11161 – nslookup doesn't work in kubernetes

Bug 11161 - nslookup doesn't work in kubernetes

Summary: nslookup doesn't work in kubernetes

Status:	RESOLVED FIXED

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Networking (show other bugs)
Version:	1.29.x
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-18 12:26 UTC by sylvain.boily
Modified:	2018-08-01 17:44 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description sylvain.boily 2018-07-18 12:26:15 UTC

see the following github issue for details.

https://github.com/docker-library/busybox/issues/48

This started with version 1.29

Comment 1 Tianon Gravi 2018-07-20 21:05:13 UTC

I haven't dug into the code yet, but in testing it would appear that the new DNS code in "nslookup" for the 1.29 release doesn't support DNS search domains ("search" entry in /etc/resolv.conf) at all, which Kubernetes makes pretty heavy use of.

Comment 2 Tianon Gravi 2018-07-20 21:10:23 UTC

(For context, my previous comment was based on testing a build of 1.29.1 built against all three of uClibc via buildroot, musl via Alpine, and glibc via Debian.)

Looking in the code, it appears my hunch was correct; I think "parse_resolvconf" is the culprit? (https://git.busybox.net/busybox/tree/networking/nslookup.c?h=1_29_1#n664)

That doesn't appear to do anything with "search" values (except ignore them), which is a regression from the previous libc-based behavior.  Was ignoring these intentional in this new implementation, or simply an oversight? (should someone work on / is someone working on a patch?)

Comment 3 Denys Vlasenko 2018-07-24 09:49:01 UTC

No, it's not intentional.
I'm actually surprised there were users of "old" nslookup, it had severe problems working (and even compiling on some libc).

Your options:
(1) switch to old version (disable FEATURE_NSLOOKUP_BIG)
(2) send a patch to improve the new version
(3) wait for someone to do (2)

Comment 4 ghicken 2018-07-26 21:22:33 UTC

I'm seeing nslookup fail intermittently. If I specify -type=a then it succeeds reliably.

In my case it appears to be related to nslookup issuing A and AAAA queries concurrently; in this case there is no AAAA record - I have not tried a scenario where there is an AAAA record.

From the DNS side the two queries are using the same ID and as best I can determine the failure happens if the AAAA response returns first.

Hopefully that's helpful additional data.

Comment 5 Denys Vlasenko 2018-07-31 11:48:50 UTC

(In reply to ghicken from comment #4)
> I'm seeing nslookup fail intermittently. If I specify -type=a then it succeeds reliably.
> In my case it appears to be related to nslookup issuing A and AAAA queries concurrently; in this case there is no AAAA record - I have not tried a scenario where there is an AAAA record.
> From the DNS side the two queries are using the same ID and as best I can determine the failure happens if the AAAA response returns first.

Can you provide the error message and ideally, tcpdump of the resolution attempt?

Comment 6 Denys Vlasenko 2018-08-01 17:44:59 UTC

Hopefully fixed in git.