RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-27 16:11:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
796d2fc136
haproxy/include/types
History
Andrew Hayworth e6a4a329b8 MEDIUM: dns: Don't use the ANY query type 
Basically, it's ill-defined and shouldn't really be used going forward.
We can't guarantee that resolvers will do the 'legwork' for us and
actually resolve CNAMES when we request the ANY query-type. Case in point
(obfuscated, clearly):

  PRODUCTION! ahayworth@secret-hostname.com:~$
  dig @10.11.12.53 ANY api.somestartup.io

  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.11.12.53 ANY api.somestartup.io
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62454
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

  ;; QUESTION SECTION:
  ;api.somestartup.io.                        IN      ANY

  ;; ANSWER SECTION:
  api.somestartup.io.         20      IN      CNAME api-somestartup-production.ap-southeast-2.elb.amazonaws.com.

  ;; AUTHORITY SECTION:
  somestartup.io.               166687  IN      NS      ns-1254.awsdns-28.org.
  somestartup.io.               166687  IN      NS      ns-1884.awsdns-43.co.uk.
  somestartup.io.               166687  IN      NS      ns-440.awsdns-55.com.
  somestartup.io.               166687  IN      NS      ns-577.awsdns-08.net.

  ;; Query time: 1 msec
  ;; SERVER: 10.11.12.53#53(10.11.12.53)
  ;; WHEN: Mon Oct 19 22:02:29 2015
  ;; MSG SIZE  rcvd: 242

HAProxy can't handle that response correctly.

Rather than try to build in support for resolving CNAMEs presented
without an A record in an answer section (which may be a valid
improvement further on), this change just skips ANY record types
altogether. A and AAAA are much more well-defined and predictable.

Notably, this commit preserves the implicit "Prefer IPV6 behavior."

Furthermore, ANY query type by default is a bad idea: (from Robin on
HAProxy's ML):
  Using ANY queries for this kind of stuff is considered by most people
  to be a bad practice since besides all the things you named it can
  lead to incomplete responses. Basically a resolver is allowed to just
  return whatever it has in cache when it receives an ANY query instead
  of actually doing an ANY query at the authoritative nameserver. Thus
  if it only received queries for an A record before you do an ANY query
  you will not get an AAAA record even if it is actually available since
  the resolver doesn't have it in its cache. Even worse if before it
  only got MX queries, you won't get either A or AAAA
2015-10-20 22:31:01 +02:00
..
acl.h
action.h MINOR: stream/applet: add use-service action 2015-09-28 01:03:48 +02:00
applet.h MINOR: lua: add AppletHTTP class and service 2015-09-28 01:03:48 +02:00
arg.h MEDIUM: logs: add a new RFC5424 log-format for the structured-data 2015-09-28 14:01:27 +02:00
auth.h
backend.h
capture.h
channel.h MEDIUM: stream: move HTTP request body analyser before process_common 2015-05-02 00:10:44 +02:00
checks.h MINOR: include comment in tcpcheck error log 2015-05-12 11:04:39 +02:00
compression.h BUILD: properly report when USE_ZLIB and USE_SLZ are used together 2015-10-13 16:47:16 +02:00
connection.h MAJOR: tproxy: remove support for cttproxy 2015-08-20 19:35:14 +02:00
counters.h
dns.h MEDIUM: dns: Don't use the ANY query type 2015-10-20 22:31:01 +02:00
fd.h
freq_ctr.h
global.h BUG/MEDIUM: logs: segfault writing to log from Lua 2015-10-02 00:57:45 +02:00
hdr_idx.h
hlua.h MEDIUM: lua: change the timeout execution 2015-09-29 19:13:49 +02:00
lb_chash.h
lb_fas.h
lb_fwlc.h
lb_fwrr.h
lb_map.h
listener.h MEDIUM: ssl: Add options to forge SSL certificates 2015-06-12 18:06:59 +02:00
log.h BUG/MEDIUM: logs: segfault writing to log from Lua 2015-10-02 00:57:45 +02:00
mailers.h
map.h
obj_type.h CLEANUP: applet: rename struct si_applet to applet 2015-04-23 17:56:16 +02:00
pattern.h MINOR: samples: rename some struct member from "smp" to "data" 2015-08-20 17:13:46 +02:00
peers.h CLEANUP: proxy: remove last references to appsession 2015-08-10 19:42:30 +02:00
pipe.h
port_range.h
proto_http.h CLEANUP: actions: missplaced includes 2015-09-10 21:17:04 +02:00
proto_udp.h MEDIUM: protocol: add minimalist UDP protocol client 2015-06-13 22:07:35 +02:00
protocol.h
proxy.h BUG/MEDIUM: logs: segfault writing to log from Lua 2015-10-02 00:57:45 +02:00
queue.h
sample.h BUG/MINOR: http: remove stupid HTTP_METH_NONE entry 2015-09-03 17:15:21 +02:00
server.h MEDIUM: server: implement TCP_USER_TIMEOUT on the server 2015-10-13 16:18:27 +02:00
session.h MEDIUM: vars: move the session variables to the session, not the stream 2015-06-19 11:59:02 +02:00
signal.h
ssl_sock.h MEDIUM: Add support for updating TLS ticket keys via socket 2015-05-16 11:28:04 +02:00
stick_table.h MEDIUM: stick-tables: Add GPT0 in the stick tables 2015-08-20 17:13:47 +02:00
stream_interface.h MINOR: stream-int: add two flags to indicate an applet's wishes regarding I/O 2015-04-23 17:56:17 +02:00
stream.h CLEANUP: vars: remove unused struct 2015-07-10 16:30:08 +02:00
task.h
template.h
vars.h MINOR: samples: rename a struct from sample_storage to sample_data 2015-08-20 17:13:46 +02:00