Opened 8 months ago
Closed 5 months ago
#2537 closed defect (invalid)
Host not found in resolver "kube-dns.kube-system.svc.cluster.local". Apparently 'resolver' does not work with long DNS names
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-module | Version: | 1.25.x |
| Keywords: | ngx_http_core_module | Cc: | |
| uname -a: | Linux todo-list-front-5b4c5887fd-tc2b4 5.14.0-162.22.2.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 15 14:44:24 EDT 2023 x86_64 Linux | ||
| nginx -V: |
nginx version: nginx/1.24.0
built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r4) built with OpenSSL 3.0.7 1 Nov 2022 (running with OpenSSL 3.0.10 1 Aug 2023) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer -g' --with-ld-opt=-Wl,--as-needed,-O1,--sort-common |
||
Description
Hi, I have the following simple configuration:
/ # cat /etc/nginx/conf.d/nginx.conf
server {
listen 8080;
server_name $hostname;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
error_log /var/log/nginx/api-error.log debug;
resolver kube-dns.kube-system.svc.cluster.local valid=10s;
set $target todo-list-backend-svc.default.svc.cluster.local;
proxy_pass http://$target;
}
Which gives me the following error:
/ # nginx -s reload 2023/08/26 11:16:25 [emerg] 60#60: host not found in resolver "kube-dns.kube-system.svc.cluster.local" in /etc/nginx/conf.d/nginx.conf:11 nginx: [emerg] host not found in resolver "kube-dns.kube-system.svc.cluster.local" in /etc/nginx/conf.d/nginx.conf:11
I've checked that "kube-dns.kube-system.svc.cluster.local" can be resolved locally:
/ # nslookup kube-dns.kube-system.svc.cluster.local Server: 10.96.0.10 Address: 10.96.0.10:53 Name: kube-dns.kube-system.svc.cluster.local Address: 10.96.0.10
This is my /etc/resolv.conf:
/ # cat /etc/resolv.conf nameserver 10.96.0.10 search default.svc.cluster.local svc.cluster.local cluster.local localdomain options ndots:5
When I remove the "svc.cluster.local" from the DNS name, nginx is reloaded without any issue:
/ # cat /etc/nginx/conf.d/nginx.conf
server {
listen 8080;
server_name $hostname;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
error_log /var/log/nginx/api-error.log debug;
resolver kube-dns.kube-system valid=30s;
set $target todo-list-backend-svc.default.svc.cluster.local;
proxy_pass http://$target;
}
/ # nginx -s reload
2023/08/26 11:20:03 [notice] 67#67: signal process started
/ #
So, what is going wrong here? It looks like resolver is unable to deal with long DNS names.
Change History (2)
comment:1 by , 8 months ago
comment:2 by , 5 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Feedback timeout. Seems to be a resolver configuration issue.
Note:
See TracTickets
for help on using tickets.
There are no restrictions on DNS server name length in resolver. In particular, the name
kube-dns.kube-system.svc.cluster.localworks fine in my tests.Rather, I would suggests this is something to do with your system resolver configuration, as nginx uses system resolver to resolve DNS server names specified in the
resolverdirective.What does
ping kube-dns.kube-system.svc.cluster.localshow?Note that
nslookupdoes not use system resolver, but rather does DNS resolution of the name itself. Moreover,nslookupon Alpine does not know anything aboutndots, and therefore will lookup the name as is.My best guess is that some of the domains in your search list do return an answer for the
kube-dns.kube-system.svc.cluster.localname in it, but without any addresses. And the real name is never looked up, since due tondots:5search list is tried first.