search

clincha-org / clincha

Configuration and monitoring of clinch-home infrastructure
https://clinch-home.com
1 stars 1 forks source link

DNS lookup issues... again #102

Closed clincha closed 1 year ago

clincha commented 1 year ago

61 identified DNS resolution issues. I thought that I had resolved the problem but it has cropped up again in a later deployment.

The issue seems in part to relate to the issues in this StackOverflow post. I'm using the OS they are having problems with and manually disabling firewalld allows DNS traffic to resolve again. When firewalld is running I get these errors in the core-dns logs:

[kubernetes@bri-master-1 ~]$ k logs  -n kube-system  -l k8s-app=kube-dns
.:53
[INFO] plugin/reload: Running configuration SHA512 = 591cf328cccc12bc490481273e738df59329c62c0b729d94e8b61db9961c2fa5f046dd37f1cf888b953814040d180f52594972691cd6ff41be96639138a43908
CoreDNS-1.9.3
linux/amd64, go1.18.2, 45b0a11
[ERROR] plugin/errors: 2 1078600043239553541.3476086839023400652. HINFO: read udp 10.244.3.2:38188->192.168.1.1:53: read: no route to host
[ERROR] plugin/errors: 2 1078600043239553541.3476086839023400652. HINFO: read udp 10.244.3.2:46630->192.168.1.1:53: read: no route to host
[ERROR] plugin/errors: 2 1078600043239553541.3476086839023400652. HINFO: read udp 10.244.3.2:48617->192.168.1.1:53: read: no route to host
.:53
[INFO] plugin/reload: Running configuration SHA512 = 591cf328cccc12bc490481273e738df59329c62c0b729d94e8b61db9961c2fa5f046dd37f1cf888b953814040d180f52594972691cd6ff41be96639138a43908
CoreDNS-1.9.3
linux/amd64, go1.18.2, 45b0a11
[ERROR] plugin/errors: 2 5029101536271341981.505825649077986866. HINFO: read udp 10.244.1.2:35013->192.168.1.1:53: read: no route to host
[ERROR] plugin/errors: 2 5029101536271341981.505825649077986866. HINFO: read udp 10.244.1.2:47530->192.168.1.1:53: read: no route to host
[ERROR] plugin/errors: 2 5029101536271341981.505825649077986866. HINFO: read udp 10.244.1.2:55532->192.168.1.1:53: read: no route to host

It looks like firewalld is blocking the route to the gateway for DNS lookups. I would prefer to have firewalld running but DNS traffic allowed through it. Lets see what we can do.

clincha commented 1 year ago

Alright it looks like a PITA to get these working together. Time for firewalld to go. At some point I might want to move to another OS (ubuntu?) to get this working

clincha commented 1 year ago

Disabling the firewall worked. Unfortunately, it will need to stay like this until I either want to sink the time to configure it or change the infrastructure to support it