Setup Mesos-DNS dockerized on a mesos cluster - dns

I'm facing some trouble trying to run mesos-dns dockerized on a mesos cluster.
I've setup 2 virtual machines with ubuntu trusty on a windows 8.1 host.
My VMs are called docker-vm and docker-sl-vm; where the first one runs mesos-master and the 2nd one runs mesos-slave.
The VMs have 2 network cards; one running NAT for accesing internet through the host and the other one is a Host-only adapter for internal communication.
The IPs for the VMs are:
192.168.56.101 for docker-vm
192.168.56.102 for docker-sl-vm
The MESOS cluster is running Okay.
I am trying to follow this tutorial. So, I am running mesos-dns with the following marathon description:
{
"args": [
"/mesos-dns",
"-config=/config.json"
],
"container": {
"docker": {
"image": "mesosphere/mesos-dns",
"network": "HOST"
},
"type": "DOCKER",
"volumes": [
{
"containerPath": "/config.json",
"hostPath": "/usr/local/mesos-dns/config.json",
"mode": "RO"
}
]
},
"cpus": 0.5,
"mem": 256,
"id": "mesos-dns",
"instances": 1,
"constraints": [["hostname", "CLUSTER", "docker-sl-vm"]]
}
and this config.json:
{
"zk": "zk://192.168.56.101:2181/mesos",
"refreshSeconds": 60,
"ttl": 60,
"domain": "mesos",
"port": 53,
"resolvers": ["8.8.8.8"],
"timeout": 5,
"email": "root.mesos-dns.mesos"
}
I am also running a test proposal application called peek with the following description:
{
"id": "peek",
"cmd": "env >env.txt && python3 -m http.server 8080",
"cpus": 0.5,
"mem": 32.0,
"container": {
"type": "DOCKER",
"docker": {
"image": "python:3",
"network": "BRIDGE",
"portMappings": [
{ "containerPort": 8080, "hostPort": 0 }
]
}
}
}
PROBLEM
Into the tutorial, a dig command such as dig _peek._tcp.marathon.mesos SRV got the following answer:
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> _peek._tcp.marathon.mesos SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;_peek._tcp.marathon.mesos. IN SRV
;; ANSWER SECTION:
_peek._tcp.marathon.mesos. 60 IN SRV 0 0 31000 peek-27346-s0.marathon.mesos.
;; ADDITIONAL SECTION:
peek-27346-s0.marathon.mesos. 60 IN A 10.141.141.10
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 24 23:21:15 UTC 2015
;; MSG SIZE rcvd: 160
Where we can clearly see the port and IP bound to _peek._tcp.marathon.mesos SRV, BUT when I run this on my slave machine - which is running this container - I get this result:
docker#docker-sl-vm:~$ dig _peek._tcp.marathon.mesos SRV
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> _peek._tcp.marathon.mesos SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33415
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_peek._tcp.marathon.mesos. IN SRV
;; AUTHORITY SECTION:
. 10791 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015102801 1800 900 604800 241
;; Query time: 1 msec
;; SERVER: 10.10.11.1#53(10.10.11.1)
;; WHEN: Wed Oct 28 17:06:30 BRT 2015
;; MSG SIZE rcvd: 129
It looks like mesos-dns can't resolve _peek._tcp.marathon.mesos SRV.
Does anyone know why and how to fix it?
Thank you in advance...
UPDATE
Result of command /etc/resolv.conf :
nameserver 10.10.11.1
nameserver 10.10.10.7

Have a look at the Mesos DNS docs regarding Slave Setup:
To allow Mesos tasks to use Mesos-DNS as the primary DNS server, you must edit the file /etc/resolv.conf in every slave and add a new nameserver. For instance, if mesos-dns runs on the server with IP address 10.181.64.13, you should add the line nameserver 10.181.64.13 at the beginning of /etc/resolv.conf on every slave node.
I think the local IP (192.168.56.102) address is missing in your /etc/resolv.conf.
Otherwise, you can also try my minimal Mesos DNS image, but you'd still have to edit the above file.

Related

why server can't find pihole.service.consul: NXDOMAIN and how can I fix this?

I have following configuration for consul.
{
"service": {
"name": "pihole",
"Address": "192.168.0.15",
"tags": [
"pi"
],
"port": 8165,
"check": {
"args": [
"curl",
"192.168.0.15"
],
"interval": "10s"
}
}
}
using dig i get no error now,
$ dig #127.0.0.1 -p 8600 pihole.service.consul
; <<>> DiG 9.9.7-P3 <<>> #127.0.0.1 -p 8600 pihole.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pihole.service.consul. IN A
;; ANSWER SECTION:
pihole.service.consul. 0 IN A 192.168.0.15
;; Query time: 0 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Sun Aug 30 23:02:34 BST 2020
;; MSG SIZE rcvd: 66
but when I do nslookup, i get the error server can't find pihole.service.consul: NXDOMAIN
$ nslookup pihole.service.consul
Server: 192.168.0.15
Address: 192.168.0.15#53
** server can't find pihole.service.consul: NXDOMAIN
I actually have a pihole running at this ip address 192.168.0.15
on the consul health check is passing.
2020-08-30T23:10:58.707+0100 [DEBUG] agent: Check status updated: check=service:pihole status=passing
In the command dig #127.0.0.1 -p 8600 pihole.service.consul you explicitly instructed host to use server 127.0.0.1 and port 8600.
Nslookup uses nameserver from your /etc/resolv.conf file and port 53 by default.
You can try
nslookup pihole.service.consul 127.0.0.1 -port=8600

Google domains registered hosts (glue records) are not resolving after 48 hours [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am using Google domains for my domain: violetnorthapp.com, I have a few custom nameservers that I am running and I want to create registered hosts (which is the term used by google for glue records). I created a registered host under test.ns.violetnorthapp.com which should resolve to 8.8.8.8.
It's been more than 48 hours but it's still not resolving with dig test.ns.violetnorthapp.com.
; <<>> DiG 9.10.6 <<>> test.ns.violetnorthapp.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63639
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.ns.violetnorthapp.com. IN A
;; AUTHORITY SECTION:
violetnorthapp.com. 300 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 259200 300
;; Query time: 68 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat May 30 18:31:02 EDT 2020
;; MSG SIZE rcvd: 145
I tried running it with the TLD nameserver of com. One of them is a.gtld-servers.net., so the request is dig test.ns.violetnorthapp.com. #a.gtld-servers.net.:
; <<>> DiG 9.10.6 <<>> test.ns.violetnorthapp.com. #a.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26571
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.ns.violetnorthapp.com. IN A
;; AUTHORITY SECTION:
violetnorthapp.com. 172800 IN NS ns-cloud-b1.googledomains.com.
violetnorthapp.com. 172800 IN NS ns-cloud-b2.googledomains.com.
violetnorthapp.com. 172800 IN NS ns-cloud-b3.googledomains.com.
violetnorthapp.com. 172800 IN NS ns-cloud-b4.googledomains.com.
;; ADDITIONAL SECTION:
ns-cloud-b1.googledomains.com. 172800 IN AAAA 2001:4860:4802:32::6b
ns-cloud-b1.googledomains.com. 172800 IN A 216.239.32.107
ns-cloud-b2.googledomains.com. 172800 IN AAAA 2001:4860:4802:34::6b
ns-cloud-b2.googledomains.com. 172800 IN A 216.239.34.107
ns-cloud-b3.googledomains.com. 172800 IN AAAA 2001:4860:4802:36::6b
ns-cloud-b3.googledomains.com. 172800 IN A 216.239.36.107
ns-cloud-b4.googledomains.com. 172800 IN AAAA 2001:4860:4802:38::6b
ns-cloud-b4.googledomains.com. 172800 IN A 216.239.38.107
;; Query time: 85 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Sat May 30 18:32:16 EDT 2020
;; MSG SIZE rcvd: 349
This is what the Google Domains looks like
Am I missing something here?
Your host is fully registered at the registry, as whois attests:
$ whois -h whois.verisign-grs.com 'nameserver test.ns.violetnorthapp.com' | head -6
Server Name: TEST.NS.VIOLETNORTHAPP.COM
IP Address: 157.245.176.218
Registrar: Google LLC
Registrar WHOIS Server: whois.google.com
Registrar URL: http://domains.google.com
>>> Last update of whois database: 2020-05-30T22:48:59Z <<<
Or even better RDAP:
$ curl --silent https://rdap.verisign.com/com/v1/nameserver/test.ns.violetnorthapp.com | jq .
{
"objectClassName": "nameserver",
"ldhName": "TEST.NS.VIOLETNORTHAPP.COM",
"ipAddresses": {
"v4": [
"157.245.176.218"
]
},
"links": [
{
"value": "https://rdap.verisign.com/com/v1/nameserver/TEST.NS.VIOLETNORTHAPP.COM",
"rel": "self",
"href": "https://rdap.verisign.com/com/v1/nameserver/TEST.NS.VIOLETNORTHAPP.COM",
"type": "application/rdap+json"
}
],
"events": [
{
"eventAction": "last update of RDAP database",
"eventDate": "2020-05-30T09:38:51Z"
}
],
"rdapConformance": [
"rdap_level_0",
"icann_rdap_technical_implementation_guide_0",
"icann_rdap_response_profile_0"
],
"notices": [
{
"title": "Terms of Use",
"description": [
"Service subject to Terms of Use."
],
"links": [
{
"href": "https://www.verisign.com/domain-names/registration-data-access-protocol/terms-service/index.xhtml",
"type": "text/html"
}
]
}
]
}
However, glues serve a very specific record. It is not "free hosting" at the registry. You created an host object at the registry, but you did not associate it to any domain. As such there is no need to publish it in the DNS at the registry level.
As soon as you associate it to some domain under .com or .net, it should start to resolve shortly thereafter (and indeed you need to use dig with the # flag to query the registry nameservers otherwise you are hitting your local recursive one, that can learn the IP address just by normal resolution and without any glue).

Is a CNAME record public

For example, I have a GitHub Pages site with a custom domain.
Here are the dns records for the domain:
Is this CNAME record public?
Or is there a way for someone to determine the GitHub Pages url, ajzbc.github.io, from my custom domain ajzbc.com
To clarify, is there for example a command I could run that would output the CNAME?
Thanks
For main domain : dig ajzbc.com
For www subdomain : dig www.ajzbc.com
dbajic# ~ $ dig www.ajzbc.com
; <<>> DiG 9.10.6 <<>> www.ajzbc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62752
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.ajzbc.com. IN A
;; ANSWER SECTION:
www.ajzbc.com. 1798 IN CNAME ajzbc.github.io.
ajzbc.github.io. 3599 IN A 185.199.109.153
ajzbc.github.io. 3599 IN A 185.199.108.153
ajzbc.github.io. 3599 IN A 185.199.110.153
ajzbc.github.io. 3599 IN A 185.199.111.153
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 26 10:27:47 CET 2019
;; MSG SIZE rcvd: 135
dbajic# ~ $

Node.js I can't resolve TXT record

I have an question about dns.resolveTxt.
https://nodejs.org/api/dns.html#dns_dns_resolvetxt_hostname_callback
Basically I can resolve TXT record, but for specific DNS zone, I can't resolve TXT record. For example, microsoft.com and so on.
I wrote the following code.
var dns = require('dns');
dns.resolveTxt('microsoft.com', (err, record) => {
console.log(record);
});
Does any one know the issue?
import * as dns from "dns";
dns.resolveTxt('microsoft.com', (err, addresses) => {
console.log(JSON.stringify(addresses));
});
outputs
[["v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com include:spf-a.hotmail.com include:_spf1-meo.microsoft.com -all"],["d365mktkey=3uc1cf82cpv750lzk70v9bvf2"]
,["adobe-idp-site-verification=8aa35c528af5d72beb19b1bd3ed9b86d87ea7f24b2ba3c99ffcd00c27e9d809c"],["fg2t0gov9424p2tdcuo94goe9j"],["apple-domain-verification=0gMeaYyYy6GLViGo"],["d365mktkey=4d8bnycx40fy3581petta4gsf"],["docusign=d5a3737
c-c23c-4bd0-9095-d2ff621f2840"],["adobe-sign-verification=c1fea9b4cdd4df0d5778517f29e0934"],["google-site-verification=Zv1IvEEZg4N9wbEXpBSSyAiIjDyyB3S-fzfFClb7D1E"],["google-site-verification=8-zFCaUXhhPcvN29EVw2RvtASDCaDPQ02L1HJ8Om8I0
"],["google-site-verification=pjPOauSPcrfXOZS9jnPPa5axowcHGCDAl1_86dCqFpk"],["google-site-verification=1TeK8q0OziFl4T1tF-QR65JkzHZ1rcdgNccDFp78iTk"],["8RPDXjBzBS9tu7Pbysu7qCACrwXPoDV8ZtLfthTnC4y9VJFLd84it5sQlEITgSLJ4KOIA8pBZxmyvPujuUvh
Og=="],["docusign=52998482-393d-46f7-95d4-15ac6509bfdd"],["facebook-domain-verification=fwzwhbbzwmg5fzgotc2go51olc3566"]]
So, clearly seems to work fine.
The problem is DNS results over 512 bytes long. As near as I can tell, Node's dns.resolve* functions do not support EDNS, which allows up to 4096 byte responses, at least as of Node 14. Given this code:
const { Resolver } = require('dns');
const dns = new Resolver();
dns.resolveTxt(process.argv[2], (err, res) => {
if (err) {
console.log(err);
} else {
console.log(res);
}
});
I get this result:
$ node dns-test2.js google.com
Error: queryTxt ESERVFAIL google.com
at QueryReqWrap.onresolve [as oncomplete] (dns.js:206:19) {
errno: undefined,
code: 'ESERVFAIL',
syscall: 'queryTxt',
hostname: 'google.com'
}
And you can see that dig returns 715 bytes for the same query:
$ dig TXT google.com
; <<>> DiG 9.10.3-P4-Debian <<>> TXT google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32543
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN TXT
;; ANSWER SECTION:
google.com. 30 IN TXT "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
google.com. 30 IN TXT "v=spf1 include:_spf.google.com ~all"
google.com. 30 IN TXT "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com. 30 IN TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com. 30 IN TXT "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com. 30 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com. 30 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com. 30 IN TXT "apple-domain-verification=30afIBcvSuDV2PLX"
google.com. 30 IN TXT "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
;; Query time: 4 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Fri Sep 10 21:02:16 UTC 2021
;; MSG SIZE rcvd: 715
Running tcpdump, I see that the node query does not include the UDPsize=4096 option:
TXT? google.com. (28)
Whereas the dig request does:
TXT? google.com. ar: . OPT UDPsize=4096 (39)
A similar query for a TXT record that only returns 244 bytes works fine:
$ node dns-test2.js partechgss.com
[
[ 'ryb3spm2r33rtxl189nqs5n41xxrzmlz' ],
[ 'v=spf1 include:_spf.google.com ~all' ],
[ 'MS=ms32721923' ],
[ 'MS=ms56152555' ]
]
$ dig TXT partechgss.com
; <<>> DiG 9.10.3-P4-Debian <<>> TXT partechgss.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56392
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;partechgss.com. IN TXT
;; ANSWER SECTION:
partechgss.com. 30 IN TXT "MS=ms56152555"
partechgss.com. 30 IN TXT "MS=ms32721923"
partechgss.com. 30 IN TXT "v=spf1 include:_spf.google.com ~all"
partechgss.com. 30 IN TXT "ryb3spm2r33rtxl189nqs5n41xxrzmlz"
;; Query time: 14 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Fri Sep 10 21:15:21 UTC 2021
;; MSG SIZE rcvd: 244
Unfortunately, having identified the problem, I have yet to find a solution. I've opened a bug report against the node.js project on github.

Why does Mesos-DNS not provide a SRV answer?

I have a vagrant box which is running Mesos, Marathon and Chronos (publicly packaged as playa-mesos). It is a sane environment (I have customized to a 192.168.. ip address though) and I can launch different apps incl. docker containerized ones.
I have tried a new demo, where there is a DNS requirement and the mesos application launch definition is as below :
{
"id": "mesos-dns",
"instances": 1,
"cpus": 0.2,
"mem": 50,
"cmd": "/mesos-dns -config=/config.json",
"container": {
"type": "DOCKER",
"docker": {
"image": "mesosphere/mesos-dns:latest",
"network": "HOST"
},
"volumes": [
{
"containerPath": "/config.json",
"hostPath": "/etc/mesos-dns/config.json",
"mode": "RO"
}
]
}
}
The config.json is as under :
{
"zk": "zk://127.0.0.1:2181/mesos",
"refreshSeconds": 60,
"ttl": 60,
"domain": "mesos",
"port": 53,
"resolvers": ["10.0.2.3"],
"timeout": 5,
"email": "root.mesos-dns.mesos"
}
The /etc/resolv.conf contains nameserver 10.0.2.3
Below is the dig response I get to my DNS query; both are shown below :-
dig _webdis-site-m-shop._tcp.marathon.mesos SRV
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> _webdis-site-m-shop._tcp.marathon.mesos SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4759
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;_webdis-site-m-shop._tcp.marathon.mesos. IN SRV
;; AUTHORITY SECTION:
. 56521 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016021800 1
800 900 604800 86400
;; Query time: 155 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Thu Feb 18 13:38:21 UTC 2016
;; MSG SIZE rcvd: 143`
As you can see there is no ANSWER and the status NXDOMAIN means that this query resulted in a non-existent domain.
Can someone help me fix this ?
TIA.
This is now fixed. I have taken some thoughts from other posts on SO. I have changed the OOTB setting for ip address etc...
Broadly I added the 127.0.0.1 loopback ip addr, virtualbox generated ip addr (which in my case is 192.168.x.y) and retained the existing nameserver entry.
The results of the dig command is now :-
dig _webdis-site-m-shop._tcp.marathon.mesos SRV
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> _webdis-site-m-shop._tcp.marathon.mesos SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6284
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;_webdis-site-m-shop._tcp.marathon.mesos. IN SRV
;; ANSWER SECTION:
_webdis-site-m-shop._tcp.marathon.mesos. 60 IN SRV 0 0 31720 webdis-site-m-shop-39847-s0.marathon.mesos.
;; ADDITIONAL SECTION:
webdis-site-m-shop-39847-s0.marathon.mesos. 60 IN A 192.168.56.106
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 18 16:55:57 UTC 2016
;; MSG SIZE rcvd: 216

Resources