kubernetes: dns can't resolve kubernetes.default and/or cluster.local
/kind bug What happened: I’ve setup Kubernetes cluster on Ubuntu 18.04, v1.11.1:
KubeDNS:
$ kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 10d
kubernetes-dashboard ClusterIP 10.99.230.158 <none> 443/TCP 4d
tiller-deploy ClusterIP 10.111.190.156 <none> 44134/TCP 8d
Version:
$ kubectl version --short
Client Version: v1.11.1
Server Version: v1.11.1
When I run busybox for testing:
kubectl create -f https://k8s.io/examples/admin/dns/busybox.yaml
I am getting this:
$ kubectl exec -ti busybox -- nslookup kubernetes.default
Server: 10.96.0.10
Address: 10.96.0.10:53
** server can't find kubernetes.default: NXDOMAIN
*** Can't find kubernetes.default: No answer
$ kubectl exec -ti busybox -- nslookup cluster.local
Server: 10.96.0.10
Address: 10.96.0.10:53
** server can't find cluster.local: NXDOMAIN
*** Can't find cluster.local: No answer
What you expected to happen:
I expect the kubernetes.default or cluster.local to be resolved.
How to reproduce it (as minimally and precisely as possible): Maybe try to install new k8s cluster on Ubuntu 18.04 following official instructions.
Anything else we need to know?:
Environment:
- Kubernetes version (use
kubectl version):
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.1", GitCommit:"b1b29978270dc22fecc592ac55d903350454310a", GitTreeState:"clean", BuildDate:"2018-07-17T18:53:20Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.1", GitCommit:"b1b29978270dc22fecc592ac55d903350454310a", GitTreeState:"clean", BuildDate:"2018-07-17T18:43:26Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
- Cloud provider or hardware configuration: Bare metal, OVH, Ubuntu 18.04
- OS (e.g. from /etc/os-release):
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
- Kernel (e.g.
uname -a):
$ uname -a
Linux kubernetes-slave 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
- Install tools:
- Others: These are my pods:
$ kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name
pod/coredns-78fcdf6894-c4sk8
pod/coredns-78fcdf6894-mzv9t
pod/kube-dns-569b8c4c96-bwwvm
Here are pod logs:
$ kubectl logs --namespace=kube-system kube-dns-569b8c4c96-bwwvm -c sidecar
ERROR: logging before flag.Parse: W0802 17:51:49.028526 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:59054->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:51:54.029062 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:51343->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:51:59.029389 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:58205->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:04.029922 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:37475->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:09.030484 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:39067->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:14.030962 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:38175->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:19.031436 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:56535->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:24.031820 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:57310->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:29.032374 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:37181->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:34.032952 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:37284->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:39.033511 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:51098->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:44.034022 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:36836->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:49.034444 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:57543->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:54.034865 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:38068->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:52:59.035304 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:59394->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:04.035717 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:36127->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:09.036246 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:42850->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:14.036602 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:43571->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:19.037163 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:45439->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:24.037654 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:35007->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:29.038002 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:46336->127.0.0.1:53: read: connection refused
ERROR: logging before flag.Parse: W0802 17:53:34.038500 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:50540->127.0.0.1:53: read: connection refused
$ kubectl logs --namespace=kube-system kube-dns-569b8c4c96-bwwvm -c dnsmasq
I0802 17:53:35.100942 1 main.go:76] opts: {{/usr/sbin/dnsmasq [-k --cache-size=1000 --log-facility=- --server=/cluster.local/127.0.0.1#10053 --server=/in-addr.arpa/127.0.0.1#10053 --server=/ip6.arpa/127.0.0.1#10053] true} /etc/k8s/dns/dnsmasq-nanny 10000000000}
I0802 17:53:35.101079 1 nanny.go:86] Starting dnsmasq [-k --cache-size=1000 --log-facility=- --server=/cluster.local/127.0.0.1#10053 --server=/in-addr.arpa/127.0.0.1#10053 --server=/ip6.arpa/127.0.0.1#10053]
I0802 17:53:35.336808 1 nanny.go:111]
W0802 17:53:35.336832 1 nanny.go:112] Got EOF from stdout
I0802 17:53:35.336849 1 nanny.go:108] dnsmasq[18]: started, version 2.78-security-prerelease cachesize 1000
I0802 17:53:35.336870 1 nanny.go:108] dnsmasq[18]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
I0802 17:53:35.336877 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain ip6.arpa
I0802 17:53:35.336880 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain in-addr.arpa
I0802 17:53:35.336883 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain cluster.local
I0802 17:53:35.336887 1 nanny.go:108] dnsmasq[18]: reading /etc/resolv.conf
I0802 17:53:35.336895 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain ip6.arpa
I0802 17:53:35.336901 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain in-addr.arpa
I0802 17:53:35.336907 1 nanny.go:108] dnsmasq[18]: using nameserver 127.0.0.1#10053 for domain cluster.local
I0802 17:53:35.336912 1 nanny.go:108] dnsmasq[18]: using nameserver 10.125.211.1#53
I0802 17:53:35.336917 1 nanny.go:108] dnsmasq[18]: using nameserver 10.96.0.10#53
I0802 17:53:35.336922 1 nanny.go:108] dnsmasq[18]: using nameserver 213.186.33.99#53
I0802 17:53:35.336939 1 nanny.go:108] dnsmasq[18]: read /etc/hosts - 7 addresses
$ kubectl logs --namespace=kube-system kube-dns-569b8c4c96-bwwvm -c kubedns
I0802 17:49:38.070785 1 dns.go:48] version: 1.14.4-2-g5584e04
I0802 17:49:38.071345 1 server.go:66] Using configuration read from ConfigMap: kube-system:kube-dns
I0802 17:49:38.071371 1 server.go:113] FLAG: --alsologtostderr="false"
I0802 17:49:38.071379 1 server.go:113] FLAG: --config-dir=""
I0802 17:49:38.071383 1 server.go:113] FLAG: --config-map="kube-dns"
I0802 17:49:38.071387 1 server.go:113] FLAG: --config-map-namespace="kube-system"
I0802 17:49:38.071390 1 server.go:113] FLAG: --config-period="10s"
I0802 17:49:38.071394 1 server.go:113] FLAG: --dns-bind-address="0.0.0.0"
I0802 17:49:38.071397 1 server.go:113] FLAG: --dns-port="10053"
I0802 17:49:38.071402 1 server.go:113] FLAG: --domain="cluster.local."
I0802 17:49:38.071406 1 server.go:113] FLAG: --federations=""
I0802 17:49:38.071410 1 server.go:113] FLAG: --healthz-port="8081"
I0802 17:49:38.071413 1 server.go:113] FLAG: --initial-sync-timeout="1m0s"
I0802 17:49:38.071416 1 server.go:113] FLAG: --kube-master-url=""
I0802 17:49:38.071420 1 server.go:113] FLAG: --kubecfg-file=""
I0802 17:49:38.071422 1 server.go:113] FLAG: --log-backtrace-at=":0"
I0802 17:49:38.071428 1 server.go:113] FLAG: --log-dir=""
I0802 17:49:38.071433 1 server.go:113] FLAG: --log-flush-frequency="5s"
I0802 17:49:38.071440 1 server.go:113] FLAG: --logtostderr="true"
I0802 17:49:38.071445 1 server.go:113] FLAG: --nameservers=""
I0802 17:49:38.071452 1 server.go:113] FLAG: --stderrthreshold="2"
I0802 17:49:38.071457 1 server.go:113] FLAG: --v="2"
I0802 17:49:38.071464 1 server.go:113] FLAG: --version="false"
I0802 17:49:38.071474 1 server.go:113] FLAG: --vmodule=""
I0802 17:49:38.071525 1 server.go:176] Starting SkyDNS server (0.0.0.0:10053)
I0802 17:49:38.071749 1 server.go:198] Skydns metrics enabled (/metrics:10055)
I0802 17:49:38.071757 1 dns.go:147] Starting endpointsController
I0802 17:49:38.071761 1 dns.go:150] Starting serviceController
I0802 17:49:38.071836 1 logs.go:41] skydns: ready for queries on cluster.local. for tcp://0.0.0.0:10053 [rcache 0]
I0802 17:49:38.071855 1 logs.go:41] skydns: ready for queries on cluster.local. for udp://0.0.0.0:10053 [rcache 0]
I0802 17:49:38.082493 1 sync_configmap.go:107] ConfigMap kube-system:kube-dns was created
I0802 17:49:38.581981 1 dns.go:171] Initialized services and endpoints from apiserver
I0802 17:49:38.582016 1 server.go:129] Setting up Healthz Handler (/readiness)
I0802 17:49:38.582031 1 server.go:134] Setting up cache handler (/cache)
I0802 17:49:38.582045 1 server.go:120] Status HTTP port 8081
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 6
- Comments: 18 (5 by maintainers)
Commits related to this issue
- accelerate k8s deployment sequence - there is a bug in busybox that makes DNS resolution slow - see https://github.com/kubernetes/kubernetes/issues/66924 — committed to reshordling/kubescaler by deleted user 5 years ago
- Fixing version for busybox Fixing version for busybox as DNS for busybox doesnt from version > 1.28.4 For more details refer here: https://github.com/kubernetes/kubernetes/issues/66924#issuecomment... — committed to ExpediaDotCom/haystack by keshavpeswani 5 years ago
- Fixing version for busybox (#795) Fixing version for busybox as DNS for busybox doesnt from version > 1.28.4 For more details refer here: https://github.com/kubernetes/kubernetes/issues/66924#issuec... — committed to ExpediaDotCom/haystack by keshavpeswani 5 years ago
- fix busybox image to 1.28 (issues with `nslookup`). Changes where done with these commands: reprec 'image: busybox(?!:)' 'image: busybox:1.28' */docs */examples reprec -- '--image=busybox(?!:)' '--i... — committed to guettli/website by guettli 2 years ago
It looks like DNS inside busybox does not work properly. At least it works for me with busybox images <=
1.28.4Any solution on this? Also having this problem
In my case it was a missing IP tables rule on a dedicated server. Resolved by executing on the server:
@gogene P.S. In 2020.08, the 1.32.0 still has problem in nslookup. (2 years has passed…)
@gogene Ok - version
1.28.4solves it, works like a charm, thank you, I think we can close this issue.`Btw. do you know why it can’t resolve
svc.cluster.local?Actually the same problem is on newest MacOS, when I run busybox pod and nslookup the domain:
there are two reason caused this issue:
Try querying one of the the kube-dns pods directly, to see if it’s a network layer issue… e.g.
kubectl -n default exec -ti busybox nslookup kubernetes.default <ip-address-of-pod>On my MacOS I have only one pod with
kube-dns:$ kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name:
On my server (Ubuntu 18.04) I have 3 pods: $ kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name:
$ kubectl -n default exec -ti busybox nslookup kubernetes.default 10.244.0.84:
$ kubectl -n default exec -ti busybox nslookup cluster.local 10.244.0.84:
$ kubectl -n default exec -ti busybox nslookup kubernetes.default 10.244.0.82:
$ kubectl -n default exec -ti busybox nslookup cluster.local 10.244.0.82:
More details on these 2
corednspods on Ubuntu:$ kubectl -n kube-system describe pod coredns-78fcdf6894-c4sk8:
$ kubectl -n kube-system describe pod coredns-78fcdf6894-mzv9t:
Just for the records, I opened a new issue at the bugtracker of busybox: https://bugs.busybox.net/show_bug.cgi?id=14671