FQDNs don't work with a trailing period on Cloud Run
ahmetb opened this issue · comments
local dig:
$ dig +search A hello.us-central1.run.internal
; <<>> DiG 9.14.12 <<>> +search A hello.us-central1.run.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9556
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hello.us-central1.run.internal. IN A
;; ANSWER SECTION:
hello.us-central1.run.internal. 10 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct 07 02:34:08 UTC 2020
;; MSG SIZE rcvd: 94
remote dig:
$ dig +search A hello.us-central1.run.internal
; <<>> DiG 9.16.6 <<>> +search A hello.us-central1.run.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27459
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;hello.us-central1.run.internal.google.internal. IN A
;; AUTHORITY SECTION:
internal. 30 IN SOA ns.global.gcedns-prod.internal. cloud-dns-hostmaster.google.com. 2015030600 7200 3600 24796800 5
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct 07 02:34:03 UTC 2020
;; MSG SIZE rcvd: 169
both have NDOTS configured to 4
local log:
I1007 02:34:08.533319 1 dns.go:50] [dns] type=A name=hello.us-central1.run.internal.us-central1.run.internal. dots=7
I1007 02:34:08.533364 1 dns.go:58] [dns] type=A name=hello.us-central1.run.internal.us-central1.run.internal. is too short or long (need ndots=4; got=7), nxdomain
I1007 02:34:08.533916 1 dns.go:50] [dns] type=A name=hello.us-central1.run.internal.run.internal. dots=6
I1007 02:34:08.533961 1 dns.go:58] [dns] type=A name=hello.us-central1.run.internal.run.internal. is too short or long (need ndots=4; got=6), nxdomain
I1007 02:34:08.534366 1 dns.go:50] [dns] type=A name=hello.us-central1.run.internal. dots=4
I1007 02:34:08.534407 1 dns.go:77] [dns] MATCH type=A name=hello.us-central1.run.internal.
remote log:
I1007 02:34:03.692093 1 dns.go:50] [dns] type=A name=hello.us-central1.run.internal.us-central1.run.internal. dots=7
I1007 02:34:03.692121 1 dns.go:58] [dns] type=A name=hello.us-central1.run.internal.us-central1.run.internal. is too short or long (need ndots=4; got=7), nxdomain
I1007 02:34:03.692628 1 dns.go:50] [dns] type=A name=hello.us-central1.run.internal.run.internal. dots=6
I1007 02:34:03.692650 1 dns.go:58] [dns] type=A name=hello.us-central1.run.internal.run.internal. is too short or long (need ndots=4; got=6), nxdomain
I1007 02:34:03.692950 1 dns.go:108] [dns] recursing type=A name=hello.us-central1.run.internal.google.internal.
I1007 02:34:03.696508 1 dns.go:118] [dns] recursed type=A name=hello.us-central1.run.internal.google.internal. resp_code=0
for some reason, while remote it skips trying the 4-dot version.
local resolv conf:
nameserver 127.0.0.1
nameserver ::1
search us-central1.run.internal run.internal
options ndots:4
remote resolv.conf:
nameserver 127.0.0.1
nameserver ::1
search us-central1.run.internal run.internal google.internal.
options ndots:4
(the only difference is google.internal. domain being added).
This was the case also before removing trailing periods from search domains.