This message was deleted Rancher Users #rke

Join Slack

This message was deleted.

# rke

adamant-kite-43734

11/09/2022, 10:03 PM

This message was deleted.

limited-pizza-33551

11/11/2022, 1:33 AM

Hey @quiet-fountain-61995, does your installation use custom certs by any chance? Or is it using the default certs?

quiet-fountain-61995

11/15/2022, 2:51 PM

Hey @limited-pizza-33551 its the default certs. i figured out what the issue was after two weeks. of pain staking debugging. it was one of the entries in our search domain filed of the

/etc/resolv.conf

file. The file liked like the below file :

quiet-fountain-61995

11/15/2022, 2:53 PM

nameserver 10.0.0.0

search production.svc.cluster.local svc.cluster.local cluster.local <http://dc.mydomain.com|dc.mydomain.com>

quiet-fountain-61995

11/15/2022, 2:58 PM

the issue was that for the last entry

<http://dc.mydomain.com|dc.mydomain.com>

when coredns tried to resolve

<https://google.com>

with it it was returning a

NOERROR

instead of a

NXDOMAIN.

and so the search loop was closed and it resulted in a

tls error

because there was no active DNS resolver at the

<http://dc.mydomain.com|dc.mydomain.com>

search entry. the fix was to either remove the search entry form the servers network manager or setup a dns resolver at the endpoint which is how we wanted it to work. and now our dns tls queries are resolved. So looks like its more of a coredns issue than rancher.

5 Views

Open in Slack

Previous Next