Opened 16 months ago
Closed 13 months ago
#2537 closed defect (invalid)
Host not found in resolver "kube-dns.kube-system.svc.cluster.local". Apparently 'resolver' does not work with long DNS names
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-module | Version: | 1.25.x |
Keywords: | ngx_http_core_module | Cc: | |
uname -a: | Linux todo-list-front-5b4c5887fd-tc2b4 5.14.0-162.22.2.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 15 14:44:24 EDT 2023 x86_64 Linux | ||
nginx -V: |
nginx version: nginx/1.24.0
built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r4) built with OpenSSL 3.0.7 1 Nov 2022 (running with OpenSSL 3.0.10 1 Aug 2023) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer -g' --with-ld-opt=-Wl,--as-needed,-O1,--sort-common |
Description
Hi, I have the following simple configuration:
/ # cat /etc/nginx/conf.d/nginx.conf server { listen 8080; server_name $hostname; location / { root /usr/share/nginx/html; index index.html; try_files $uri $uri/ /index.html; } location /api/ { error_log /var/log/nginx/api-error.log debug; resolver kube-dns.kube-system.svc.cluster.local valid=10s; set $target todo-list-backend-svc.default.svc.cluster.local; proxy_pass http://$target; }
Which gives me the following error:
/ # nginx -s reload 2023/08/26 11:16:25 [emerg] 60#60: host not found in resolver "kube-dns.kube-system.svc.cluster.local" in /etc/nginx/conf.d/nginx.conf:11 nginx: [emerg] host not found in resolver "kube-dns.kube-system.svc.cluster.local" in /etc/nginx/conf.d/nginx.conf:11
I've checked that "kube-dns.kube-system.svc.cluster.local" can be resolved locally:
/ # nslookup kube-dns.kube-system.svc.cluster.local Server: 10.96.0.10 Address: 10.96.0.10:53 Name: kube-dns.kube-system.svc.cluster.local Address: 10.96.0.10
This is my /etc/resolv.conf:
/ # cat /etc/resolv.conf nameserver 10.96.0.10 search default.svc.cluster.local svc.cluster.local cluster.local localdomain options ndots:5
When I remove the "svc.cluster.local" from the DNS name, nginx is reloaded without any issue:
/ # cat /etc/nginx/conf.d/nginx.conf server { listen 8080; server_name $hostname; location / { root /usr/share/nginx/html; index index.html; try_files $uri $uri/ /index.html; } location /api/ { error_log /var/log/nginx/api-error.log debug; resolver kube-dns.kube-system valid=30s; set $target todo-list-backend-svc.default.svc.cluster.local; proxy_pass http://$target; } / # nginx -s reload 2023/08/26 11:20:03 [notice] 67#67: signal process started / #
So, what is going wrong here? It looks like resolver is unable to deal with long DNS names.
Change History (2)
comment:1 by , 16 months ago
comment:2 by , 13 months ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Feedback timeout. Seems to be a resolver configuration issue.
Note:
See TracTickets
for help on using tickets.
There are no restrictions on DNS server name length in resolver. In particular, the name
kube-dns.kube-system.svc.cluster.local
works fine in my tests.Rather, I would suggests this is something to do with your system resolver configuration, as nginx uses system resolver to resolve DNS server names specified in the
resolver
directive.What does
ping kube-dns.kube-system.svc.cluster.local
show?Note that
nslookup
does not use system resolver, but rather does DNS resolution of the name itself. Moreover,nslookup
on Alpine does not know anything aboutndots
, and therefore will lookup the name as is.My best guess is that some of the domains in your search list do return an answer for the
kube-dns.kube-system.svc.cluster.local
name in it, but without any addresses. And the real name is never looked up, since due tondots:5
search list is tried first.