unable to resolve external dns names inside the warden

mira...@gmail.com

unread,

Sep 18, 2014, 7:19:04 AM9/18/14

to vcap...@cloudfoundry.org

Hi,

I deployed cf on openstack+microbosh(recursor=8.8.8.8)+cf183

Then I deployed java application, on staging phase it couldn't resolve "github.com" name so I created offline buildpack as workaround and deployed the app successfully.

My app is working with external resources, but they are not available by dns name, only by ip.

I have 2 DEA runners, I checked /etc/resolv.conf:

nameserver 10.0.47.3

domain novalocal

search novalocal

then I ran this command:

host -a github.com 10.0.47.3

Trying "github.com"

;; Truncated, retrying in TCP mode.

Trying "github.com"

Using domain server:

Name: 10.0.47.3

Address: 10.0.47.3#53

Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51675

;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;github.com. IN ANY

;; ANSWER SECTION:

github.com. 3599 IN SOA ns1.p16.dynect.net. hostmaster.github.com. 1411038649 3600 600 604800 60

github.com. 21599 IN NS ns2.p16.dynect.net.

github.com. 21599 IN NS ns1.p16.dynect.net.

github.com. 21599 IN NS ns4.p16.dynect.net.

github.com. 21599 IN NS ns3.p16.dynect.net.

github.com. 29 IN A 192.30.252.129

github.com. 29 IN A 192.30.252.130

github.com. 29 IN A 192.30.252.131

github.com. 29 IN A 192.30.252.128

github.com. 299 IN MX 10 mxb-00184f01.gslb.pphosted.com.

github.com. 299 IN MX 10 mxa-00184f01.gslb.pphosted.com.

github.com. 299 IN TXT "v=spf1 ip4:192.30.252.0/22 include:_spf.google.com include:esp.github.com include:cmail1.com include:mail.zendesk.com include:auth.madmimi.com ~all"

github.com. 299 IN SSHFP 2 1 7491973E5F8B39D5327CD4E08BC81B05F7710B49

github.com. 299 IN SSHFP 1 1 BF6B6825D2977C511A475BBEFB88AAD54A92AC73

Vms state:

+------------------------------------+---------+---------------+-------------+

+------------------------------------+---------+---------------+-------------+

| | | |**** |

| hm9000_z1/0 | running | medium_z1 | 10.0.47.8 |

+------------------------------------+---------+---------------+-------------+

Actually I'm running out ideas where to dig in

sparam...@pivotal.io

unread,

Sep 18, 2014, 11:49:09 AM9/18/14

to vcap...@cloudfoundry.org, mira...@gmail.com

Can you try running just curl command to see if it can connect? Quite possible there is timeout happening before the name could be resolved.

I could successfully run curl with verbose option against https://www.github.com as well as www.nytimes.com inside DEA of bosh-lite but it took real long.

I suspect the same thing happening with the buildpack download.

Change the TIMEOUT from 10 to 20 seconds inside the <java-buildpack>/lib/java_buildpack/util/cache/download_cache.rb file and see if the app pushes succeed.

-Sabha

Ferran Rodenas

unread,

Sep 18, 2014, 2:07:41 PM9/18/14

to vcap...@cloudfoundry.org, mira...@gmail.com

Check also you CF security groups to be sure you explicitly allow DNS queries from inside the DEAs. As an example, the AWS templates creates a global CF security group for DNS: https://github.com/cloudfoundry/cf-release/blob/master/templates/cf-properties.yml#L22

- Ferdy

--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/16eb062f-0c54-4206-8d29-bd52e831bec2%40cloudfoundry.org.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

mira...@gmail.com

unread,

Sep 19, 2014, 4:34:19 AM9/19/14

to vcap...@cloudfoundry.org, mira...@gmail.com

четверг, 18 сентября 2014 г., 21:07:41 UTC+3 пользователь ferdy написал:

Thanks for reply this is exactly what was wrong, there were cf security groups but they haven't been assigned to staging and running states, I assigned them and now staging phase is resolving github.com etc and app from warden resolves external dns names.