kubernetes: Kube-DNS Name does not resolve.

kind bug

What happened:

DNS lookup from within the pod fails. When using name to resolve.

If you don’t see a command prompt, try pressing enter. [ root@curl-775f9567b5-ktcf5:/ ]$ nslookup 10.96.0.1 Server: 10.96.0.10 Address 1: 10.96.0.10

Name: 10.96.0.1 Address 1: 10.96.0.1

– Returns just the IP.

[ root@curl-775f9567b5-ktcf5:/ ]$ nslookup kubernetes.default Server: 10.96.0.10 Address 1: 10.96.0.10

nslookup: can’t resolve ‘kubernetes.default’

[ root@curl-775f9567b5-ktcf5:/ ]$ curl google.com curl: (6) Couldn’t resolve host ‘google.com’

What you expected to happen:

[ root@e457aa352100:/ ]$ curl google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY>

The document has moved here.

</BODY></HTML>

How to reproduce it (as minimally and precisely as possible):

setup k8 using kubeadm Tried both Flannel and Calico network.

Anything else we need to know?:

kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kubedns I0531 22:06:48.850820 1 dns.go:48] version: 1.14.8 I0531 22:06:48.851676 1 server.go:71] Using configuration read from directory: /kube-dns-config with period 10s I0531 22:06:48.851715 1 server.go:119] FLAG: --alsologtostderr=“false” I0531 22:06:48.851722 1 server.go:119] FLAG: --config-dir=“/kube-dns-config” I0531 22:06:48.851726 1 server.go:119] FLAG: --config-map=“” I0531 22:06:48.851730 1 server.go:119] FLAG: --config-map-namespace=“kube-system” I0531 22:06:48.851733 1 server.go:119] FLAG: --config-period=“10s” I0531 22:06:48.851737 1 server.go:119] FLAG: --dns-bind-address=“0.0.0.0” I0531 22:06:48.851740 1 server.go:119] FLAG: --dns-port=“10053” I0531 22:06:48.851745 1 server.go:119] FLAG: --domain=“cluster.local.” I0531 22:06:48.851750 1 server.go:119] FLAG: --federations=“” I0531 22:06:48.851754 1 server.go:119] FLAG: --healthz-port=“8081” I0531 22:06:48.851757 1 server.go:119] FLAG: --initial-sync-timeout=“1m0s” I0531 22:06:48.851761 1 server.go:119] FLAG: --kube-master-url=“” I0531 22:06:48.851765 1 server.go:119] FLAG: --kubecfg-file=“” I0531 22:06:48.851768 1 server.go:119] FLAG: --log-backtrace-at=“:0” I0531 22:06:48.851773 1 server.go:119] FLAG: --log-dir=“” I0531 22:06:48.851777 1 server.go:119] FLAG: --log-flush-frequency=“5s” I0531 22:06:48.851780 1 server.go:119] FLAG: --logtostderr=“true” I0531 22:06:48.851783 1 server.go:119] FLAG: --nameservers=“” I0531 22:06:48.851786 1 server.go:119] FLAG: --stderrthreshold=“2” I0531 22:06:48.851789 1 server.go:119] FLAG: --v=“2” I0531 22:06:48.851793 1 server.go:119] FLAG: --version=“false” I0531 22:06:48.851802 1 server.go:119] FLAG: --vmodule=“” I0531 22:06:48.851834 1 server.go:201] Starting SkyDNS server (0.0.0.0:10053) I0531 22:06:48.852022 1 server.go:220] Skydns metrics enabled (/metrics:10055) I0531 22:06:48.852030 1 dns.go:146] Starting endpointsController I0531 22:06:48.852033 1 dns.go:149] Starting serviceController I0531 22:06:48.852279 1 logs.go:41] skydns: ready for queries on cluster.local. for tcp://0.0.0.0:10053 [rcache 0] I0531 22:06:48.852289 1 logs.go:41] skydns: ready for queries on cluster.local. for udp://0.0.0.0:10053 [rcache 0] I0531 22:06:49.352319 1 dns.go:170] Initialized services and endpoints from apiserver I0531 22:06:49.352343 1 server.go:135] Setting up Healthz Handler (/readiness) I0531 22:06:49.352366 1 server.go:140] Setting up cache handler (/cache) I0531 22:06:49.352373 1 server.go:126] Status HTTP port 8081 I0531 22:46:08.860229 1 sync.go:177] Updated upstreamNameservers to [172.24.162.201 172.24.162.191] I0531 22:46:08.860257 1 dns.go:197] Configuration updated: {TypeMeta:{Kind: APIVersion:} Federations:map[] StubDomains:map[] UpstreamNameservers:[172.24.162.201 172.24.162.191]} I0531 23:06:18.860249 1 sync.go:177] Updated upstreamNameservers to [8.8.8.8 8.8.4.4] I0531 23:06:18.860278 1 dns.go:197] Configuration updated: {TypeMeta:{Kind: APIVersion:} Federations:map[] StubDomains:map[] UpstreamNameservers:[8.8.8.8 8.8.4.4]} I0531 23:40:08.860190 1 dns.go:197] Configuration updated: {TypeMeta:{Kind: APIVersion:} Federations:map[] StubDomains:map[] UpstreamNameservers:[]}

Environment:

  • Kubernetes version

kubectl version Client Version: version.Info{Major:“1”, Minor:“10”, GitVersion:“v1.10.2”, GitCommit:“81753b10df112992bf51bbc2c2f85208aad78335”, GitTreeState:“clean”, BuildDate:“2018-04-27T09:22:21Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”}

  • Cloud provider or hardware configuration:
  • OS

NAME=“Red Hat Enterprise Linux Server” VERSION=“7.5 (Maipo)” ID=“rhel” ID_LIKE=“fedora” VARIANT=“Server” VARIANT_ID=“server” VERSION_ID=“7.5” PRETTY_NAME=“Red Hat Enterprise Linux” ANSI_COLOR=“0;31” CPE_NAME=“cpe:/o:redhat:enterprise_linux:7.5:GA:server” HOME_URL=“https://www.redhat.com/” BUG_REPORT_URL=“https://bugzilla.redhat.com/

REDHAT_BUGZILLA_PRODUCT=“Red Hat Enterprise Linux 7” REDHAT_BUGZILLA_PRODUCT_VERSION=7.5 REDHAT_SUPPORT_PRODUCT=“Red Hat Enterprise Linux” REDHAT_SUPPORT_PRODUCT_VERSION=“7.5”

  • Kernel (e.g. uname -a):
  • Install tools:
  • Others:

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 7
  • Comments: 28 (6 by maintainers)

Most upvoted comments

Can we try the following

  1. Test if service selector are working
kubectl get endpoints kube-dns

if this fails, i would look if service controller/controller manager are running correctly on the cluster. You should find (usually 2) endpoints, do they match your DNS pod ips?

  1. does the pod actually work?
kubectl exec --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kubedns -- nslookup google.com 127.0.0.1

kubectl exec --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c kubedns -- nslookup kubernetes 127.0.0.1

Success on the first call means that dns can connect to your upstream dns server. success on the second means DNS itself is working and it is a network path to DNS server. if 1st failed check network path to upstream, if second failed then you should get health prop failures (do you get them?)

  1. Test if your DNS pod is reachable from nodes (1 node + the node that has curl-775f9567b5-ktcf5 pod)
nslookup google.com 10.96.0.10

if not successful then your service (kube-proxy working? not hung?) or pod network routing is not working as expected. To test pod network try deploying nginx and curl it from node and/or a pod (using IP).

+9
khenidak on Jun 7, 2018

@cjbottaro & @parvez84, may I ask did y’all resolve this?

+7
ghost on Sep 6, 2018

@boiside how u resolve it with coredns?

+4
itsecforu on Aug 12, 2020

Has anyone any further troubleshooting steps for this? My DNS pod is healthy and other pods reach it fine, I can resolve external names but nothing under svc.cluster.local. The 2nd command mentioned above fails for me (the 1st succeeds):

... nslookup kubernetes 127.0.0.1
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

nslookup: can't resolve 'kubernetes': Name does not resolve
command terminated with exit code 1

This only happens intermittently, typically after restarting minikube. Restarting the kube-dns pod doesn’t help. Is there a document anywhere describing by what mechanism Kubernetes services are supposed to end up in the kube-dns tables? I am not even sure what logs to check or what pods to restart…

EDIT: running on the kube-dns pod itself, I find entries for pods but not for services:

/ # nslookup kube-dns-86f4d74b45-l92dn 127.0.0.1
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

Name:      kube-dns-86f4d74b45-l92dn
Address 1: 172.17.0.17 kube-dns-86f4d74b45-l92dn
/ # nslookup kube-dns.kube-system 127.0.0.1
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

nslookup: can't resolve 'kube-dns.kube-system': Name does not resolve
/ # nslookup www.google.com 127.0.0.1
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

Name:      www.google.com
Address 1: 216.58.201.196 ber01s09-in-f196.1e100.net
Address 2: 2a00:1450:4006:808::2004 mrs08s06-in-x04.1e100.net

kubectl get endpoints kube-dns works normally, and the kube-dns log has those entries:

I1023 15:36:24.819513       1 dns.go:146] Starting endpointsController
I1023 15:36:24.819521       1 dns.go:149] Starting serviceController
I1023 15:36:24.825288       1 logs.go:41] skydns: ready for queries on cluster.local. for tcp://0.0.0.0:10053 [rcache 0]
I1023 15:36:24.825300       1 logs.go:41] skydns: ready for queries on cluster.local. for udp://0.0.0.0:10053 [rcache 0]
I1023 15:36:25.320925       1 dns.go:170] Initialized services and endpoints from apiserver

… I am out of ideas.

+4
franck102 on Oct 23, 2018

Update on our story. It seems we were partially overload Kube-DNS plus there was a bug in the GKE provided DNS server. So updating our Kube-DNS configmap alleviated the issue, then the GKE team supplied a new DNS configuration for their managed services which likely would resolve the issue for us without making the kube-dns changes.

However, I realize this is the Kubernetes repo and anyone who is not on GKE may still benefit from the final, settled kube-dns config:

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {
      "internal": [ "169.254.169.254" ]
    }
  upstreamNameservers: |
    [ "8.8.8.8", "8.8.4.4" ]

What does this config do? As I understand it after reading the docs and hearing from GKE support, this has only internal names resolve to the internal DNS server 169.254.169.254 (this IP may be different for you if you are not on GKE); everything else resolves to the upstream name servers which are in this case Google’s public name servers. What does this accomplish? It allows kube-dns to quickly determine if the lookup request is internal, and if it is not then send the request upstream. Our company’s code base running in k8s makes a great many DNS queries on a regular basis so this change did help us a lot before GKE team even applied their internal DNS fix.

+3
ghost on Oct 23, 2018

I am also getting Name or service not known logs inside my application pods when the pods are trying to connect to backends like databases(RDS,Elastic Cache Redis,Ec2 Mongo), I increased the number of pods of kube-dns thinking may be because of load. but no luck. Still seeing those errors in huge number. Created a cluster using kops running with 1.8.8 version

+2
ghost on Sep 24, 2018

I believe this is due to ndots:5 - try removing that

I got the same issue. I exec into the pod and then remove ndots: 5 or modify to ndots:1 (of file /etc/resolv.conf) => its working, but i don’t know why ? pls someone tell me how to solve this problem (without exec into pod) ?

+1
trungphungduc on Mar 2, 2021

Solved… my pods were pointing at the DNS server running on the Minikube VM, not at kube-dns, so this is a minikube problem on restart.

As a side note in case that helps someone, changing the “-v=2” arguments in the kube-dns deployment spec is all it takes to see kube-dns actually creating its records as it detects services and pods.

+1
franck102 on Oct 23, 2018

I believe this is due to ndots:5 - try removing that

+1
davidkarlsen on Jun 8, 2018
Read more comments on GitHub
← kubernetes: kube-dns does not work due to DNS server lookup loop (/etc/resolv.conf contains 127.0.0.01 as the upstream nameserver)kubedns-masq and sidecar containers crash after doing nslookup @kubernetes/sig-network-bugs /sig area/dns
kubernetes: Kube-flannel pod Failed to create SubnetManager: error retrieving pod spec dial tcp 10.0.0.1:443: i/o timeout →