Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DNS Issue on Kubernetes (ndots=5 + search domain query)

See original GitHub issue

Expected behavior

DNS Resolution works always

Actual behavior

Some hosts are not resolving and keep getting DnsNameResolverTimeoutException.

SearchDomainUnknownHostException: Search domain query failed. Original hostname: 's3-eu-central-1.amazonaws.com' failed to resolve 's3-eu-central-1.amazonaws.com.default.svc.cluster.local' after 2 queries 
    at io.netty.resolver.dns.DnsResolveContext.finishResolve(DnsResolveContext.java:845)
    at io.netty.resolver.dns.DnsResolveContext.tryToFinishResolve(DnsResolveContext.java:806)
    at io.netty.resolver.dns.DnsResolveContext.query(DnsResolveContext.java:333)
    at io.netty.resolver.dns.DnsResolveContext.query(DnsResolveContext.java:322)
    at io.netty.resolver.dns.DnsResolveContext.access$500(DnsResolveContext.java:62)
...
(17 additional frame(s) were not displayed)

DnsNameResolverTimeoutException: [/100.64.0.10:53] query timed out after 5000 milliseconds (no stack trace available)

The issue is not only relevant for cluster external dns entries, but also when querying <service-name>, which should resolve when using search path. using the FQDN <service-name>.default.svc.cluster.local makes the issue less noticable, except for external names due to the ndots.

The DNS server (coredns pod) is located on the same kubernetes node. performing dns queries on the shell using dig +search [...] or nslookup always yield the correct result

Steps to reproduce

inside a kubernetes pod, try resolving internal names and external names. doesn’t seem to be a network issue, I’ve seen it on weave (with the tc fix applied) and flannel-vxlan and all other non-netty pods don’t have any issues with DNS

this is the /etc/resolv.conf

nameserver 100.64.0.10
search default.svc.cluster.local svc.cluster.local cluster.local eu-central-1.compute.internal
options ndots:5

this rules out the fix applied for #8261 because it’s a single dns server

Minimal yet complete reproducer code (or URL to code)

working on that part right now. Really hard to make it reproducable. I’ve tried ruling out everything else, see above

Netty version

4.1.30 (through Vert.x 3.6.3)

JVM version (e.g. java -version)

8

OS version (e.g. uname -a)

CentOS 7.6 (Docker)

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:10 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
m1schkacommented, Apr 18, 2019

disabling ipv6 seems to fix this issue

0reactions
caicarabrunocommented, Dec 10, 2019
Read more comments on GitHub >

github_iconTop Results From Across the Web

Kubernetes pods /etc/resolv.conf ndots:5 option and why it ...
The nameserver IP is the Kubernetes service IP of kube-dns; There are 4 local search domains specified; There's a ndots:5 option.
Read more >
Debugging DNS Resolution - Kubernetes
This page provides hints on diagnosing DNS problems. ... Verify that the search path and name server are set up like the following...
Read more >
DNS Lookups in Kubernetes - Karan Sharma
DNS Lookups in Kubernetes · The query iterates through all search paths until the answer contains a NOERROR code (which the DNS clients ......
Read more >
kubernetes dns search domain appended in some queries
you can refer to github coredns is still labeled as kube-dns issue to read more. In my cluster I also have coredns service...
Read more >
DNS performance issues in Kubernetes cluster
NodeJS performance issues with dns.lookup() internal implementation ... for non-qualified domain names and how options ndots:5 affects this.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Can't find PingMessage class from javadoc example

Next page

Support semicolon as a normal character in URI (no longer a parameter separator)