DNS request into local DC using peer.consul zone

Hi everybody!

I am using multiple Consul clusters with WAN Federation (mainly for SD feature) and now I have to disassemble my primary cluster soon. Since that means recreating whole Consul clusters from scratch (with regenerating and redistributing tokens), I am looking into Consul Peering feature.

I am currently using DNS records like svc1.dc1.domain.tld CNAME svc1.service.dc1.consul to allow myself to use trusty Let’s Encrypt certificates on target service. Key functionality here is that I can use this exact DNS query from dc1 or dc2 and result is always the same.

I don’t intent to use Consul Connect, just pure Service Discovery. Networks are directly routable between both datacenters.

However in Cluster peers infrastructure I cannot use same DNS query to reach the service from both clusters. In local DC (where service is located) I have to use svc1.service.consul and in the other DC I have to use svc1.service.dc1.peer.consul instead. Because DNS layer is shared between locations, I cannot create defined different DNS records for each one.

Consul clusters cannot peer with itself, but I would appreciate if there is some default “alias” with name of local datacenter in <peer>.peer.consul zone.

Am I missing something? Or just missusing the feature to something it’s not intended to do?

Any comment is appreciated!

Just in case anyone encounters same issue like me, I was able to workaround this by switching to Prepared Queries for all cross-cluster Service Discovery requests.

This is really inconvenient to do by hand so I wrote small script to automate creating queries in each cluster for given set of services. Queries to remote clusters leverages that prepared query can point directly to specific Peer.

The only downside it that I have to include cluster/peer name into query name, but it’s not a bit deal for me honestly.

1 Like