← Back to team overview

cloud-init-dev team mailing list archive

[Merge] ~rmccabe/cloud-init:dns_redirect_detect into cloud-init:master


Ryan McCabe has proposed merging ~rmccabe/cloud-init:dns_redirect_detect into cloud-init:master.

Requested reviews:
  cloud-init commiters (cloud-init-dev)

For more details, see:

Add an option to disable DNS redirection detection.

Add a config option, disable_dns_redirection_detection, that can be used to disable the code that attempts to determine if DNS requests are being redirected. The DNS redirection detection can cause long delays at boot when no DNS servers are available. It also causes issues with some intrusion detection systems.

I wasn't sure the best place to stick this new config value. This seemed like the least intrusive way to do it. If there's another way you'd like to see this done, please let me know.
Your team cloud-init commiters is requested to review the proposed merge of ~rmccabe/cloud-init:dns_redirect_detect into cloud-init:master.
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index a1c4a51..67ffeae 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -141,8 +141,14 @@ class Init(object):
         return len(rm_list)
     def initialize(self):
+        self._initialize_global_options()
+    def _initialize_global_options(self):
+        dns_detect = self.cfg.get('disable_dns_redirection_detection')
+        if util.translate_bool(dns_detect):
+            util.disable_dns_redirection_detection()
     def _initialize_filesystem(self):
         log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
diff --git a/cloudinit/util.py b/cloudinit/util.py
index ce2c603..de34210 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1119,6 +1119,12 @@ def get_fqdn_from_hosts(hostname, filename="/etc/hosts"):
     return fqdn
+def disable_dns_redirection_detection():
+    global _DNS_REDIRECT_IP
+    _DNS_REDIRECT_IP = set()
+    LOG.debug("disabled DNS redirection detection")
 def is_resolvable(name):
     """determine if a url is resolvable, return a boolean
     This also attempts to be resilent against dns redirection.
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index bd84c64..bc643e3 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -403,6 +403,11 @@ timezone: US/Eastern
 def_log_file: /var/log/my-logging-file.log
 syslog_fix_perms: syslog:root
+# disable_dns_redirection_detection: disable the code that attempts
+# to determine if DNS redirection is in use.
+# default: false
+disable_dns_redirection_detection: false
 # you can set passwords for a user or multiple users
 # this is off by default.
 # to set the default user's password, use the 'password' option.

Follow ups