DNS Requests TCP/UDP Timeout

Traefik Traefik v2
, ,
1

Hello all, my first topic :slight_smile:

I am trying to deploy pihole in a Kubernetes (k3s) cluster. I have read a lot, and I am out of ideas. I'm having the same issue as this topic: DNS Requests to Port 53 Over TCP Timeout And I have followed what it says, but I can't get it working.

Below you can find my settings:

jsalas@noldork3sn6:~$ dig +notcp @192.168.1.121 www.google.es
;; communications error to 192.168.1.121#53: timed out
;; communications error to 192.168.1.121#53: timed out
;; communications error to 192.168.1.121#53: timed out

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> +notcp @192.168.1.121 www.google.es
; (1 server found)
;; global options: +cmd
;; no servers could be reached

jsalas@noldork3sn6:~$ dig +tcp @192.168.1.121 www.google.es
dig: couldn't get address for '1+92.168.1.121': not found
jsalas@noldork3sn6:~$ dig +tcp @192.168.1.121 www.google.es
;; Connection to 192.168.1.121#53(192.168.1.121) for www.google.es failed: host unreachable.
;; Connection to 192.168.1.121#53(192.168.1.121) for www.google.es failed: timed out.
;; Connection to 192.168.1.121#53(192.168.1.121) for www.google.es failed: host unreachable.
jsalas@noldork3sn6:~$

jsalas@raspiserver:~/miri/PXL_COL/BBT/S10$ k get svc -n dns-home
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pihole-web ClusterIP 10.43.62.134 80/TCP,443/TCP,49312/TCP 20h
pihole-dns-tcp ClusterIP 10.43.111.55 53/TCP 24m
pihole-dns-udp ClusterIP 10.43.165.33 53/UDP 17h

k get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.43.0.10 53/UDP,53/TCP,9153/TCP 2d17h
metrics-server ClusterIP 10.43.163.121 443/TCP 2d17h
traefik LoadBalancer 10.43.208.25 192.168.1.121,192.168.1.120 3306:32244/TCP,8853:31671/TCP,80:30015/TCP,443:30012/TCP,8854:31687/UDP 17h

2

more settings

apiVersion: v1
kind: Service
metadata:
  annotations:
    meta.helm.sh/release-name: pihole
    meta.helm.sh/release-namespace: dns-home
  creationTimestamp: "2023-04-11T11:40:16Z"
  labels:
    app: pihole
    app.kubernetes.io/managed-by: Helm
    chart: pihole-2.12.0
    heritage: Helm
    release: pihole
  name: pihole-dns-tcp
  namespace: dns-home
  resourceVersion: "1454359"
  uid: 2132233d-d875-4b78-a063-01cf4fea733f
spec:
  clusterIP: 10.43.111.55
  clusterIPs:
  - 10.43.111.55
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: dns
    port: 53
    protocol: TCP
    targetPort: dns
  selector:
    app: pihole
    release: pihole
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

apiVersion: v1
kind: Service
metadata:
  annotations:
    kube-vip.io/vipHost: noldork3sm2
    meta.helm.sh/release-name: pihole
    meta.helm.sh/release-namespace: dns-home
  creationTimestamp: "2023-04-10T18:06:28Z"
  labels:
    app: pihole
    app.kubernetes.io/managed-by: Helm
    chart: pihole-2.12.0
    heritage: Helm
    release: pihole
  name: pihole-dns-udp
  namespace: dns-home
  resourceVersion: "1454361"
  uid: f14a6af4-9e92-467b-903c-37ad98cb25ba
spec:
  clusterIP: 10.43.165.33
  clusterIPs:
  - 10.43.165.33
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: dns-udp
    port: 53
    protocol: UDP
    targetPort: dns-udp
  selector:
    app: pihole
    release: pihole
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

Traefik helm values:

  tcp-dns:
    port: 8853
    expose: true
    exposePort: 53
    protocol: TCP
  udp-dns:
    port: 8854
    expose: true
    exposePort: 53
    protocol: UDP

ingress

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: pihole-dns
  namespace: dns-home
spec:
  entryPoints:
   - tcp-dns
  routes:
  - match: HostSNI(`*`)
    services:
        - name: pihole-dns-tcp
          port: 53

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: pihole-dns
  namespace: dns-home
spec:
  entryPoints:
   - udp-dns
  routes:
    - services:
        - name: pihole-dns-udp
          port: 53

Some stuff:

 kubectl describe svc/traefik -n kube-system | grep Endpoint 
Endpoints:                10.42.2.26:3306,10.42.3.26:3306,10.42.4.24:3306 + 3 more...
Endpoints:                10.42.2.26:8853,10.42.3.26:8853,10.42.4.24:8853 + 3 more...
Endpoints:                10.42.2.26:8000,10.42.3.26:8000,10.42.4.24:8000 + 3 more...
Endpoints:                10.42.2.26:8443,10.42.3.26:8443,10.42.4.24:8443 + 3 more...
Endpoints:                10.42.2.26:8854,10.42.3.26:8854,10.42.4.24:8854 + 3 more...
3

I got something, with this configuration, the dns server works, but in a non standard port:

jsalas@noldork3sn6:~$ dig +tcp -p 8853  @192.168.1.121 www.google.es

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> +tcp -p 8853 @192.168.1.121 www.google.es
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11810
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d8c66aafa231ca1b (echoed)
;; QUESTION SECTION:
;www.google.es.                 IN      A

;; ANSWER SECTION:
www.google.es.          300     IN      A       172.217.168.227

;; Query time: 55 msec
;; SERVER: 192.168.1.121#8853(192.168.1.121) (TCP)
;; WHEN: Tue Apr 11 22:22:02 CEST 2023
;; MSG SIZE  rcvd: 83

jsalas@noldork3sn6:~$ dig +notcp -p 8854  @192.168.1.121 www.google.es

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> +notcp -p 8854 @192.168.1.121 www.google.es
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37122
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.es.                 IN      A

;; ANSWER SECTION:
www.google.es.          276     IN      A       172.217.168.227

;; Query time: 15 msec
;; SERVER: 192.168.1.121#8854(192.168.1.121) (UDP)
;; WHEN: Tue Apr 11 22:22:25 CEST 2023
;; MSG SIZE  rcvd: 58

Any Idea to redirect 8853 to 53?

4

My mistake. I had a typo in the entrypoint definition: exposePort vs exposedPort.

So I have the DNS working, but only in TCP. Because some reason, the UDP entry point is not created :frowning:

Name:         traefik
Namespace:    kube-system
Labels:       app.kubernetes.io/instance=traefik-kube-system
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=traefik
              helm.sh/chart=traefik-22.1.0
Annotations:  <none>
Subsets:
  Addresses:          10.42.2.33,10.42.3.32,10.42.4.29,10.42.6.30,10.42.7.29,10.42.8.30
  NotReadyAddresses:  <none>
  Ports:
    Name       Port  Protocol
    ----       ----  --------
    web        8000  TCP
    websecure  8443  TCP
    mysql      3306  TCP
    tcp-dns    8853  TCP

Events:  <none>

  tcp-dns:
    # port: 8853
    port: 8853
    expose: true
    exposedPort: 53
    protocol: TCP
  udp-dns:
    # port: 885
    port: 8854
    expose: true
    exposedPort: 53
    protocol: UDP

Tips?

5

Fixed, after re-install traefik, all is working ok.

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.