Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

coredns unable to resolve external DNS (NXDOMAIN) #4167

Closed
darkedges opened this issue Apr 26, 2019 · 14 comments
Closed

coredns unable to resolve external DNS (NXDOMAIN) #4167

darkedges opened this issue Apr 26, 2019 · 14 comments
Labels
area/dns DNS issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence.

Comments

@darkedges
Copy link
Contributor

darkedges commented Apr 26, 2019
edited
Loading

Having an issue with 1.0.0 where it cannot resolve external DNS entries, causing cert-manager to return errors as it cannot locate the domain to issue a certificate against.

By editing the configmap for coredns and updating to use

forward . 8.8.8.8:53

It can then resolve externally

Minikube version

$ minikube version
minikube version: v1.0.0

Operating System

Microsoft Windows [Version 10.0.17763.437]
(c) 2018 Microsoft Corporation. All rights reserved.

Deployed

kubectl -n kube-system edit configmap coredns

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  Corefile: |
    .:53 {
        log
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv/conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-04-26T20:43:46Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "5425"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: fcad6502-6863-11e9-b838-0800276aaa26

command

/ # nslookup www.news.com.au
Server:         10.96.0.10
Address:        10.96.0.10:53

** server can't find www.news.com.au: NXDOMAIN


*** Can't find www.news.com.au: No answer

Updated

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  Corefile: |
    .:53 {
        log
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . 8.8.8.8:53
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-04-26T20:43:46Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "5425"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: fcad6502-6863-11e9-b838-0800276aaa26

command

/ # nslookup www.news.com.au
Server:         10.96.0.10
Address:        10.96.0.10:53

Non-authoritative answer:
www.news.com.au canonical name = wildcardsan.news.com.au.edgekey.net
wildcardsan.news.com.au.edgekey.net     canonical name = e3774.b.akamaiedge.net

*** Can't find www.news.com.au: No answer
@darkedges darkedges mentioned this issue Apr 26, 2019
Closed
@darkedges
Copy link
Contributor Author

Seems this is documented here https://github.com/coredns/coredns/blob/master/plugin/loop/README.md in the last section

@jaksonwkr
Copy link

I have the same problem here.

The systemd-resolved just stop working.

@tstromberg tstromberg added area/dns DNS issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels May 2, 2019
@tstromberg tstromberg changed the title Unable to resolve extenal DNS queries with v1.0.0.0 and coredns coredns unable to resolve external DNS entries (NXDOMAIN) May 2, 2019
@tstromberg tstromberg changed the title coredns unable to resolve external DNS entries (NXDOMAIN) coredns unable to resolve external DNS (NXDOMAIN) May 2, 2019
@tstromberg tstromberg added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label May 2, 2019
@darkedges
Copy link
Contributor Author

The systemd-resolved just stop working.

Where were you seeing that?

@jaksonwkr
Copy link

Where were you seeing that?

I accessed the minikube VM and tried to ping google.com, it didn't work, then I changed the file /etc/systemd/resolved.com and added the line below

DNS = 8.8.8.8

restarted systemd-resolved and it came back to work

@tstromberg tstromberg added the r/2019q2 Issue was last reviewed 2019q2 label May 24, 2019
@jbialy
Copy link

jbialy commented May 30, 2019

Same result for me, I first noticed that deployments were unable to pull images. I sshed into the minikube VM and checked /etc/resolv.conf:

cat /etc/resolv.conf
nameserver 192.168.64.1

Adding:

[Resolve]
DNS=1.1.1.1

to /etc/systemd/resolved.conf and restarting systemd-resolved helped.

@rodjjo
Copy link

rodjjo commented Jun 13, 2019
edited
Loading

I created this script that is a workaround for minikube

#!/bin/bash
kubectl -n kube-system get configmap coredns -o yaml | sed 's/\/etc\/resolv.conf/8.8.8.8/gi' | kubectl apply -f -
PODNAMES=(`kubectl -n kube-system get pods -o jsonpath='{.items[*].metadata.name}'`)
for name in ${PODNAMES[@]}; do
    if echo "$name" | grep -q 'coredns-'; then
        kubectl -n kube-system delete pods "$name"
    fi
done

note: it deletes coredns pods. they will be automatically created again with the new dns configurations

@j14s
Copy link

j14s commented Jun 25, 2019

While this does fix things, if you do a minikube stop and start, the /etc/systemd/resolved.com gets reset to default and everything is broken again. Rinse/Repeat.

@dfang
Copy link
Contributor

dfang commented Jun 26, 2019

Where were you seeing that?

I accessed the minikube VM and tried to ping google.com, it didn't work, then I changed the file /etc/systemd/resolved.com and added the line below

DNS = 8.8.8.8

restarted systemd-resolved and it came back to work

tried to change DNS to 223.5.5.5 (aliyun dns), and restarted systemd-resolved
but still failed to nslookup

nslookup baidu.com
Server:    223.5.5.5
Address 1: 223.5.5.5
nslookup: can't resolve 'baidu.com'

@dfang dfang mentioned this issue Jun 26, 2019
Closed
@tstromberg tstromberg added kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. r/2019q2 Issue was last reviewed 2019q2 labels Sep 20, 2019
@fsadykov
Copy link

Hello @rodjjo,

I see your code is works for coredns. I have same problem with kube-dns. Should I just replace coredns -> kube-dns and use your script?

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 14, 2020
@achyutjhunjhunwala
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 27, 2020
@tstromberg
Copy link
Contributor

I'm closing this as it was opened a really long time ago (a year), and wasn't reproducible for me given the same information on minikube v1.9.2:

# kubectl run -it --rm --restart=Never alpine --image=alpine sh
If you don't see a command prompt, try pressing enter.
/ # nslookup www.news.com.au
Server:		10.96.0.10
Address:	10.96.0.10:53

Non-authoritative answer:
www.news.com.au	canonical name = wildcardsan.news.com.au.edgekey.net
wildcardsan.news.com.au.edgekey.net	canonical name = e3774.b.akamaiedge.net
Name:	e3774.b.akamaiedge.net
Address: 23.1.244.154

If you are still seeing this, /reopen with precise reproduction steps, including the minikube start command-line and output. Thank you for sharing your experience - my apologies that we did not follow-up sooner.

@ulan-yisaev
Copy link

/reopen

@k8s-ci-robot
Copy link
Contributor

@ulan-yisaev: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dns DNS issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests