"Name or service not known" in Bookworm on Kubernetes

Tue, 27 Jun 2023 03:18:21 -0700 

Hi,

I'm running Debian on Kubernetes using the official Docker images [1].

In Bookworm, attempted connections to some internal domains fail with
"Name or service not known". It works as expected in Bullseye.

DNS lookups with `dig` and `host` work as expected, but most programs, e.g.
`nc`, `telnet` and `curl`, fail. `getaddrinfo` fails to resolve the name
(returns -2).

The problem seems to occur only for domains managed by the DNS in the Kubernetes
cluster.

For example (with altered domain names):

        root@debian12:/# nc -zv dev.example.com 443
        nc: getaddrinfo for host "dev.example.com" port 443: Name or
service not known

        root@debian12:/# dig dev.example.com
        ; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> dev.example.com
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24682
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

        ;; OPT PSEUDOSECTION:
        ; EDNS: version: 0, flags:; udp: 1232
        ; COOKIE: d2bf261c4440a84d (echoed)
        ;; QUESTION SECTION:
        ;dev.example.com. IN A

        ;; ANSWER SECTION:
        dev-nl.k8s-staging.example.com. 30 IN A 10.100.57.247

        ;; Query time: 4 msec
        ;; SERVER: 10.100.0.10#53(10.100.0.10) (UDP)
        ;; WHEN: Mon Jun 26 11:37:45 UTC 2023
        ;; MSG SIZE rcvd: 108

        root@debian12:/# host dev.example.com
        dev-nl.k8s-staging.example.com has address 10.100.57.247

        root@debian12:/# nc -zv dev-nl.k8s-staging.example.com 443
        Connection to dev-nl.k8s-staging.example.com (10.100.57.247)
443 port [tcp/*] succeeded!

The configuration files /etc/nsswitch.conf, /etc/host.conf, /etc/resolv.conf,
/etc/hosts, and /etc/gai.conf are all identical in Bullseye and Bookworm, except
for one line in /etc/hosts with the containers' own IP and hostname.

I found no obviously interesting differences in the lists of installed packages
(other than newer versions of almost everything, of course).

It could be container/Kubernetes-specific. I don't have a similar DNS setup
elsewhere to reproduce it.

Any ideas about noteworthy differences between Bullseye and Bookworm w.r.t DNS,
or what to try next to figure it out?

Please CC me in replies.

[1]: https://hub.docker.com/_/debian

Regards,
Robin

Reply via email to