hashicorp
Pass unmatched queries on configured domain to recursive server.
Description
I'm using a real TLD as my configured domain, but the DNS server intercepts all requests.
This allows names which don't match those registered by consul to be handled by the recursive server.
Caveat is that it could leak internal domain names if they are not in the pool and the upstream server is untrusted. Possible to add a configuration flag to enable/disable this feature if desired.
Testing & Reproduction steps
- Configure consul with a real domain name.
- Make a request to a real record on the recursive server at that domain.
PR Checklist
- [ ] updated test coverage
- [ ] external facing docs updated
- [ ] appropriate backport labels added
- [ ] not a security concern
![hashicorp-cla-app[bot] avatar](https://avatars.githubusercontent.com/in/865473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement
Learn more about why HashiCorp requires a CLA and what the CLA includes
Have you signed the CLA already but the status is still pending? Recheck it.
This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closing due to inactivity. If you feel this was a mistake or you wish to re-open at any time in the future, please leave a comment and it will be re-surfaced for the maintainers to review.