feat(dns): add dual-stack DNS resolution with dnsdualstack+ scheme

Add dnsdualstack+ DNS scheme that resolves both A and AAAA records,
enabling IPv4/IPv6 failover for store connections. Failover is handled
automatically by gRPC's built-in health checking and round_robin balancer.
Usage:
  --store=dnsdualstack+store.example.com:10901

Signed-off-by: Kevin Glasson <kglasson@cloudflare.com>
Signed-off-by: Kevin Glasson <kevinglasson@gmail.com>

Author: elidhu

CHANGELOG.md

@@ -20,6 +20,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re
 
 ### Added
 
+- [#XXXX](https://github.com/thanos-io/thanos/pull/XXXX) Query/Ruler: Add dual-stack DNS resolution with `dnsdualstack+` scheme for resolving both IPv4 and IPv6 addresses with automatic failover via gRPC health checking.
 - [#](https://github.com/thanos-io/thanos/pull/8623): Query: support sending a batch of Series per SeriesResponse with `--query.series-response-batch-size` flag.
 - [#](https://github.com/thanos-io/thanos/pull/8582): Sidecar: support --storage.tsdb.delay-compact-file.path Prometheus flag.
 - [#](https://github.com/thanos-io/thanos/pull/8595): *: add --shipper.upload-compacted flag for controlling upload concurrency in components that use shippper

docs/service-discovery.md

@@ -96,6 +96,12 @@ This configuration will instruct Thanos to discover all endpoints within the `th
 --endpoint=dnssrvnoa+_thanosstores._tcp.mycompany.org
 ```
 
+* `dnsdualstack+` - the domain name after this prefix will be looked up as both A and AAAA queries simultaneously, returning all resolved addresses. This provides dual-stack resilience by resolving both IPv4 and IPv6 addresses, with automatic failover handled by gRPC's built-in health checking. *A port is required for this query type*. For example:
+
+```
+--store=dnsdualstack+stores.thanos.mycompany.org:9090
+```
+
 The default interval between DNS lookups is 30s. This interval can be changed using the `store.sd-dns-interval` flag for `StoreAPI` configuration in `Thanos Querier`, or `query.sd-dns-interval` for `QueryAPI` configuration in `Thanos Ruler`.
 
 ## Other

pkg/discovery/dns/godns/resolver.go

@@ -4,6 +4,7 @@
 package godns
 
 import (
+	"context"
 	"net"
 
 	"github.com/pkg/errors"
@@ -14,6 +15,44 @@ type Resolver struct {
 	*net.Resolver
 }
 
+func (r *Resolver) LookupIPAddrDualStack(ctx context.Context, host string) ([]net.IPAddr, error) {
+	seen := make(map[string]struct{})
+	var result []net.IPAddr
+
+	for _, network := range []string{"ip6", "ip4"} {
+		select {
+		case <-ctx.Done():
+			if len(result) > 0 {
+				return result, nil
+			}
+			return nil, ctx.Err()
+		default:
+		}
+
+		ips, err := r.Resolver.LookupIP(ctx, network, host)
+		if err != nil {
+			continue
+		}
+
+		for _, ip := range ips {
+			ipStr := ip.String()
+			if _, ok := seen[ipStr]; !ok {
+				seen[ipStr] = struct{}{}
+				result = append(result, net.IPAddr{IP: ip})
+			}
+		}
+	}
+
+	if len(result) == 0 {
+		return nil, &net.DNSError{
+			Err:        "no such host",
+			Name:       host,
+			IsNotFound: true,
+		}
+	}
+	return result, nil
+}
+
 // IsNotFound checkout if DNS record is not found.
 func (r *Resolver) IsNotFound(err error) bool {
 	if err == nil {

pkg/discovery/dns/miekgdns/resolver.go

@@ -68,6 +68,69 @@ func (r *Resolver) LookupIPAddr(_ context.Context, host string) ([]net.IPAddr, e
 	return r.lookupIPAddr(host, 1, 8)
 }
 
+func (r *Resolver) LookupIPAddrDualStack(ctx context.Context, host string) ([]net.IPAddr, error) {
+	return r.lookupIPAddrDualStack(ctx, host, 1, 8)
+}
+
+func (r *Resolver) lookupIPAddrDualStack(ctx context.Context, host string, currIteration, maxIterations int) ([]net.IPAddr, error) {
+	if currIteration > maxIterations {
+		return nil, errors.Errorf("maximum number of recursive iterations reached (%d)", maxIterations)
+	}
+
+	seen := make(map[string]struct{})
+	var result []net.IPAddr
+
+	for _, qtype := range []uint16{dns.TypeAAAA, dns.TypeA} {
+		select {
+		case <-ctx.Done():
+			if len(result) > 0 {
+				return result, nil
+			}
+			return nil, ctx.Err()
+		default:
+		}
+
+		response, err := r.lookupWithSearchPath(host, dns.Type(qtype))
+		if err != nil {
+			continue
+		}
+
+		for _, record := range response.Answer {
+			switch addr := record.(type) {
+			case *dns.A:
+				ipStr := addr.A.String()
+				if _, ok := seen[ipStr]; !ok {
+					seen[ipStr] = struct{}{}
+					result = append(result, net.IPAddr{IP: addr.A})
+				}
+			case *dns.AAAA:
+				ipStr := addr.AAAA.String()
+				if _, ok := seen[ipStr]; !ok {
+					seen[ipStr] = struct{}{}
+					result = append(result, net.IPAddr{IP: addr.AAAA})
+				}
+			case *dns.CNAME:
+				addrs, err := r.lookupIPAddrDualStack(ctx, addr.Target, currIteration+1, maxIterations)
+				if err != nil {
+					continue
+				}
+				for _, a := range addrs {
+					ipStr := a.IP.String()
+					if _, ok := seen[ipStr]; !ok {
+						seen[ipStr] = struct{}{}
+						result = append(result, a)
+					}
+				}
+			}
+		}
+	}
+
+	if len(result) == 0 {
+		return nil, ErrNoSuchHost
+	}
+	return result, nil
+}
+
 func (r *Resolver) lookupIPAddr(host string, currIteration, maxIterations int) ([]net.IPAddr, error) {
 	// We want to protect from infinite loops when resolving DNS records recursively.
 	if currIteration > maxIterations {

pkg/discovery/dns/provider.go

@@ -21,6 +21,19 @@ import (
 	"github.com/thanos-io/thanos/pkg/extprom"
 )
 
+func isIPv6Addr(addr string) bool {
+	if strings.HasPrefix(addr, "[") {
+		return true
+	}
+	// Try parsing as host:port.
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		host = addr
+	}
+	ip := net.ParseIP(host)
+	return ip != nil && ip.To4() == nil
+}
+
 // Provider is a stateful cache for asynchronous DNS resolutions. It provides a way to resolve addresses and obtain them.
 type Provider struct {
 	sync.RWMutex
@@ -108,8 +121,14 @@ func GetQTypeName(addr string) (qtype, name string) {
 	return qtypeAndName[0], qtypeAndName[1]
 }
 
+// IsDualStackNode returns true if the address uses dual-stack DNS resolution (dnsdualstack+).
+func IsDualStackNode(addr string) bool {
+	return strings.HasPrefix(addr, string(ADualStack)+"+")
+}
+
 // Resolve stores a list of provided addresses or their DNS records if requested.
 // Addresses prefixed with `dns+` or `dnssrv+` will be resolved through respective DNS lookup (A/AAAA or SRV).
+// Addresses prefixed with `dnsdualstack+` will resolve both A and AAAA records.
 // For non-SRV records, it will return an error if a port is not supplied.
 func (p *Provider) Resolve(ctx context.Context, addrs []string, flushOld bool) error {
 	resolvedAddrs := map[string][]string{}

pkg/discovery/dns/resolver.go

@@ -6,6 +6,7 @@ package dns
 import (
 	"context"
 	"net"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -24,6 +25,8 @@ const (
 	SRV = QType("dnssrv")
 	// SRVNoA qtype performs SRV lookup without any A/AAAA lookup for each SRV result.
 	SRVNoA = QType("dnssrvnoa")
+	// ADualStack qtype performs both A and AAAA lookup, returning all addresses.
+	ADualStack = QType("dnsdualstack")
 )
 
 type Resolver interface {
@@ -36,6 +39,7 @@ type Resolver interface {
 
 type ipLookupResolver interface {
 	LookupIPAddr(ctx context.Context, host string) ([]net.IPAddr, error)
+	LookupIPAddrDualStack(ctx context.Context, host string) ([]net.IPAddr, error)
 	LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error)
 	IsNotFound(err error) bool
 }
@@ -127,6 +131,37 @@ func (s *dnsSD) Resolve(ctx context.Context, name string, qtype QType) ([]string
 				res = append(res, appendScheme(scheme, net.JoinHostPort(resIP.String(), resPort)))
 			}
 		}
+	case ADualStack:
+		if port == "" {
+			return nil, errors.Errorf("missing port in address given for dnsdualstack lookup: %v", name)
+		}
+		ips, err := s.resolver.LookupIPAddrDualStack(ctx, host)
+		if err != nil {
+			if !s.resolver.IsNotFound(err) {
+				return nil, errors.Wrapf(err, "lookup IP addresses (dual-stack) %q", host)
+			}
+			if ips == nil {
+				level.Error(s.logger).Log("msg", "failed to lookup IP addresses (dual-stack)", "host", host, "err", err)
+			}
+		}
+		sort.Slice(ips, func(i, j int) bool {
+			iIs6 := ips[i].IP.To4() == nil
+			jIs6 := ips[j].IP.To4() == nil
+			if iIs6 != jIs6 {
+				return iIs6
+			}
+			return ips[i].IP.String() < ips[j].IP.String()
+		})
+		var ipv4Count, ipv6Count int
+		for _, ip := range ips {
+			if ip.IP.To4() == nil {
+				ipv6Count++
+			} else {
+				ipv4Count++
+			}
+			res = append(res, appendScheme(scheme, net.JoinHostPort(ip.String(), port)))
+		}
+		level.Debug(s.logger).Log("msg", "dual-stack DNS lookup", "host", host, "ipv6_count", ipv6Count, "ipv4_count", ipv4Count)
 	default:
 		return nil, errors.Errorf("invalid lookup scheme %q", qtype)
 	}