Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why nslookup can't resolv short name? #27

Closed
likunbyl opened this issue Apr 18, 2017 · 9 comments
Closed

Why nslookup can't resolv short name? #27

likunbyl opened this issue Apr 18, 2017 · 9 comments
Labels
Issue

Comments

@likunbyl
Copy link

I'm using the newest container of busybox to run nslookup, but can't get short name resolved. any hints?

nslookup nginx

Server: 192.168.192.10
Address 1: 192.168.192.10 kube-dns.kube-system.svc.cluster.local

nslookup: can't resolve 'nginx'

nslookup nginx.policy-demo.svc.cluster.local

Server: 192.168.192.10
Address 1: 192.168.192.10 kube-dns.kube-system.svc.cluster.local

Name: nginx.policy-demo.svc.cluster.local
Address 1: 192.168.204.48 nginx.policy-demo.svc.cluster.local

My /etc/resolv.conf is like this:

cat /etc/resolv.conf

nameserver 192.168.192.10
search policy-demo.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
@tianon
Copy link
Member

tianon commented Apr 25, 2017

I can't seem to reproduce with any of our three variants. 😞

$ docker network create test
32024cd09daca748f8254468f4f00893afc2e1173c378919b1f378ed719f1618
$ docker run -dit --name nginx --network test nginx:alpine
7feaf1f0b4f3d421603bbb984854b753c7cbc6b581dd0a304d3b8fccf8c6604b
$ docker run -it --rm --network test busybox:uclibc nslookup nginx
Server:    127.0.0.11
Address 1: 127.0.0.11

Name:      nginx
Address 1: 172.22.0.2 nginx.test
$ docker run -it --rm --network test busybox:glibc nslookup nginx
Server:    127.0.0.11
Address 1: 127.0.0.11

Name:      nginx
Address 1: 172.22.0.2 nginx.test
$ docker run -it --rm --network test busybox:musl nslookup nginx
nslookup: can't resolve '(null)'

Name:      nginx
Address 1: 172.22.0.2 nginx.test

@likunbyl
Copy link
Author

Thank you, tianon

With busybox:glibc, I can resolve the short name too:

$ kubectl exec busybox1 -- nslookup kubernetes                                 
Server:    192.168.192.10
Address 1: 192.168.192.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 192.168.192.1 kubernetes.default.svc.cluster.local

busybox1 is based on busybox:glibc

With busybox:lastest, I can't

$ kubectl exec busybox -- nslookup kubernetes                                            
nslookup: can't resolve 'kubernetes'
Server:    192.168.192.10
Address 1: 192.168.192.10 kube-dns.kube-system.svc.cluster.local

busybox is based on busybox:latest

@tianon
Copy link
Member

tianon commented May 4, 2017
edited
Loading

Ah, it's not specific to short names, but DNS search paths; here's a better example for reproducing:

$ docker network create --internal test
66b1bf0bf05cec6d32c171cc601b6ee160bb94de670b0c61a0a15ae267302d06

$ docker run -dit --name nginx.domain --network test nginx:alpine
448e9b11cfb336464494c615be81db3058431f623eb9416507f5f46e19b2455c

$ docker run -it --rm --network test --dns-search domain busybox:glibc nslookup nginx
Server:    127.0.0.11
Address 1: 127.0.0.11

Name:      nginx
Address 1: 172.22.0.2 nginx.domain.test

$ docker run -it --rm --network test --dns-search domain busybox:uclibc nslookup nginx
Server:    127.0.0.11
Address 1: 127.0.0.11

nslookup: can't resolve 'nginx'

$ docker run -it --rm --network test --dns-search domain busybox:musl nslookup nginx
nslookup: can't resolve '(null)'

nslookup: can't resolve 'nginx'

(busybox:uclibc is busybox:latest)

😞

Not sure where to start digging on this one. 😕

lander2k2 added a commit to lander2k2/etcd-operator that referenced this issue Feb 7, 2018
@lander2k2
pkg/util: Change check-dns init container image
07c06a4 
The image currently used is busybox:1.28.0 which uses uclibc.  This is
causing nslookup to fail name resolution when it shouldn't in some
environments.  The version of busybox that uses glibc does not suffer the
same problem.

Related:
docker-library/busybox#9
docker-library/busybox#27
@lander2k2 lander2k2 mentioned this issue Feb 7, 2018
Merged
hongchaodeng pushed a commit to coreos/etcd-operator that referenced this issue Feb 8, 2018
@lander2k2 @hongchaodeng
pkg/util: Change check-dns init container image (#1919)
101e85f 
The image currently used is busybox:1.28.0 which uses uclibc.  This is
causing nslookup to fail name resolution when it shouldn't in some
environments.  The version of busybox that uses glibc does not suffer the
same problem.

Related:
docker-library/busybox#9
docker-library/busybox#27
@hongchaodeng hongchaodeng mentioned this issue Feb 8, 2018
Merged
@vcunat
Copy link

vcunat commented Feb 23, 2018
edited
Loading

The implementation is broken with non-glibc, reportedly due to fiddling with its internals: https://dev.openwrt.org/ticket/18333 and https://bugs.busybox.net/show_bug.cgi?id=675

@wglambert
Copy link

Seems only uclibc is broken now

$ docker network create --internal test
d0f3b32461787a7d830cb7f73504db08a563dddbe1a93079bcd7b4034f7736de

$ docker run -dit --name nginx --network test nginx:alpine
bb795c7ddcee2043f1e4c6ce41d292af6e8497c29e80777f267864145052b345

$ docker run -it --rm --network test --dns-search domain busybox:glibc nslookup nginx
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:   nginx
Address: 172.22.0.2

$ docker run -it --rm --network test --dns-search domain busybox:uclibc nslookup nginx
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:

*** Can't find nginx: No answer

$ docker run -it --rm --network test --dns-search domain busybox:musl nslookup nginx
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name:   nginx
Address: 172.22.0.2

@aberres
Copy link

aberres commented Jul 20, 2018

I am seeing the behavior with uclibc and glibc on a Google Kubernetes instance.

Shouldn't nslookup return with 1 as well if the lookup failed?

I stumbled upon the problem when playing with init containers as described in the Kubernetes documentation: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Due to this issue, the examples in the documentation do not work at all.

aberres added a commit to aberres/website that referenced this issue Jul 20, 2018
@aberres
Use alpine instead of busybox for nslookup examples
744a84c 
nslookup in the busybox image seems to be broken.
It always returns with 0 even when the lookup fails. Additionally, it fails to resolve DNS paths.
See docker-library/busybox#27
@aberres aberres mentioned this issue Jul 20, 2018
Closed
@tianon
Copy link
Member

tianon commented Jul 20, 2018

How does this relate to #48? Are they the same issue?

@tianon tianon mentioned this issue Jul 20, 2018
Closed
@tianon
Copy link
Member

tianon commented Jul 20, 2018

From what I can tell, the new resolver in BusyBox's nslookup doesn't support DNS search domains at all, which seems like a pretty hefty regression.

@tianon
Copy link
Member

tianon commented Jul 20, 2018

(See https://bugs.busybox.net/show_bug.cgi?id=11161 for where this is filed upstream.)

I'm going to close this in favor of #48, where there's been slightly more recent discussion. 👍

@tianon tianon closed this as completed Jul 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tianon @vcunat @likunbyl @aberres @wglambert