我在 Kubernetes 中遇到 DNS 解析问题。内容比较复杂,请耐心阅读。
环境:
- 本地和私有云
操作系统
- Ubuntu 服务器 20.04 LTS
系统网络:
- VPN s2
- 自定义 DNS (10.4.0.149) 添加到 LAN 接口
库伯内特网络:
- 印花布
- CoreDNS 和 NodelocalDNS
目前私有云上的 K8s Pod 需要从本地的 DNS 解析域。我已按照本指南添加自定义 DNS,以帮助 pod 在解析域时到达 DNS 服务器:
https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/
与下面的块:
projects.com:53 {
errors
log
cache 30
forward . 10.4.0.149
}
当我从 Pod 中挖掘时,有时它能够解析域,但有时却不能。但 nslookup 每次都有效。我也尝试从 pod ping 域,但情况与 dig 相同。有时有效,有时无效。顺便说一下,我已经通过 tcpdump 从 pod 所在的节点查看了网络数据包,但没有运气。
那么问题是 Kubernetes 中的 DNS 解析是如何工作的? AFAIK DNS 解析将与节点上的 pod -> nodelocaldns -> coredns -> /etc/resolv.conf 的请求配合使用。但它似乎没有发挥应有的作用。
您能否提一些建议?
提前致谢!
我从 tcpdump 得到这个:
2503 12.026282 10.244.14.63 169.254.25.10 DNS 105 Standard query 0x91f8 A id-test.projects.com OPT
2506 12.049959 169.254.25.10 10.244.14.63 DNS 105 Standard query response 0x91f8 Format error A id-test.projects.com OPT
2772 14.056998 10.244.14.63 169.254.25.10 DNS 105 Standard query 0xc532 A id-test.projects.com OPT
2785 14.079098 169.254.25.10 10.244.14.63 DNS 105 Standard query response 0xc532 Format error A id-test.projects.com OPT
3355 16.086108 10.244.14.63 169.254.25.10 DNS 105 Standard query 0xf86c A id-test.projects.com OPT
3358 16.108111 169.254.25.10 10.244.14.63 DNS 105 Standard query response 0xf86c Format error A id-test.projects.com OPT
4073 18.115002 10.244.14.63 169.254.25.10 DNS 105 Standard query 0x2ba6 A id-test.projects.com OPT
4126 18.137460 169.254.25.10 10.244.14.63 DNS 105 Standard query response 0x2ba6 Format error A id-test.projects.com OPT
4179 18.250697 10.244.14.64 169.254.25.10 DNS 107 Standard query 0x678f A id-test.projects.com.master.svc.cluster.local
4180 18.250736 10.244.14.64 169.254.25.10 DNS 107 Standard query 0xbc8b AAAA id-test.projects.com.master.svc.cluster.local
4196 18.251611 169.254.25.10 10.244.14.64 DNS 200 Standard query response 0xbc8b No such name AAAA id-test.projects.com.master.svc.cluster.local SOA ns.dns.cluster.local
4202 18.251957 169.254.25.10 10.244.14.64 DNS 200 Standard query response 0x678f No such name A id-test.projects.com.master.svc.cluster.local SOA ns.dns.cluster.local
4203 18.252034 10.244.14.64 169.254.25.10 DNS 100 Standard query 0x360a A id-test.projects.com.svc.cluster.local
4204 18.252060 10.244.14.64 169.254.25.10 DNS 100 Standard query 0x6e09 AAAA id-test.projects.com.svc.cluster.local
4215 18.252524 169.254.25.10 10.244.14.64 DNS 193 Standard query response 0x360a No such name A id-test.projects.com.svc.cluster.local SOA ns.dns.cluster.local
4220 18.252637 169.254.25.10 10.244.14.64 DNS 193 Standard query response 0x6e09 No such name AAAA id-test.projects.com.svc.cluster.local SOA ns.dns.cluster.local
4221 18.252697 10.244.14.64 169.254.25.10 DNS 96 Standard query 0x6b3d A id-test.projects.com.cluster.local
4222 18.252718 10.244.14.64 169.254.25.10 DNS 96 Standard query 0x103f AAAA id-test.projects.com.cluster.local
4233 18.253085 169.254.25.10 10.244.14.64 DNS 189 Standard query response 0x103f No such name AAAA id-test.projects.com.cluster.local SOA ns.dns.cluster.local
4238 18.253281 169.254.25.10 10.244.14.64 DNS 189 Standard query response 0x6b3d No such name A id-test.projects.com.cluster.local SOA ns.dns.cluster.local
4239 18.253350 10.244.14.64 169.254.25.10 DNS 82 Standard query 0x4118 A id-test.projects.com
4240 18.253364 10.244.14.64 169.254.25.10 DNS 82 Standard query 0x151e AAAA id-test.projects.com
4244 18.275928 169.254.25.10 10.244.14.64 DNS 168 Standard query response 0x151e AAAA id-test.projects.com SOA ad.global.com
4246 18.276120 169.254.25.10 10.244.14.64 DNS 118 Standard query response 0x4118 A id-test.projects.com A 10.7.22.15
4632 20.146523 10.244.14.63 169.254.25.10 DNS 105 Standard query 0x5ee1 A id-test.projects.com OPT
4633 20.146709 169.254.25.10 10.244.14.63 DNS 141 Standard query response 0x5ee1 A id-test.projects.com A 10.7.22.15 OPT
5042 22.152642 10.244.14.63 169.254.25.10 DNS 105 Standard query 0x921b A id-test.projects.com OPT
5043 22.152818 169.254.25.10 10.244.14.63 DNS 141 Standard query response 0x921b A id-test.projects.com A 10.7.22.15 OPT
5328 24.159482 10.244.14.63 169.254.25.10 DNS 105 Standard query 0xc555 A id-test.projects.com OPT
5329 24.159653 169.254.25.10 10.244.14.63 DNS 141 Standard query response 0xc555 A id-test.projects.com A 10.7.22.15 OPT
5659 26.165768 10.244.14.63 169.254.25.10 DNS 105 Standard query 0xf88f A id-test.projects.com OPT
我不知道为什么在使用dig时出现格式错误,请注意IP 10.244.14.63,它是curl pod,另一个(10.244.14.64)来自应用程序服务的需要解析DNS的pod,当解析DNS成功时,dig 命令立即返回正确的 IP 域名。
对于这个问题你怎么看?
请指教。
提前致谢。