Open tcdent opened 4 days ago
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement
Learn more about why HashiCorp requires a CLA and what the CLA includes
Have you signed the CLA already but the status is still pending? Recheck it.
Description
I'm using a real TLD as my configured
domain
, but the DNS server intercepts all requests.This allows names which don't match those registered by consul to be handled by the recursive server.
Caveat is that it could leak internal domain names if they are not in the pool and the upstream server is untrusted. Possible to add a configuration flag to enable/disable this feature if desired.
Testing & Reproduction steps
PR Checklist