I have been working on registering new services in Consul for the purpose of DNS lookup in our existing consul cluster, but I am having some issues. I am able to query for nodes and I get a valid response, but querying for registered services does not return an A record. I decided to create a new temporary three server node cluster for testing and I have a fourth node that is a client. All nodes show up as healthy. If I connect to one of the server nodes in the new cluster and run ‘dig @127.0.0.1 -p 8600 v1-qa04.node.us-east-1-qa.consul’ I get a reply, but no answer section.
I have also registered a service that also shows up with a healthy node check (no service check defined) but I also fail to get a valid response to my DNS query for testservice.service.us-east-1-qa.consul. One thing I should note is that all of the nodes in the new test cluster are using the same master token to hopefully eliminate any ACL issues.
I’m not sure what to look for or try next here. Any ideas would be appreciated.
One thing I should note is that all of the nodes in the new test cluster are using the same master token to hopefully eliminate any ACL issues.
I’m not sure what to look for or try next here. Any ideas would be appreciated.
Are you setting this as the default token on each of the agents? This token will be used for requests against the DNS interface, or when a token is not provided in an HTTP request.
If default is not defined, then the anonymous token will be used when querying servers. You can alternatively check whether that token has the correct permissions to lookup nodes and services within the environment.
Here’s an example of how you can verify those permissions.