Last active
November 19, 2020 11:47
-
-
Save Slach/f9e40984168840d9c95da03988ab8283 to your computer and use it in GitHub Desktop.
clickhouse multiple PTR DNS response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
. { | |
hosts /etc/example.com { | |
reload "200ms" | |
fallthrough | |
} | |
forward . 127.0.0.11 | |
log | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3" | |
services: | |
clickhouse-server: | |
build: | |
context: . | |
dockerfile: Dockerfile | |
environment: | |
DEBIAN_FRONTEND: noninteractive | |
ports: | |
- 8123:8123 | |
volumes: | |
- ./host_regexp.xml:/etc/clickhouse-server/users.d/host_regexp.xml | |
- ./resolv.conf:/etc/resolv.conf | |
clickhouse-client: | |
build: | |
context: . | |
dockerfile: Dockerfile | |
environment: | |
DEBIAN_FRONTEND: noninteractive | |
entrypoint: /bin/bash -c "while true; do sleep 600; done" | |
coredns: | |
image: coredns/coredns:latest | |
volumes: | |
- ./example.com:/etc/example.com | |
- ./Corefile:/Corefile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM yandex/clickhouse-server:latest | |
RUN apt-get update -y && apt-get install -y bind9-dnsutils tcpdump curl psmisc less |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM yandex/clickhouse-client:latest | |
RUN apt-get update -y && apt-get install -y bind9-dnsutils tcpdump curl psmisc less |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
192.168.128.4 test3.example.com test2.example.com test1.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<yandex> | |
<users> | |
<test_dns> | |
<password/> | |
<networks> | |
<ip>127.0.0.1</ip> | |
<host_regexp>test1\.example\.com$</host_regexp> | |
</networks> | |
<profile>default</profile> | |
</test_dns> | |
</users> | |
</yandex> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -xe | |
docker-compose down | |
docker-compose up -d coredns | |
COREDNS_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps | grep coredns | cut -d " " -f 1 | head -n 1)) | |
echo "nameserver $COREDNS_IP" > resolv.conf | |
echo "options ndots:0" >> resolv.conf | |
docker-compose build | |
docker-compose up -d clickhouse-server | |
docker-compose up -d clickhouse-client | |
CLIENT_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps | grep clickhouse-client | cut -d " " -f 1 | head -n 1)) | |
docker-compose exec -d clickhouse-server bash -c "tcpdump -i any -w http_and_dns.pcap port 8123 or port 53" | |
echo "$CLIENT_IP test1.example.com" > example.com | |
sleep 1 | |
docker-compose exec clickhouse-server bash -c "host -t PTR $CLIENT_IP" | |
docker-compose exec clickhouse-server clickhouse-client -q "SYSTEM DROP DNS CACHE" | |
# expected SUCCESS | |
CLIENT_VERSION=$(docker-compose exec clickhouse-client bash -c "curl 'http://clickhouse-server:8123/?user=test_dns&query=SELECT+version()'" || true) | |
SERVER_VERSION=$(docker-compose exec clickhouse-server clickhouse-client -q "SELECT version()") | |
if [[ "$CLIENT_VERSION" != "$SERVER_VERSION" ]]; then | |
echo "FAIL EXPECT CLIENT_VERSION=$CLIENT_VERSION == SERVER_VERSION=$SERVER_VERSION" | |
exit 1 | |
fi | |
docker-compose exec clickhouse-server bash -c "killall tcpdump" | |
docker cp $(docker ps | grep clickhouse-server | head -n 1 | cut -d " " -f 1):/http_and_dns.pcap ./ | |
echo "$CLIENT_IP test3.example.com test2.example.com test1.example.com" > example.com | |
sleep 1 | |
docker-compose exec clickhouse-server bash -c "host -t PTR $CLIENT_IP" | |
docker-compose exec clickhouse-server clickhouse-client -q "SYSTEM DROP DNS CACHE" | |
# expect SUCCESS HERE, got authorization FAIL | |
CLIENT_VERSION=$(docker-compose exec clickhouse-client bash -c "curl 'http://clickhouse-server:8123/?user=test_dns&query=SELECT+version()'" || true) | |
SERVER_VERSION=$(docker-compose exec clickhouse-server clickhouse-client -q "SELECT version()") | |
if [[ "$CLIENT_VERSION" != "$SERVER_VERSION" ]]; then | |
echo "FAIL EXPECT CLIENT_VERSION=$CLIENT_VERSION == SERVER_VERSION=$SERVER_VERSION" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nameserver 192.168.128.2 | |
options ndots:0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment