Menu
i found that apparently in Ubuntu 18 the whole DNS-setup is very confusing. Im connected through an pritunl VPN to my kube-cluster and im trying to use the kube-dns server. So i first tried to use https://github.com/jonathanio/update-systemd-resolved to update my DNS settings with the pushed DNS server from the VPN, but it seems that currently something is broken (https://github.com/jonathanio/update-systemd-resolved/issues/64).
As im ok with hard-coding the DNS ip somewhere, i tried putting the IP in some places: installing resolvconf and putting it in /etc/resolvconf/resolv.conf.d/head, putting it in /etc/systemd/resolved.conf, of course also trying to put it directly into /etc/resolv.conf, as im a naiv person. After restarting some things a couple of times, i reached an even more confusing state:
% dig pritunl-ui.infra.svc.cluster.local
[...]
;; ANSWER SECTION:
pritunl-ui.infra.svc.cluster.local. 30 IN A 10.15.246.61
[...]
So this looks good, but:
% curl 'https://pritunl-ui.infra.svc.cluster.local' --insecure
curl: (6) Could not resolve host: pritunl-ui.infra.svc.cluster.local
Calling the IP does work though:
% curl 'https://10.15.246.61' --insecure
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="https://10.15.246.61/login">https://10.15.246.61/login</a>. If not click the link.
I also tried turning-it-off-and-on-again (my host machine), but stays the same. nslookup does also work fine, tracepath doesnt.
% systemd-resolve --status
Global
DNS Servers: 10.15.240.10
DNS Domain: svc.cluster.local
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.15.240.10
DNS Domain: default.svc.cluster.local
~.
Link 2 (wlp2s0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.178.1
fd00::cece:1eff:feba:6468
DNS Domain: ~.
fritz.box
Any ideas how to make this work?
296
To answer my own question: I digged a bit deeper and learned a bit about avahi, nscd, systemd-resolve and the magic of nsswitch. So apparently the problem was this line in my /etc/nsswitch.conf:
hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname
I missed that readme from update-systemd-resolved actually recommended changing this line. So i changed it to
hosts: files dns resolve myhostname
Et Voilà, now curl can reach the host:
$ getent ahosts pritunl-ui.infra.svc.cluster.local
10.15.246.61 STREAM pritunl-ui.infra.svc.cluster.local
10.15.246.61 DGRAM
10.15.246.61 RAW
I also tried to just remove the [NOTFOUND=return] part, and that seems to have the same effect, it also works. Maybe it says something like "if mdns fails, stop here and ignore the rest"..? Which would be a very odd strategy i think.
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With