Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
"Name or service not known" in Bookworm on Kubernetes
104 views
Skip to first unread message
Robin Gustafsson
Jun 27, 2023, 6:20:06 AM6/27/23
to
Hi,
I'm running Debian on Kubernetes using the official Docker images [1].
In Bookworm, attempted connections to some internal domains fail with
"Name or service not known". It works as expected in Bullseye.
DNS lookups with `dig` and `host` work as expected, but most programs, e.g.
`nc`, `telnet` and `curl`, fail. `getaddrinfo` fails to resolve the name
(returns -2).
The problem seems to occur only for domains managed by the DNS in the Kubernetes
cluster.
For example (with altered domain names):
root@debian12:/# nc -zv dev.example.com 443
nc: getaddrinfo for host "dev.example.com" port 443: Name or
service not known
root@debian12:/# dig dev.example.com
; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> dev.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24682
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d2bf261c4440a84d (echoed)
;; QUESTION SECTION:
;dev.example.com. IN A
;; ANSWER SECTION:
dev-nl.k8s-staging.example.com. 30 IN A 10.100.57.247
;; Query time: 4 msec
;; SERVER: 10.100.0.10#53(10.100.0.10) (UDP)
;; WHEN: Mon Jun 26 11:37:45 UTC 2023
;; MSG SIZE rcvd: 108
root@debian12:/# host dev.example.com
dev-nl.k8s-staging.example.com has address 10.100.57.247
root@debian12:/# nc -zv dev-nl.k8s-staging.example.com 443
Connection to dev-nl.k8s-staging.example.com (10.100.57.247)
443 port [tcp/*] succeeded!
The configuration files /etc/nsswitch.conf, /etc/host.conf, /etc/resolv.conf,
/etc/hosts, and /etc/gai.conf are all identical in Bullseye and Bookworm, except
for one line in /etc/hosts with the containers' own IP and hostname.
I found no obviously interesting differences in the lists of installed packages
(other than newer versions of almost everything, of course).
It could be container/Kubernetes-specific. I don't have a similar DNS setup
elsewhere to reproduce it.
Any ideas about noteworthy differences between Bullseye and Bookworm w.r.t DNS,
or what to try next to figure it out?
Please CC me in replies.
[1]: https://hub.docker.com/_/debian
Regards,
Robin
I'm running Debian on Kubernetes using the official Docker images [1].
In Bookworm, attempted connections to some internal domains fail with
"Name or service not known". It works as expected in Bullseye.
DNS lookups with `dig` and `host` work as expected, but most programs, e.g.
`nc`, `telnet` and `curl`, fail. `getaddrinfo` fails to resolve the name
(returns -2).
The problem seems to occur only for domains managed by the DNS in the Kubernetes
cluster.
For example (with altered domain names):
root@debian12:/# nc -zv dev.example.com 443
nc: getaddrinfo for host "dev.example.com" port 443: Name or
service not known
root@debian12:/# dig dev.example.com
; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> dev.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24682
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d2bf261c4440a84d (echoed)
;; QUESTION SECTION:
;dev.example.com. IN A
;; ANSWER SECTION:
dev-nl.k8s-staging.example.com. 30 IN A 10.100.57.247
;; Query time: 4 msec
;; SERVER: 10.100.0.10#53(10.100.0.10) (UDP)
;; WHEN: Mon Jun 26 11:37:45 UTC 2023
;; MSG SIZE rcvd: 108
root@debian12:/# host dev.example.com
dev-nl.k8s-staging.example.com has address 10.100.57.247
root@debian12:/# nc -zv dev-nl.k8s-staging.example.com 443
Connection to dev-nl.k8s-staging.example.com (10.100.57.247)
443 port [tcp/*] succeeded!
The configuration files /etc/nsswitch.conf, /etc/host.conf, /etc/resolv.conf,
/etc/hosts, and /etc/gai.conf are all identical in Bullseye and Bookworm, except
for one line in /etc/hosts with the containers' own IP and hostname.
I found no obviously interesting differences in the lists of installed packages
(other than newer versions of almost everything, of course).
It could be container/Kubernetes-specific. I don't have a similar DNS setup
elsewhere to reproduce it.
Any ideas about noteworthy differences between Bullseye and Bookworm w.r.t DNS,
or what to try next to figure it out?
Please CC me in replies.
[1]: https://hub.docker.com/_/debian
Regards,
Robin
0 new messages