consul-dns

module

v0.0.0-...-68faada Latest Latest Go to latest Published: Feb 13, 2018 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ennetech/consul-dns

Links

Open Source Insights

README ¶

consul-dns

Authoritative DNS server that plug into consul

DNS shouldn't be hard, as a former sysadmin i like the convenience of RFC1035 zone files (eg.: the ones bind9 uses), so the base idea is use the standards that are already in place.

Go is the choosen language, principally for this fantastic dns libray

In addition, supporting RFC2136+RFC2845 make the the system pluggable to terraform or old school nsupdate

NOTE: I am still new to go and i need some time to figure some things out.

Usage

Install default policy for anonymous token on consul ACL (to allow dns queries)

node "" {
  policy = "read"
}

service "" {
  policy = "read"
}

Clone the repo in you gopath
Install dependencies

go get ./...

Build the binary

go build cmd/consul-dns/main.go

Run ./consul-dns -c config.json

Example config:

{
  "ConsulConfig": {
    "AuthToken": "anonymous",
    "HttpAddress": "http://127.0.0.1:8500",
    "DnsAddress": "127.0.0.1:8600"
  },
  "SystemConfig": {
    "DnsPort": "53",
    "HttpPort": "4367",
    "TsigKey": ""
  }
}

You can also use env variables.

Add your bind zone files under a "dns" folder in consul KV, remember to name the sub-keys in fqdn format (eg.: with the dot at the end)

Docker

docker run -p 53:53/tcp -p 53:53/udp \
            -p 4367:4367 \
            -e CONSUL_HTTP_TOKEN=anonymous \
            -e CONSUL_HTTP_ADDR=http://127.0.0.1:8500 \
            -e CONSUL_DNS_ADDR=127.0.0.1:8600 \
            -e CONSULDNS_DNS_PORT=53 \
            -e CONSULDNS_HTTP_PORT=4367 \
            -e CONSULDNS_TSIG_KEY="my-tsig-key" \
            ennetech/consul-dns

Modules description

QUERY (3 scenarios)

The tld is .consul

The request is proxied as-is to the DNS interface of consul
The request contains .node. or .service.

The request is masquerated as .consul TLD, sent to consul DNS interface and the responses are converted to original TLD
The requested zone (or a higher one) is present in the K/V The zone is parsed and if a matching record is found (or a wildcard) it's returned in the resposes (CNAME also resolves the associated A record to the google servers)

UPDATE

If the domain has a tsig keys, verify it
Update the zone accordingly

Feature list

Name	Status	Module
Query masquerading	alpha,untested	QUERY
RFC1035 zone parsing from consul K/V	alpha,untested	QUERY
RFC2136 zone update	alpha,untested	UPDATE
RFC2845 tsig verification	alpha,untested	UPDATE
DDNS like update	todo	REST
TSIG key generation	alpha,untested	REST
query caching	todo	--
zone formatter	todo	--
phrometeus metrics	todo	--

Visual rappresentation

consul-dns diagram

Directories ¶

Path	Synopsis
cmd
consul-dns
pkg
common
common/testing
config
dns
dns/operations
dns/request
http
logger
repositories
zone

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL