Caddy version: `v2.2.1`
The feature introduced in https://github.com/caddyser…ver/caddy/pull/3479 is not using the specified `addresses` for upstream DNS resolution.
Here are is an error log that is occurring every minute in my setup:
```json
{"level":"error","ts":1602812552.1035602,"logger":"http.log.error.log0","msg":"making dial info: lookup app.service.consul on 169.254.169.253:53: dial udp 169.254.169.253:53: operation was canceled","request":{"remote_addr":"24.88.156.180:4608","proto":"HTTP/2.0","method":"OPTIONS","host":"my.app.site","uri":"/registry/user/ribbon","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"],"Accept":["*/*"],"Access-Control-Request-Method":["GET"],"Access-Control-Request-Headers":["authorization,x-client-app"],"Referer":["https://app2.site/computers/29a8240d-6fd2-4464-a187-3227276b398f"],"Origin":["https://app2.site"],"Dnt":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"my.app.site"}},"duration":0.000193545,"status":502,"err_id":"3jv1hi6bp","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:388)"}
```
The `169.254.169.253` IP is only present in my /etc/resolv.conf and should never be used after I have specified the `resolvers` in the `transport` config.
My config:
```json
{
"admin": {
"disabled": true
},
"apps": {
"http": {
"http_port": 80,
"servers": {
"srv0": {
"automatic_https": {
"disable": true,
"disable_redirects": true
},
"listen": [
":80"
],
"logs": {
"default_logger_name": "log0"
},
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"group": "app",
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"resolver": {
"addresses": [
"tcp/127.0.0.1:53"
]
}
},
"upstreams": [
{
"lookup_srv": "app.service.consul"
}
]
}
],
"match": [
{
"path": [
"/registry/investigation*"
]
}
]
},
{
"group": "app",
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"resolver": {
"addresses": [
"tcp/127.0.0.1:53"
]
}
},
"upstreams": [
{
"lookup_srv": "app2.service.consul"
}
]
}
],
"match": [
{
"path": [
"/registry*"
]
}
]
}
]
}
],
"match": [
{
"host": [
"my.app.site"
]
}
],
"terminal": true
}
]
}
}
}
}
}
```
The `dial` call fails to `169.254.169.253` because that DNS will fail to resolve any `.service.consul` query.
> Note: There's no way I can disable the error logs to leak sensitive information being sent via HTTP Headers, since Caddy is logging the full context of the call because of the DNS query failure. Also there's no way to filter these.