Customizable DNS resolver settings

kong.yml

@@ -29,8 +29,12 @@ proxy_port: 8000
 proxy_ssl_port: 8443
 admin_api_port: 8001
 
-## Secondary port configuration
-dnsmasq_port: 8053
+## DNS resolver configuration
+dns_resolver:
+  #address: "8.8.8.8:53"
+  dnsmasq:
+    enabled: true
+    port: 8053
 
 ## Specify the DAO to use
 database: cassandra

kong/cli/utils/dnsmasq.lua

@@ -13,7 +13,7 @@ function _M.stop(kong_config)
   end
 end
 
-function _M.start(kong_config)
+function _M.start(nginx_working_dir, dnsmasq_port)
   local cmd = IO.cmd_exists("dnsmasq") and "dnsmasq"
 
   if not cmd then -- Load dnsmasq given the PATH settings
@@ -32,8 +32,8 @@ function _M.start(kong_config)
   end
 
   -- Start the dnsmasq daemon
-  local file_pid = kong_config.nginx_working_dir..(stringy.endswith(kong_config.nginx_working_dir, "/") and "" or "/")..constants.CLI.DNSMASQ_PID
-  local res, code = IO.os_execute(cmd.." -p "..kong_config.dnsmasq_port.." --pid-file="..file_pid.." -N -o")
+  local file_pid = nginx_working_dir..(stringy.endswith(nginx_working_dir, "/") and "" or "/")..constants.CLI.DNSMASQ_PID
+  local res, code = IO.os_execute(cmd.." -p "..dnsmasq_port.." --pid-file="..file_pid.." -N -o")
   if code ~= 0 then
     cutils.logger:error_exit(res)
   else

kong/cli/utils/signal.lua

@@ -110,13 +110,27 @@ local function prepare_nginx_working_dir(args_config)
   local ssl_cert_path, ssl_key_path = ssl.get_ssl_cert_and_key(kong_config)
   local trusted_ssl_cert_path = kong_config.databases_available[kong_config.database].properties.ssl_certificate -- DAO ssl cert
 
+  -- Check dns_resolver
+  local dns_resolver
+  if kong_config.dns_resolver.address and kong_config.dns_resolver.dnsmasq.enabled then
+    cutils.logger:error_exit("Invalid \"dns_resolver\" setting: you cannot set both an address and enable dnsmasq")
+  elseif not kong_config.dns_resolver.address and not kong_config.dns_resolver.dnsmasq.enabled then
+    cutils.logger:error_exit("Invalid \"dns_resolver\" setting: you must set at least an address or enable dnsmasq")
+  elseif kong_config.dns_resolver.address then
+    dns_resolver = kong_config.dns_resolver.address
+  else
+    dns_resolver = "127.0.0.1:"..kong_config.dns_resolver.dnsmasq.port
+  end
+
+  cutils.logger:info("DNS resolver set to: "..dns_resolver)
+
   -- Extract nginx config from kong config, replace any needed value
   local nginx_config = kong_config.nginx
   local nginx_inject = {
     proxy_port = kong_config.proxy_port,
     proxy_ssl_port = kong_config.proxy_ssl_port,
     admin_api_port = kong_config.admin_api_port,
-    dns_resolver = "127.0.0.1:"..kong_config.dnsmasq_port,
+    dns_resolver = dns_resolver,
     memory_cache_size = kong_config.memory_cache_size,
     ssl_cert = ssl_cert_path,
     ssl_key = ssl_key_path,
@@ -222,7 +236,7 @@ function _M.prepare_kong(args_config, signal)
   kong_config.proxy_port,
   kong_config.proxy_ssl_port,
   kong_config.admin_api_port,
-  kong_config.dnsmasq_port,
+  kong_config.dns_resolver.dnsmasq.enabled and kong_config.dns_resolver.dnsmasq.port or "DISABLED",
   kong_config.database,
   tostring(dao_config)))
 
@@ -272,8 +286,11 @@ function _M.send_signal(args_config, signal)
   -- dnsmasq start/stop
   if signal == START then
     dnsmasq.stop(kong_config)
-    check_port(kong_config.dnsmasq_port)
-    dnsmasq.start(kong_config)
+    if kong_config.dns_resolver.dnsmasq.enabled then
+      local dnsmasq_port = kong_config.dns_resolver.dnsmasq.port
+      check_port(dnsmasq_port)
+      dnsmasq.start(kong_config.nginx_working_dir, dnsmasq_port)
+    end
   elseif signal == STOP or signal == QUIT then
     dnsmasq.stop(kong_config)
   end

spec/integration/cli/start_spec.lua

@@ -14,9 +14,7 @@ end
 
 describe("CLI", function()
 
-  describe("Startup plugins check", function()
-
-    setup(function()
+  setup(function()
       os.execute("cp "..TEST_CONF.." "..SERVER_CONF)
       spec_helper.add_env(SERVER_CONF)
       spec_helper.prepare_db(SERVER_CONF)
@@ -31,6 +29,46 @@ describe("CLI", function()
       pcall(spec_helper.stop_kong, SERVER_CONF)
     end)
 
+  describe("dnsmasq check", function()
+
+    it("should start dnsmasq with the default settings", function()
+      local _, exit_code = spec_helper.start_kong(SERVER_CONF, true)
+      assert.are.same(0, exit_code)
+    end)
+
+    it("should not start with both dnsmasq and an address set", function()
+      replace_conf_property("dns_resolver", {
+        address = "8.8.8.8:53",
+        dnsmasq = {
+          enabled = true,
+          port = 8053
+        }
+      })
+
+      assert.error_matches(function()
+        spec_helper.start_kong(SERVER_CONF, true)
+      end, "Invalid \"dns_resolver\" setting: you cannot set both an address and enable dnsmasq", nil, true)
+    end)
+
+    it("should not start with none of dnsmasq and an address set", function()
+      replace_conf_property("dns_resolver", { dnsmasq = {}})
+
+      assert.error_matches(function()
+        spec_helper.start_kong(SERVER_CONF, true)
+      end, "Invalid \"dns_resolver\" setting: you must set at least an address or enable dnsmasq", nil, true)
+    end)
+
+    it("should start dnsmasq with a custom address", function()
+      replace_conf_property("dns_resolver", { address = "8.8.8.8:53", dnsmasq = { enabled = false, port = 8053}})
+
+      local _, exit_code = spec_helper.start_kong(SERVER_CONF, true)
+      assert.are.same(0, exit_code)
+    end)
+
+  end)
+
+  describe("Startup plugins check", function()
+
     it("should start with the default configuration", function()
       assert.has_no.errors(function()
         spec_helper.start_kong(TEST_CONF, true)

spec/unit/statics_spec.lua

@@ -71,8 +71,12 @@ proxy_port: 8000
 proxy_ssl_port: 8443
 admin_api_port: 8001
 
-## Secondary port configuration
-dnsmasq_port: 8053
+## DNS resolver configuration
+dns_resolver:
+  #address: "8.8.8.8:53"
+  dnsmasq:
+    enabled: true
+    port: 8053
 
 ## Specify the DAO to use
 database: cassandra