@@ -51,8 +51,8 @@ function exectest() {

   echo "Running $1..."

   result=1

-  if [ ! -z "${VERBOSE-}" ]; then

-    out=$("${testexec}" -test.v=true -v ${VERBOSE-} -test.run="^$1$" "${@:2}" 2>&1)

+  if [ -n "${VERBOSE-}" ]; then

+    "${testexec}" -test.v -test.run="^$1$" "${@:2}" 2>&1

     result=$?

   else

     out=$("${testexec}" -test.run="^$1$" "${@:2}" 2>&1)

@@ -569,7 +569,6 @@ func authenticationHandlerFilter(handler http.Handler, authenticator authenticat

 			http.Error(w, "Unauthorized", http.StatusUnauthorized)

 			return

 		}

-		glog.V(5).Infof("user %v -> %v", user, req.URL)

 		ctx, ok := contextMapper.Get(req)

 		if !ok {

@@ -59,6 +59,7 @@ func BindMasterArgs(args *MasterArgs, flags *pflag.FlagSet, prefix string) {

 	flags.Var(&args.MasterPublicAddr, prefix+"public-master", "The master address for use by public clients, if different (host, host:port, or URL). Defaults to same as --master.")

 	flags.Var(&args.EtcdAddr, prefix+"etcd", "The address of the etcd server (host, host:port, or URL). If specified, no built-in etcd will be started.")

 	flags.Var(&args.PortalNet, prefix+"portal-net", "A CIDR notation IP range from which to assign portal IPs. This must not overlap with any IP ranges assigned to nodes for pods.")

+	flags.Var(&args.DNSBindAddr, prefix+"dns", "The address to listen for DNS requests on.")

 	flags.StringVar(&args.EtcdDir, prefix+"etcd-dir", "openshift.local.etcd", "The etcd data directory.")

@@ -74,7 +75,7 @@ func NewDefaultMasterArgs() *MasterArgs {

 		EtcdAddr:         flagtypes.Addr{Value: "0.0.0.0:4001", DefaultScheme: "https", DefaultPort: 4001}.Default(),

 		PortalNet:        flagtypes.DefaultIPNet("172.30.0.0/16"),

 		MasterPublicAddr: flagtypes.Addr{Value: "localhost:8443", DefaultScheme: "https", DefaultPort: 8443, AllowPrefix: true}.Default(),

-		DNSBindAddr:      flagtypes.Addr{Value: "0.0.0.0:53", DefaultScheme: "http", DefaultPort: 53, AllowPrefix: true}.Default(),

+		DNSBindAddr:      flagtypes.Addr{Value: "0.0.0.0:53", DefaultScheme: "tcp", DefaultPort: 53, AllowPrefix: true}.Default(),

 		ConfigDir: &util.StringFlag{},

@@ -68,7 +68,7 @@ func NewDefaultNodeArgs() *NodeArgs {

 		MasterCertDir: "openshift.local.config/master/certificates",

-		ClusterDomain: cmdutil.Env("OPENSHIFT_DNS_DOMAIN", "local"),

+		ClusterDomain: cmdutil.Env("OPENSHIFT_DNS_DOMAIN", "cluster.local"),

 		ClusterDNS:    dnsIP,

 		NetworkPluginName: "",

@@ -12,8 +12,8 @@ import (

 // NewServerDefaults returns the default SkyDNS server configuration for a DNS server.

 func NewServerDefaults() (*server.Config, error) {

 	config := &server.Config{

-		Domain: "local.",

-		Local:  "openshift.default.local.",

+		Domain: "cluster.local.",

+		Local:  "openshift.default.svc.cluster.local.",

 	}

 	return config, server.SetDefaults(config)

 }

@@ -39,8 +39,11 @@ func ListenAndServe(config *server.Config, client *client.Client, etcdclient *et

 }

 func openshiftFallback(name string, exact bool) (string, bool) {

-	if name == "openshift.default" {

-		return "kubernetes.default.", true

+	if name == "openshift.default.svc" {

+		return "kubernetes.default.svc.", true

+	}

+	if name == "openshift.default.endpoints" {

+		return "kubernetes.default.endpoints.", true

 	}

 	return "", false

 }

@@ -2,7 +2,6 @@ package dns

 import (

 	"fmt"

-	"log"

 	"strings"

 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"

@@ -48,16 +47,39 @@ func NewServiceResolver(config *server.Config, accessor ServiceAccessor, endpoin

 // Records implements the SkyDNS Backend interface and returns standard records for

 // a name.

+//

+// The standard pattern is <prefix>.<service_name>.<namespace>.(svc|endpoints).<base>

+//

+// * prefix may be any series of prefix values

+// * service_name and namespace must locate a real service

+// * svc indicates standard service rules apply (portalIP or endpoints as A records)

+//   * reverse lookup of IP is only possible for portalIP

+//   * SRV records are returned for each host+port combination as:

+//     _<port_name>._<port_protocol>.<dns>

+//     _<port_name>.<endpoint_id>.<dns>

+//   * endpoint_id is "portal" when portalIP is set

+// * endpoints always returns each individual endpoint as A records

+//

 func (b *ServiceResolver) Records(name string, exact bool) ([]msg.Service, error) {

 	if !strings.HasSuffix(name, b.base) {

 		return nil, nil

 	}

-	log.Printf("serving records for %s %t", name, exact)

 	prefix := strings.Trim(strings.TrimSuffix(name, b.base), ".")

 	segments := strings.Split(prefix, ".")

-	switch c := len(segments); {

-	case c >= 2:

-		svc, err := b.accessor.Services(segments[c-1]).Get(segments[c-2])

+	for i, j := 0, len(segments)-1; i < j; i, j = i+1, j-1 {

+		segments[i], segments[j] = segments[j], segments[i]

+	}

+	if len(segments) == 0 {

+		return nil, nil

+	}

+

+	switch segments[0] {

+	case "svc", "endpoints":

+		if len(segments) < 3 {

+			return nil, nil

+		}

+		namespace, name := segments[1], segments[2]

+		svc, err := b.accessor.Services(namespace).Get(name)

 		if err != nil {

 			if errors.IsNotFound(err) && b.fallback != nil {

 				if fallback, ok := b.fallback(prefix, exact); ok {

@@ -66,47 +88,142 @@ func (b *ServiceResolver) Records(name string, exact bool) ([]msg.Service, error

 			}

 			return nil, err

 		}

-		if svc.Spec.PortalIP == kapi.PortalIPNone {

-			endpoints, err := b.endpoints.Endpoints(segments[c-1]).Get(segments[c-2])

-			if err != nil {

-				return nil, err

+

+		// no portalIP and not headless, no DNS

+		if len(svc.Spec.PortalIP) == 0 {

+			return nil, nil

+		}

+

+		// if has a portal IP and looking at svc

+		if svc.Spec.PortalIP != kapi.PortalIPNone && segments[0] == "svc" {

+			if len(svc.Spec.Ports) == 0 {

+				return nil, nil

 			}

-			services := make([]msg.Service, 0, len(endpoints.Subsets)*4)

-			for _, s := range endpoints.Subsets {

-				for _, a := range s.Addresses {

-					for _, p := range s.Ports {

-						services = append(services, msg.Service{

-							Host: a.IP,

-							Port: p.Port,

-

-							Priority: 10,

-							Weight:   10,

-							Ttl:      30,

-

-							Text: "",

-							Key:  msg.Path(name),

-						})

-					}

+			services := []msg.Service{}

+			for _, p := range svc.Spec.Ports {

+				port := p.Port

+				if port == 0 {

+					port = p.TargetPort.IntVal

+				}

+				if port == 0 {

+					continue

+				}

+				if len(p.Protocol) == 0 {

+					p.Protocol = kapi.ProtocolTCP

+				}

+				portName := p.Name

+				if len(portName) == 0 {

+					portName = fmt.Sprintf("unknown-port-%d", port)

 				}

+				srvName := fmt.Sprintf("%s.portal.%s", portName, name)

+				keyName := fmt.Sprintf("_%s._%s.%s", portName, p.Protocol, name)

+				services = append(services,

+					msg.Service{

+						Host: svc.Spec.PortalIP,

+						Port: port,

+

+						Priority: 10,

+						Weight:   10,

+						Ttl:      30,

+

+						Text: "",

+						Key:  msg.Path(srvName),

+					},

+					msg.Service{

+						Host: srvName,

+						Port: port,

+

+						Priority: 10,

+						Weight:   10,

+						Ttl:      30,

+

+						Text: "",

+						Key:  msg.Path(keyName),

+					},

+				)

 			}

 			return services, nil

 		}

-		if len(svc.Spec.PortalIP) == 0 || len(svc.Spec.Ports) == 0 {

-			return nil, nil

+

+		// return endpoints

+		endpoints, err := b.endpoints.Endpoints(namespace).Get(name)

+		if err != nil {

+			return nil, err

+		}

+		targets := make(map[string]int)

+		services := make([]msg.Service, 0, len(endpoints.Subsets)*4)

+		count := 1

+		for _, s := range endpoints.Subsets {

+			for _, a := range s.Addresses {

+				shortName := ""

+				if a.TargetRef != nil {

+					name := fmt.Sprintf("%s-%s", a.TargetRef.Name, a.TargetRef.Namespace)

+					if c, ok := targets[name]; ok {

+						shortName = fmt.Sprintf("e%d", c)

+					} else {

+						shortName = fmt.Sprintf("e%d", count)

+						targets[name] = count

+						count++

+					}

+				} else {

+					shortName = fmt.Sprintf("e%d", count)

+					count++

+				}

+				hadPort := false

+				for _, p := range s.Ports {

+					port := p.Port

+					if port == 0 {

+						continue

+					}

+					hadPort = true

+					if len(p.Protocol) == 0 {

+						p.Protocol = kapi.ProtocolTCP

+					}

+					portName := p.Name

+					if len(portName) == 0 {

+						portName = fmt.Sprintf("unknown-port-%d", port)

+					}

+					srvName := fmt.Sprintf("%s.%s.%s", portName, shortName, name)

+					services = append(services, msg.Service{

+						Host: a.IP,

+						Port: port,

+

+						Priority: 10,

+						Weight:   10,

+						Ttl:      30,

+

+						Text: "",

+						Key:  msg.Path(srvName),

+					})

+					keyName := fmt.Sprintf("_%s._%s.%s", portName, p.Protocol, name)

+					services = append(services, msg.Service{

+						Host: srvName,

+						Port: port,

+

+						Priority: 10,

+						Weight:   10,

+						Ttl:      30,

+

+						Text: "",

+						Key:  msg.Path(keyName),

+					})

+				}

+

+				if !hadPort {

+					services = append(services, msg.Service{

+						Host: a.IP,

+

+						Priority: 10,

+						Weight:   10,

+						Ttl:      30,

+

+						Text: "",

+						Key:  msg.Path(name),

+					})

+				}

+			}

 		}

-		return []msg.Service{

-			{

-				Host: svc.Spec.PortalIP,

-				Port: svc.Spec.Ports[0].Port,

-

-				Priority: 10,

-				Weight:   10,

-				Ttl:      30,

-

-				Text: "",

-				Key:  msg.Path(name),

-			},

-		}, nil

+		return services, nil

 	}

 	return nil, nil

 }

@@ -128,7 +245,7 @@ func (b *ServiceResolver) ReverseRecord(name string) (*msg.Service, error) {

 		port = svc.Spec.Ports[0].Port

 	}

 	return &msg.Service{

-		Host: fmt.Sprintf("%s.%s.%s", svc.Name, svc.Namespace, b.base),

+		Host: fmt.Sprintf("%s.%s.svc.%s", svc.Name, svc.Namespace, b.base),

 		Port: port,

 		Priority: 10,

@@ -16,19 +16,19 @@ import (

 )

 func TestDNS(t *testing.T) {

-	masterConfig, clientFile, err := testutil.StartTestAllInOne()

+	masterConfig, clientFile, err := testutil.StartTestMaster()

 	if err != nil {

 		t.Fatalf("unexpected error: %v", err)

 	}

+	localIP := net.ParseIP("127.0.0.1")

 	var masterIP net.IP

-

 	// verify service DNS entry is visible

 	stop := make(chan struct{})

 	util.Until(func() {

 		m1 := &dns.Msg{

 			MsgHdr:   dns.MsgHdr{Id: dns.Id(), RecursionDesired: true},

-			Question: []dns.Question{{"kubernetes.default.local.", dns.TypeA, dns.ClassINET}},

+			Question: []dns.Question{{"kubernetes.default.svc.cluster.local.", dns.TypeA, dns.ClassINET}},

 		}

 		in, err := dns.Exchange(m1, masterConfig.DNSConfig.BindAddress)

 		if err != nil {

@@ -78,7 +78,9 @@ func TestDNS(t *testing.T) {

 			},

 			Subsets: []kapi.EndpointSubset{{

 				Addresses: []kapi.EndpointAddress{{IP: "172.0.0.1"}},

-				Ports:     []kapi.EndpointPort{{Port: 2345}},

+				Ports: []kapi.EndpointPort{

+					{Port: 2345},

+				},

 			}},

 		}); err != nil {

 			t.Fatalf("unexpected error: %v", err)

@@ -87,28 +89,94 @@ func TestDNS(t *testing.T) {

 	}

 	headlessIP := net.ParseIP("172.0.0.1")

+	if _, err := client.Services(kapi.NamespaceDefault).Create(&kapi.Service{

+		ObjectMeta: kapi.ObjectMeta{

+			Name: "headless2",

+		},

+		Spec: kapi.ServiceSpec{

+			PortalIP: kapi.PortalIPNone,

+			Ports:    []kapi.ServicePort{{Port: 443}},

+		},

+	}); err != nil {

+		t.Fatalf("unexpected error: %v", err)

+	}

+	if _, err := client.Endpoints(kapi.NamespaceDefault).Create(&kapi.Endpoints{

+		ObjectMeta: kapi.ObjectMeta{

+			Name: "headless2",

+		},

+		Subsets: []kapi.EndpointSubset{{

+			Addresses: []kapi.EndpointAddress{{IP: "172.0.0.2"}},

+			Ports: []kapi.EndpointPort{

+				{Port: 2345, Name: "other"},

+				{Port: 2346, Name: "http"},

+			},

+		}},

+	}); err != nil {

+		t.Fatalf("unexpected error: %v", err)

+	}

+	headless2IP := net.ParseIP("172.0.0.2")

+

 	// verify recursive DNS lookup is visible when expected

 	tests := []struct {

 		dnsQuestionName   string

 		recursionExpected bool

 		retry             bool

-		expect            *net.IP

+		expect            []*net.IP

+		srv               []*dns.SRV

 	}{

-		{

-			dnsQuestionName:   "foo.kubernetes.default.local.",

-			recursionExpected: false,

-			expect:            &masterIP,

+		{ // wildcard resolution of a service works

+			dnsQuestionName: "foo.kubernetes.default.svc.cluster.local.",

+			expect:          []*net.IP{&masterIP},

 		},

-		{

-			dnsQuestionName:   "openshift.default.local.",

-			recursionExpected: false,

-			expect:            &masterIP,

+		{ // resolving endpoints of a service works

+			dnsQuestionName: "kubernetes.default.endpoints.cluster.local.",

+			expect:          []*net.IP{&localIP},

 		},

-		{

-			dnsQuestionName:   "headless.default.local.",

-			recursionExpected: false,

-			retry:             true,

-			expect:            &headlessIP,

+		{ // openshift override works

+			dnsQuestionName: "openshift.default.svc.cluster.local.",

+			expect:          []*net.IP{&masterIP},

+		},

+		{ // headless service

+			dnsQuestionName: "headless.default.svc.cluster.local.",

+			expect:          []*net.IP{&headlessIP},

+		},

+		{ // specific port of a headless service

+			dnsQuestionName: "unknown-port-2345.e1.headless.default.svc.cluster.local.",

+			expect:          []*net.IP{&headlessIP},

+		},

+		{ // SRV record for that service

+			dnsQuestionName: "headless.default.svc.cluster.local.",

+			srv: []*dns.SRV{

+				&dns.SRV{

+					Target: "unknown-port-2345.e1.headless.",

+					Port:   2345,

+				},

+			},

+		},

+		{ // the SRV record resolves to the IP

+			dnsQuestionName: "unknown-port-2345.e1.headless.default.svc.cluster.local.",

+			expect:          []*net.IP{&headlessIP},

+		},

+		{ // headless 2 service

+			dnsQuestionName: "headless2.default.svc.cluster.local.",

+			expect:          []*net.IP{&headless2IP},

+		},

+		{ // SRV records for that service

+			dnsQuestionName: "headless2.default.svc.cluster.local.",

+			srv: []*dns.SRV{

+				&dns.SRV{

+					Target: "http.e1.headless2.",

+					Port:   2346,

+				},

+				&dns.SRV{

+					Target: "other.e1.headless2.",

+					Port:   2345,

+				},

+			},

+		},

+		{ // the SRV record resolves to the IP

+			dnsQuestionName: "other.e1.headless2.default.svc.cluster.local.",

+			expect:          []*net.IP{&headless2IP},

 		},

 		{

 			dnsQuestionName:   "www.google.com.",

@@ -116,40 +184,77 @@ func TestDNS(t *testing.T) {

 		},

 	}

 	for i, tc := range tests {

-		stop := make(chan struct{})

+		qType := dns.TypeA

+		if tc.srv != nil {

+			qType = dns.TypeSRV

+		}

+		m1 := &dns.Msg{

+			MsgHdr:   dns.MsgHdr{Id: dns.Id(), RecursionDesired: true},

+			Question: []dns.Question{{tc.dnsQuestionName, qType, dns.ClassINET}},

+		}

+		ch := make(chan struct{})

+		count := 0

 		util.Until(func() {

-			m1 := &dns.Msg{

-				MsgHdr:   dns.MsgHdr{Id: dns.Id(), RecursionDesired: true},

-				Question: []dns.Question{{tc.dnsQuestionName, dns.TypeA, dns.ClassINET}},

+			count++

+			if count > 100 {

+				t.Errorf("%d: failed after max iterations", i)

+				close(ch)

+				return

 			}

 			in, err := dns.Exchange(m1, masterConfig.DNSConfig.BindAddress)

 			if err != nil {

-				t.Logf("%d: unexpected error: %v", i, err)

 				return

 			}

-			if !tc.recursionExpected && len(in.Answer) != 1 {

-				if !tc.retry {

-					close(stop)

-					t.Errorf("%d: did not resolve or unexpected forward resolution: %#v", i, in)

+			switch {

+			case tc.srv != nil:

+				if len(in.Answer) != len(tc.srv) {

+					t.Logf("%d: incorrect number of answers: %#v", i, in)

+					return

 				}

+			case tc.recursionExpected:

+				if len(in.Answer) == 0 {

+					t.Errorf("%d: expected forward resolution: %#v", i, in)

+				}

+				close(ch)

 				return

-			} else if tc.recursionExpected && len(in.Answer) == 0 {

-				t.Errorf("%d: expected forward resolution: %#v", i, in)

-				return

+			default:

+				if len(in.Answer) != len(tc.expect) {

+					t.Logf("%d: did not resolve or unexpected forward resolution: %#v", i, in)

+					return

+				}

 			}

-			if a, ok := in.Answer[0].(*dns.A); ok {

-				if a.A == nil {

-					t.Errorf("expected an A record with an IP: %#v", a)

-				} else {

-					if tc.expect != nil && tc.expect.String() != a.A.String() {

-						t.Errorf("A record has a different IP than the test case: %v / %v", a.A, *tc.expect)

+			for _, answer := range in.Answer {

+				switch a := answer.(type) {

+				case *dns.A:

+					matches := false

+					if a.A != nil {

+						for _, expect := range tc.expect {

+							if a.A.String() == expect.String() {

+								matches = true

+								break

+							}

+						}

+					}

+					if !matches {

+						t.Errorf("A record does not match any expected answer: %v", a.A)

+					}

+				case *dns.SRV:

+					matches := false

+					for _, expect := range tc.srv {

+						if expect.Port == a.Port && expect.Target == a.Target {

+							matches = true

+							break

+						}

+					}

+					if !matches {

+						t.Errorf("SRV record does not match any expected answer: %#v", a)

 					}

+				default:

+					t.Errorf("expected an A or SRV record: %#v", in)

 				}

-			} else {

-				t.Errorf("expected an A record: %#v", in)

 			}

 			t.Log(in)

-			close(stop)

-		}, 50*time.Millisecond, stop)

+			close(ch)

+		}, 50*time.Millisecond, ch)

 	}

 }