter"         = "dc1"
"data_dir"           = "/var/consul"
"log_level"          = "INFO"
"enable_syslog"      = true
ui_config {
  enabled = true
}
"rejoin_after_leave" = true
"leave_on_terminate" = true

"advertise_addr" = "192.168.203.160"
"bind_addr"      = "0.0.0.0"
"client_addr"    = "0.0.0.0"

"start_join" = [
  "192.168.203.160",
  "192.168.203.161",
  "192.168.203.162"
]

addresses = {
  https = "0.0.0.0"
}

ports {
  http      = -1
  https     = 8501
  grpc_tls  = 8503
}

connect {
  enabled = true
}

encrypt = "fmuytZwNllxMLQ9wdUhZOu02ZBcT9pA9/Zxm+dZKbU8="

tls {
  defaults {
    verify_incoming        = false
    verify_outgoing        = true
    ca_file                = "/etc/consul_certs/consul-ca.pem"
    cert_file              = "/etc/consul_certs/server.pem"
    key_file               = "/etc/consul_certs/server-key.pem"
  }

  internal_rpc {
    verify_server_hostname = true
  }
}

auto_encrypt {
  allow_tls = true
}

acl = {
  enabled                  = true
  default_policy           = "deny"
  down_policy              = "extend-cache"

tokens {
  agent   = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
  default = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
}

}

maybe I made some mistakes in configs?

Looks like you have a typo in your query for the client. I can see you are using lb.server.consul. Instead please use lb.service.consul and see it if works.

1 Like