Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-2388

Adminrouter DNS entry TTL override of 5 seconds OSS

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: DC/OS 1.9.0
    • Fix Version/s: DC/OS 1.9.8, RI-1
    • Component/s: adminrouter
    • Labels:
      None
    • Sprint:
      Security Team Sprint 28, Security Team Sprint 29, Security Team Sprint 30
    • Story Points:
      3

      Description

      The nginx resolver (used for updating Adminrouter's Mesos state cache) TTL for DNS entries is overwritten with 5 seconds in dcos/dcos testing/master.
      https://github.com/dcos/dcos/blob/97eed2bd2707c0d3fea1cddf5fa025cd9f46a37d/packages/adminrouter/extra/src/includes/http/master.conf#L21

      In Enterprise DC/OS 1.9 it is overwritten with 60 seconds, which corresponds to the TTL in the DNS entry itself, which is set to 60 seconds for MesosDNS entries by the DC/OS config.
      https://github.com/dcos/dcos/blob/1.9/packages/adminrouter/extra/src/nginx.master.conf#L7
      https://github.com/dcos/dcos/blob/1.9/packages/adminrouter/extra/src/nginx.agent.conf#L5

      This leads to a possible Mesos state cache refresh upper bound of > 60 seconds.

      This should be backported to overwrite the TTL with 5 seconds so that the upper bound becomes 30 seconds across all DC/OS versions.

        Attachments

          Activity

            People

            • Assignee:
              timweidner Tim Weidner
              Reporter:
              timweidner Tim Weidner
              Team:
              Security Team
              Watchers:
              Jan-Philip Gehrcke, Pawel Rozlach, Tim Weidner
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: