Open queglay opened 3 years ago
This seems to be the problem.
; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> vault.service.consul +trace
;; global options: +cmd
;; Received 51 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms
Normally should this be 127.0.0.1#53
?
I really don't know much about systemd resolv.conf and how consul is supposed to configure it, but this seems strange...
ubuntu@ip-10-4-101-242:~$ cat /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.1
nameserver 10.4.0.2
search service.consul
ubuntu@ip-10-4-101-242:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search service.consul
options edns0
And so when I just use dig vault.service.consul
, it is not actually using the systemd/resolv.conf
I'd love to know why that would be happening.
I wonder if this is the cause of https://github.com/hashicorp/terraform-aws-vault/issues/223?
Ah, I see you mentioned Vault in your first sentence, so yea, looks like these are related.
It looks like the symlink is just not linked correctly...
When testing on ubuntu 18 for a vault client, I can only use
dig @localhost vault.service.consul
and notdig vault.service.consul
. This results in vault commands not succeeding.I usually use the client on Amazon Linux 2 and centos which work for me. I installed systemd with defaults for ubuntu18.
I can see consul members and can lookup vault with
dig @localhost vault.service.consul
...But cannot with
dig vault.service.consul
If I check the status of the service I can see: