Random DNS issue when using Github Actions

[saarw-opti]

I'm trying to use TailScale GitHub actions on the latest (I also tested different versions) version of TailScale and getting these DNS Issues. It also happens when attempting to install it manually on the machine while it is running, I've tried injecting the nameserver and the search to /etc/resolve.conf But it doesn't help in this case. On the Admin console, I've defined the machine as an Ephermal and pre-approved machine. It happens only on GitHub action machines. This issue is something that happens and sometimes does not.

Thanks.

[bradfitz]

Are you using a Dockerfile runner or the Tailscale-supplied action.yml?

What's your GitHub runner type/version?

[saarw-opti]

I tried both the GitHub actions and the manual installation, run on ubuntu-latest, and 20.04 (seems more stable). tried the 1.58.0 and the 1.56.0 of tailscale.

[matthewjthomas]

I was running into a lot of transient DNS resolution failures, followed this recommendation and it seems to be working a lot better: https://github.com/tailscale/github-action/issues/51#issuecomment-1497228382

[sylr]

I too encounter a lot of transient DNS errors, my deployment pipelines randomly fail like this:

> Run helm package ./deploy/chart \
Successfully packaged chart and saved it to: /home/runner/work/.../..../......tgz
Error: Kubernetes cluster unreachable: Get "https://xxxxx.gr7.eu-central-1.eks.amazonaws.com/version": dial tcp: lookup xxxxx.gr7.eu-central-1.eks.amazonaws.com on 127.0.0.53:53: read udp 127.0.0.1:40699->127.0.0.53:53: i/o timeout

It was working fine a few weeks ago, now I have to restart my deployment pipelines a lot.

[dgivens]

I saw this a while back, but it seemed to go away for a while, then it became a problem again about a week ago. We are using the standard hosted runner and the following action. When it started causing us problems last week, we added the Tailscale version based on the same issue @matthewjthomas referenced, #51. It has not made a difference.

This is our action.

name: 'connect_tailscale'
description: 'Connects to Tailscale'
inputs:
    ts_oauth_client_id:
        description: 'TS_OAUTH_CLIENT_ID'
        required: true
    ts_oauth_secret:
        description: 'TS_OAUTH_SECRET'
        required: true
runs:
    using: 'composite'
    steps:
        - name: Tailscale
          uses: tailscale/github-action@v2
          with:
              version: 1.64.0
              oauth-client-id: ${{ inputs.TS_OAUTH_CLIENT_ID }}
              oauth-secret: ${{ inputs.TS_OAUTH_SECRET }}
              tags: tag:github
              args: --accept-routes --accept-dns

[KlausVii]

We are also experiencing DNS timeouts with tailscale in our ci. Our setup

     - name: Tailscale
        uses: tailscale/github-action@v2
        with:
          oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ env.TS_OAUTH_SECRET }}
          tags: tag:ci
          version: 1.64.0

[arnecls]

We found that the tailscale action is "reporting ready" to quickly. It waits for tailscale status to return ok, but it takes another ~10s until DNS becomes available. So sleeping for 10s after the connect step usually solves the issue.

I'd like to have a more consistent way of waiting for DNS to become ready though.