Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow query DNS servers to be specified in provider block #242

Open
1 task done
longwave opened this issue Nov 10, 2022 · 2 comments
Open
1 task done

Allow query DNS servers to be specified in provider block #242

longwave opened this issue Nov 10, 2022 · 2 comments
Labels
enhancement

Comments

@longwave
Copy link

longwave commented Nov 10, 2022
edited
Loading

Terraform CLI and Provider Versions

Terraform v1.3.4
on linux_amd64

  • provider registry.terraform.io/hashicorp/aws v3.70.0
  • provider registry.terraform.io/hashicorp/dns v3.2.1

Use Cases or Problem Statement

I use the dns_a_record_set data source to look up an internal (RFC1918) IP address:

# Look up the internal IP address of Elasticsearch.
data "dns_a_record_set" "elasticsearch" {
  host = data.aws_elasticsearch_domain.search.endpoint
}

Even though it is not routable from the Internet the IP address is published as a public DNS record. However, some routers provide DNS rebinding protection, which means that their DNS server refuses to return RFC1918 IP addresses. terraform plan then fails:

│ Error: error looking up A records for "vpc-REDACTED.eu-west-1.es.amazonaws.com": lookup vpc-REDACTED.eu-west-1.es.amazonaws.com on 127.0.0.53:53: no such host
│ 
│   with data.dns_a_record_set.elasticsearch,
│   on main.tf line 44, in data "dns_a_record_set" "elasticsearch":
│   44: data "dns_a_record_set" "elasticsearch" {
│

The only workaround is to change the local DNS server to Cloudflare 1.1.1.1 or Google 8.8.8.8 or similar.

Proposal

Allow a query DNS server to be specified in the provider block:

provider "dns" {
  query {
    server = "1.1.1.1" # Cloudflare
  }
}

How much impact is this issue causing?

Medium

Additional Information

This was hinted at in #172 but I think this proposal is cleaner than allowing the DNS server to be specified in the data source itself.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@maxboone maxboone mentioned this issue Jan 3, 2024
Open
1 task
@maxboone
Copy link

maxboone commented Jan 3, 2024

@bflad (tagging because of comment on last non-dependabot PR) & @bookshelfdave due to triage label last year

I'd gladly pick this up and write a PR but I'm not sure if this is a feature / enhancement that would be accepted, considering there haven't been added features for a while now (judging from the PRs).

@DevopsMercenary
Copy link

This would be great. I just discovered this provider, and unfortunately the internal network DNS is blocking some DNS lookups and network operations doesn't want to open or mess with their DNS Config.

I can solve my issue using this provider if I could use Google or some other known external DNS provider.

provider "dns" {
  query {
    server = [ "8.8.8.8", "8.8.4.4" ]
  }
}

@02strich 02strich mentioned this issue Sep 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bookshelfdave @longwave @maxboone @hc-github-team-tf-provider-devex @DevopsMercenary