Hi, On Thu, Dec 20, 2018 at 16:58, Jerome Magnin wrote: > this is indeed a regression in haproxy. thanks for reporting it. > attached patch should fix it. > CC'ing Remi as the original author, and Baptiste, as DNS maintainer.
Thank you for the lightning-fast response! I can confirm that this patch indeed solves the issue in my test setup. Best, Leo Am Do., 20. Dez. 2018 um 16:58 Uhr schrieb Jerome Magnin <jmag...@haproxy.com>: > > Hi, > > On Thu, Dec 20, 2018 at 03:42:40PM +0100, Leonhard Wimmer wrote: > > Hello, > > > > We are running HAProxy in our Docker (18.09.0) swarm and we are relying on > > the Docker embedded DNS server for service discovery. > > > > The backend servers are configured to resolve the IP addresses via a > > "resolvers" config entry pointing to the Docker embedded DNS running on > > "127.0.0.11". > > > > Up to HAProxy 1.8.14 this worked like charm, but it stopped working with > > version 1.8.15. Also the newly released version 1.9.0 is affected by this > > problem. > > > > I've looked through the changes between 1.8.14 and 1.8.15 and I could narrow > > it down to commit 2e53fe8: > > "BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()". > > If I revert this commit on haproxy-1.8 it works perfectly, just as before. > > > > DNS resolution does not seem to be generally broken though. If I use a > > regular > > (non-docker-internal) hostname, it can be resolved normally, even using the > > Docker embedded DNS server. > > > > I'm not yet sure if it is the Docker DNS server returning an invalid result > > or HAProxy having a problem with the validation. > > > > I'm happy to help with debugging. I can provide packet captures of the DNS > > resolution and a sample config to reproduce the problem if you are > > interested. > > > > this is indeed a regression in haproxy. thanks for reporting it. > attached patch should fix it. > CC'ing Remi as the original author, and Baptiste, as DNS maintainer. > > Jérôme -- Leonhard Wimmer Senior DevOps Engineer ecosio GmbH Lange Gasse 30, 1080 Vienna, Austria/Europe Mail: leonhard.wim...@ecosio.com T: +43 1 996 2106-0, F: +43 1 996 2106-99 UID: ATU68241501, FBNR: FN 405017 p, Handelsgericht Wien Geschäftsführer: Christoph Ebm, Philipp Liegl, Marco Zapletal Web: https://ecosio.com, Blog: https://ecosio.com/blog, Newsletter