Consul v1.14.4
There is HA cluster consisting of 3 servers and 5 clients.
I`ve set up the configuration file and acl policy to work with dns.
I’m trying to make some kind of request, but consul dns has a response section only on server nodes.
Сlient nodes do not have a answer section.
dns query within server nodes (203.16x):
ex.1
dig @127.0.0.1 -p 8600 consul.service.consul
; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 consul.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39433
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul. IN A
;; ANSWER SECTION:
consul.service.consul. 0 IN A 192.168.203.160
consul.service.consul. 0 IN A 192.168.203.162
consul.service.consul. 0 IN A 192.168.203.161
ex.2
dig @127.0.0.1 -p 8600 lb.service.consul
; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 lb.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24520
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lb.service.consul. IN A
;; ANSWER SECTION:
lb.service.consul. 0 IN A 192.168.203.142
lb.service.consul. 0 IN A 192.168.203.141
lb.service.consul. 0 IN A 192.168.203.140
dns query within client nodes (203.14x):
dig @127.0.0.1 -p 8600 lb.server.consul
; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -p 8600 lb.server.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5263
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lb.server.consul. IN A
;; AUTHORITY SECTION:
consul. 0 IN SOA ns.consul. hostmaster.consul. 1702410212 3600 600 86400 0
consul client configuration:
"server" = false
"datacenter" = "dc1"
"data_dir" = "/var/consul"
"log_level" = "INFO"
"enable_syslog" = true
"leave_on_terminate" = true
bind_addr = "192.168.203.140"
"start_join" = [
"192.168.203.160",
"192.168.203.161",
"192.168.203.162"
]
addresses = {
dns = "127.0.0.1"
https = "0.0.0.0"
grpc = "127.0.0.1"
http = "127.0.0.1"
}
ports = {
http = -1
https = 8501
grpc_tls = 8503
}
connect {
enabled = true
}
encrypt = "fmuytZwNllxMLQ9wdUhZOu02ZBcT9pA9/Zxm+dZKbU8="
tls {
defaults {
verify_incoming = false
verify_outgoing = false
ca_file = "/etc/consul_certs/consul-ca.pem"
cert_file = "/etc/consul_certs/client.pem"
key_file = "/etc/consul_certs/client-key.pem"
}
internal_rpc {
verify_server_hostname = true
}
}
auto_encrypt = {
tls = true
}
acl {
enabled = true
default_policy = "deny"
down_policy = "extend-cache"
tokens {
agent = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
default = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
}
}
consul server configuration:
"server" = true
"bootstrap_expect" = 3
"datacenter" = "dc1"
"data_dir" = "/var/consul"
"log_level" = "INFO"
"enable_syslog" = true
ui_config {
enabled = true
}
"rejoin_after_leave" = true
"leave_on_terminate" = true
"advertise_addr" = "192.168.203.160"
"bind_addr" = "0.0.0.0"
"client_addr" = "0.0.0.0"
"start_join" = [
"192.168.203.160",
"192.168.203.161",
"192.168.203.162"
]
addresses = {
https = "0.0.0.0"
}
ports {
http = -1
https = 8501
grpc_tls = 8503
}
connect {
enabled = true
}
encrypt = "fmuytZwNllxMLQ9wdUhZOu02ZBcT9pA9/Zxm+dZKbU8="
tls {
defaults {
verify_incoming = false
verify_outgoing = true
ca_file = "/etc/consul_certs/consul-ca.pem"
cert_file = "/etc/consul_certs/server.pem"
key_file = "/etc/consul_certs/server-key.pem"
}
internal_rpc {
verify_server_hostname = true
}
}
auto_encrypt {
allow_tls = true
}
acl = {
enabled = true
default_policy = "deny"
down_policy = "extend-cache"
tokens {
agent = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
default = "n19d6a7c-32f0-83f2-56f0-e5f2a58xz357"
}
}
maybe I made some mistakes in configs?