This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

10/03/2022, 3:28 PM

This message was deleted.

bland-account-99790

10/03/2022, 4:27 PM

ndots:5

is a Kubernetes default parameter, i.e. it is not set by k3s. You can change it though https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config

bland-account-99790

10/03/2022, 4:28 PM

However, it should work with

ndots:5

bland-account-99790

10/03/2022, 4:30 PM

Can you check that github.com+your_search_domains does not exist? Check: • github.com.default.svc.cluster.local • github.com.svc.cluster.local • etc When you try

<http://github.com|github.com>.

you are telling your OS that the string is already a FQDN and thus it does not need to add any search domain

bland-account-99790

10/03/2022, 4:31 PM

I suspect

<http://github.com|github.com>.$OneOfYourSearchDomains[[home search domains redacted]

returns an IP from a server which does not reply to pings

bland-account-99790

10/03/2022, 4:31 PM

Something similar happened to this user https://github.com/k3s-io/k3s/issues/5045

kind-nightfall-56861

10/03/2022, 7:44 PM

I cannot explain that behaviour, but I have had a somewhat similar example, where pings would most of the time simply fail, and some times it would succeed, albeit with a massive latency on the line. Turns out that my dns pod wasn't running properly, and along side many other system pods that were in a malfunctioning state, so I deleted them all and let k3s recreate them to resolve the issue.

bright-jordan-61721

10/04/2022, 3:15 AM

ok so I get this:

Copy code

bash-5.1# nslookup <http://github.com|github.com>
Server:         10.43.0.10
Address:        10.43.0.10#53

*** Can't find <http://github.com.private.home.jtcressy.net|github.com.private.home.jtcressy.net>: No answer

but this makes no sense, except that there are exactly 5 dots in that FQDN it stopped with. and this is the first search domain after cluster.local

bright-jordan-61721

10/04/2022, 3:27 AM

Hmm, I think the problem is that some DNS somewhere up my chain is returning with a NOERROR for

<http://github.com.private.home.jtcressy.net|github.com.private.home.jtcressy.net>

instead of NXDOMAIN since when I dig

<http://github.com|github.com>.svc.cluster.local

it will give me NXDOMAIN, and this must be the response needed for the resolver to query the next search domain

bright-jordan-61721

10/04/2022, 3:32 AM

LOL so the problem is that I had CAA records with wildcards e.g.

*.<http://home.jtcressy.net|home.jtcressy.net> in CAA

As soon as I deleted them I get NXDOMAIN instead of NOERROR I hate DNS!

🤣 1

bright-jordan-61721

10/04/2022, 3:32 AM

some references that led me to this conclusion: https://cloud.google.com/dns/docs/troubleshooting#unexpected_data_when_querying_for_resource_record_sets_present_in_the_zone

bright-jordan-61721

10/04/2022, 3:32 AM

my base domain, jtcressy.net is hosted in clouddns

bright-jordan-61721

10/04/2022, 3:32 AM

and instead of CNAME records shadowing things, it was CAA records

kind-nightfall-56861

10/04/2022, 7:25 AM

Nice, good to hear you managed to resolve it 😄

bland-account-99790

10/04/2022, 12:27 PM

Yes! Good work @bright-jordan-61721, DNS can be complex

140 Views

Open in Slack

Previous Next