client.dns.lookup property options for client
If you are using DNS aliases, you need to configure the right value for the
client.dns.lookup
property for your setup.
The client.dns.lookup
property is needed when DNS aliases are used. There
can be problems with any security protocol if the client.dns.lookup
property
is not set properly.
The client.dns.lookup
property can take the following values:
client.dns.lookup=default
In this case, the client connects to the first broker it gets from the DNS response, even if that broker is down. If you only provided a single DNS alias as bootstrap server for the client, the client might be blocked because the mentioned hostname is resolved for multiple brokers where the first broker (to which the client connected) is actually stopped.
client.dns.lookup=use_all_dns_ips
This setup takes care of retrying all the possible IP addresses behind a hostname if the first does not succeed. This setup is also good when brokers have multiple IP addresses and it is possible that those addresses change (especially in Kubernetes environments). This configuration does not handle the case when the hostname used by the client is not a real FQDN for a host. To avoid man-in-the-middle attacks, the client gets SSL handshake exceptions when using SSL and SASL authentication exceptions when using SASL. Since Kafka version 2.6, this is the default.
client.dns.lookup=resolve_canonical_bootstrap_servers_only
This setup ensures a behavior similar touse_all_dns_ips
, but it also handles the SSL and SASL problem. With this configuration, the client resolves the DNS alias into a list of brokers it maps to and after the bootstrap phase, this behaves the same asuse_all_dns_ips
.