[SERVER-34563] Connect via SRV record fails if the returned record resides in subdomain Created: 19/Apr/18  Updated: 29/Oct/23  Resolved: 26/Jun/18

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 3.6.3
Fix Version/s: 3.6.6, 4.0.1, 4.1.1

Type: Bug Priority: Major - P3
Reporter: Alexey Eremenko Assignee: ADAM Martin (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Debian GNU/Linux buster/sid
GKE k8s 1.9.4
non-privileged


Attachments: JPEG File bug.jpg    
Issue Links:
Backports
Problem/Incident
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6
Sprint: Platforms 2018-06-18, Platforms 2018-07-02
Participants:
Linked BF Score: 67

 Description   

Kubernetes supports DNS SRV (service) records for named ports
For each named port the record in following format is created:* _portname._protocol.service.namespace.svc.cluster.local*
There is service:mongodb in namespace:default with protocol:tcp and portname:mongodb
The service endpoint is statefulset:mongodb with instances mongodb-[0...9]
For each of the instances the following resource record is created
_mongodb._tcp.mongodb.default.svc.cluster.local service = 10 100 27017 mongodb-N.mongodb.default.svc.cluster.local. <-- A record that resolves to the IP of the instance itself.

As we can see the host resides in the service subdomain and the software throws an error.
Besides that it doesnt allow to connect to top-level domain resources requiring the address url must have at least 3 hostname components separated by dots ('.')



 Comments   
Comment by Githook User [ 28/Jun/18 ]

Author:

{'username': 'adamlsd', 'name': 'ADAM David Alan Martin', 'email': 'adam.martin@10gen.com'}

Message: SERVER-34563 Handle DNS names correctly in SRV record processing.

The current implementation of DNS name processing uses raw string
processing. This change alters the mechanism to use a proper DNS
name type which parses the hostname for proper processing.

(cherry picked from commit 181c43bd006666b07441bb3be61b7324ef7dcc80)
Branch: v4.0
https://github.com/mongodb/mongo/commit/82d2f1930f0a805f37810d375182902aaa5ed938

Comment by Githook User [ 26/Jun/18 ]

Author:

{'username': 'adamlsd', 'name': 'ADAM David Alan Martin', 'email': 'adam.martin@10gen.com'}

Message: SERVER-34563 Handle DNS names correctly in SRV record processing.

The current implementation of DNS name processing uses raw string
processing. This change alters the mechanism to use a proper DNS
name type which parses the hostname for proper processing.

(cherry picked from commit 181c43bd006666b07441bb3be61b7324ef7dcc80)
Branch: v3.6
https://github.com/mongodb/mongo/commit/d86d95cb7335b60114cb22312f8c133eb8031d5b

Comment by Githook User [ 26/Jun/18 ]

Author:

{'username': 'adamlsd', 'name': 'ADAM David Alan Martin', 'email': 'adam.martin@10gen.com'}

Message: SERVER-34563 Handle DNS names correctly in SRV record processing.

The current implementation of DNS name processing uses raw string
processing. This change alters the mechanism to use a proper DNS
name type which parses the hostname for proper processing.
Branch: master
https://github.com/mongodb/mongo/commit/181c43bd006666b07441bb3be61b7324ef7dcc80

Comment by David Golden [ 26/Apr/18 ]

There is a driver spec test case to address a related case: https://github.com/mongodb/specifications/blob/master/source/initial-dns-seedlist-discovery/tests/longer-parent-in-return.json

Given mongodb+srv name test18.test.build.10gen.cc, an SRV resource record referencing localhost.sub.test.build.10gen.cc is allowed.

If localhost.sub.test.build.10gen.cc is allowed because it shares the parent "test.build.10gen.cc", then it should also be allowed for there to be hostA.test18.test.build.10gen.cc, which is equivalent to the k8s case described.

Generated at Thu Feb 08 04:37:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.