crc: [BUG] Issues with DNS lookups from within the container

General information

OS: Windows
Hypervisor: Hyper-V
Did you run crc setup before starting it (Yes/No)? Yes
Running CRC on: Laptop

CRC version

CRC version: 2.18.0+4ea3a1
OpenShift version: 4.12.13
Podman version: 4.4.1

CRC status

CRC VM:          Running
OpenShift:       Running (v4.12.13)
RAM Usage:       10.34GB of 16.8GB
Disk Usage:      24.58GB of 32.74GB (Inside the CRC VM)
Cache Usage:     39.85GB
Cache Directory: C:\Users\021731618\.crc\cache

CRC config

- consent-telemetry                     : no
- cpus                                  : 8
- memory                                : 16384

Host Operating System

Host Name:                 <hostname>
OS Name:                   Microsoft Windows 11 Enterprise
OS Version:                10.0.22621 N/A Build 22621
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          N/A
Registered Organization:   N/A
Product ID:                00330-80000-00000-AA629
Original Install Date:     26/03/2023, 02:46:09
System Boot Time:          09/05/2023, 08:25:45
System Manufacturer:       LENOVO
System Model:              <model>
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 154 Stepping 3 GenuineIntel ~2400 Mhz
BIOS Version:              LENOVO N3JET32W (1.16 ), 02/03/2023
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              de;German (Germany)
Time Zone:                 (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Total Physical Memory:     32.434 MB
Available Physical Memory: 5.742 MB
Virtual Memory: Max Size:  36.547 MB
Virtual Memory: Available: 5.091 MB
Virtual Memory: In Use:    31.456 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    <domain>
Logon Server:              \\<hostname>
Hotfix(s):                 5 Hotfix(s) Installed.
                           [01]: KB5022497
                           [02]: KB5012170
                           [03]: KB5025800
                           [04]: KB5025239
                           [05]: KB5025749
Network Card(s):           7 NIC(s) Installed.
                           [01]: Intel(R) Wi-Fi 6E AX211 160MHz
                                 Connection Name: Wi-Fi
                                 Status:          Media disconnected
                           [02]: Realtek USB 2.5GbE Family Controller
                                 Connection Name: Ethernet 2
                                 DHCP Enabled:    Yes
                                 DHCP Server:     N/A
                                 IP address(es)
                           [03]: Cisco AnyConnect Virtual Miniport Adapter for Windows x64
                                 Connection Name: Ethernet 3
                                 Status:          Hardware not present
                           [04]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (ext-switch)
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.20.5
                                 IP address(es)
                                 [01]: 192.168.20.70
                                 [02]: fe80::6f39:f86b:d745:b50a
                           [05]: Microsoft Network Adapter Multiplexor Driver
                                 Connection Name: Network Bridge
                                 Status:          Media disconnected
                           [06]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (wlan-switch)
                                 Status:          Media disconnected
                           [07]: Array Networks SSL VPN Adapter
                                 Connection Name: Ethernet 4
                                 Status:          Hardware not present
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Steps to reproduce

start a simple container: oc run -it busybox --image=busybox:latest – sh (this (and other) container’s /etc/resolv.conf points to dns-default service IP)
run nslookup secure-feeds-production-us-east-1-761931097553.s3.us-east-1.amazonaws.com
run nslookup against other hosts, e.g. cnn.com
run both 2. and 3. inside pod in openshift-dns project (which backs dns-default service) and inside the node (both have their /etc/resolv.conf pointed at an IP that presumably points/maps outside the cluster on tap0 interface), or on the VM host or another VM on that host: both names are resolved

Expected

both names should be resolved from within a container

Actual

resolving the amazon s3 link fails: Server: 10.217.4.10 Address: 10.217.4.10:53 Non-authoritative answer: *** Can’t find secure-feeds-production-us-east-1-761931097553.s3.us-east-1.amazonaws.com: No answer

resolving other names works: Server: 10.217.4.10 Address: 10.217.4.10:53 Non-authoritative answer: Non-authoritative answer: Name: cnn.com Address: 151.101.195.5 Name: cnn.com Address: 151.101.3.5 Name: cnn.com Address: 151.101.67.5 Name: cnn.com Address: 151.101.131.5

Logs

I’ll follow up with the below later if needed, as I need to keep the cluster alive for another purpose for a while …

Before gather the logs try following if that fix your issue

$ crc delete -f
$ crc cleanup
$ crc setup
$ crc start --log-level debug

Please consider posting the output of crc start --log-level debug on http://gist.github.com/ and post the link in the issue.

About this issue

Original URL
State: closed
Created a year ago
Comments: 15 (8 by maintainers)

Commits related to this issue

service/dns: Compress dns message Recently we observed, dns messages from our dns service is not compress which sometime makes message size more than 512B and some client tools fails to process it. ... — committed to praveenkumar/gvisor-tap-vsock by praveenkumar a year ago
service/dns: Compress dns message Recently we observed, dns messages from our dns service is not compress which sometime makes message size more than 512B and some client tools fails to process it. ... — committed to containers/gvisor-tap-vsock by praveenkumar a year ago
go.mod: Update gvisor_vsock_tap dependency Updating to https://github.com/containers/gvisor-tap-vsock/commit/b79db04d368ef24620553026a977dcff5749e2bc which resolve https://github.com/crc-org/crc/issu... — committed to praveenkumar/crc by praveenkumar a year ago
go.mod: Update gvisor_vsock_tap dependency Updating to https://github.com/containers/gvisor-tap-vsock/commit/b79db04d368ef24620553026a977dcff5749e2bc which resolve https://github.com/crc-org/crc/issu... — committed to praveenkumar/crc by praveenkumar a year ago
go.mod: Update gvisor_vsock_tap dependency Updating to https://github.com/containers/gvisor-tap-vsock/commit/b79db04d368ef24620553026a977dcff5749e2bc which resolve https://github.com/crc-org/crc/issu... — committed to crc-org/crc by praveenkumar a year ago

Most upvoted comments

Hi Christophe, Red Hat have fixed the issue in v2.22 of crc. Sysdig registry scanner – the image in question – now runs fine on local OpenShift.

Fixed DNS lookup from within containers Previously, DNS messages from Red Hat OpenShift Local DNS service could exceed 512B, and some clients might fail to process the message. With this update, DNS messages are compressed, and container can successfully process DNS messages. https://github.com/crc-org/crc/issues/3643

Mit freundlichen Grüßen,

Martin W. Murhammer, MSc Executive Architect IBM Security +43 664 6185769 @.***

IBM Österreich Internationale Büromaschinen Gesellschaft m.b.H. Sitz: Wien Firmenbuchgericht: Handelsgericht Wien, FN 80000y

From: Christophe Fergeau @.> Sent: Monday, 12 June 2023 14:18 To: crc-org/crc @.> Cc: Martin Murhammer @.>; Mention @.> Subject: [EXTERNAL] Re: [crc-org/crc] [BUG] Issues with DNS lookups from within the container (Issue #3643)

The actual image that needs to resolve that host name is based on Red Hat 8. 8. And it is still not resolving. Can you give more details about this image? What are you using for the DNS resolution on this image? — Reply to this email directly, ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd

The actual image that needs to resolve that host name is based on Red Hat 8.8. And it is still not resolving.

Can you give more details about this image? What are you using for the DNS resolution on this image?

— Reply to this email directly, view it on GitHubhttps://github.com/crc-org/crc/issues/3643#issuecomment-1587227352, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AL742PKCPGJWZPRXWTFGVXDXK4CGFANCNFSM6AAAAAAX3JA6JA. You are receiving this because you were mentioned.Message ID: @.***>

mmurhamm on Jul 26, 2023