CoreDNS [ERROR] plugin/errors: 2

letran3691 · May 31, 2021, 12:03pm

Hello everyone

Kubernetes version:v1.21.1
Cloud being used: LAB Private
Installation method: repo install
Host OS: centos7
CNI: flannel

I’ve setup a LAB cluster with 3 node (node1, node2, node3), node 1 is master.
I setup environment and join node to cluster done, nodes Ready, But I’ve issue with coredns. Coredns can’t nslookup name nodes
logs pod coredns
> [ERROR] plugin/errors: 2 node3. A: read udp 10.244.0.25:43976->8.8.8.8:53: i/o timeout
> [ERROR] plugin/errors: 2 node3. A: read udp 10.244.0.25:55132->8.8.8.8:53: i/o timeout
> [ERROR] plugin/errors: 2 node3. A: read udp 10.244.0.25:42492->8.8.8.8:53: i/o timeout
> [ERROR] plugin/errors: 2 node3. AAAA: read udp 10.244.0.25:54212->8.8.8.8:53: i/o timeout

log metricbeat service

2021-05-31T12:00:40.639Z WARN [transport] transport/tcp.go:52 DNS lookup failure "node3": lookup node3 on 10.96.0.10:53: read udp 10.244.2.45:59110->10.96.0.10:53: i/o timeout

but services in cluster deployment did, still working with name services.

Topo

wish everyone help me.
thanks !

mrbobbytables · May 31, 2021, 1:05pm

What CNI driver are you using? I’ve seen that sort of error before if theres a problem at the CNI level.

letran3691 · May 31, 2021, 1:12pm

yes! I’ve update CNI: flannel

letran3691 · May 31, 2021, 1:30pm

Seems like I’ve issue where. i checked configmap coredns and see it’s forward dns to /etc/resolv.conf. But i don’t have idea to fix, because my nodes is visual machine. I’ve fix hostname in file hosts, but issue not resolved yet.

protosam · May 31, 2021, 4:29pm

Quick question on this, are you expecting coredns to observe your node’s /etc/hosts file in this the case?

Where are node1, node2, and node3 setup DNS-wise?

letran3691 · May 31, 2021, 4:40pm

Yes. I find method to use coredns hosts file, a idea but i don’t know it’s work Using both hosts and kubernetes plugin doesn't seem working · Issue #1268 · coredns/coredns · GitHub
nodes config dns google(8.8.8.8)

protosam · May 31, 2021, 5:23pm

Containers don’t use the host’s /etc/hosts file. Each container has it’s own nsswitch configuration. You could probably do something like this.

I’m a bit biased here though. If you need to connect to a node to do something on a node, you can just do it directly in a pod.

To illustrate how to do it, you might want to check out the krew plugin called node-shell.

All node-shell does is creates a pod that runs on the node that you want to do work on and attaches you to it. At that point if you’re thinking you needed to connect to a service, it’s now always going to be localhost.

akala515 · August 27, 2021, 9:16am

May I know how did u fix it right?

Facing the same problem here.

Brandon_Ojeda · September 23, 2021, 9:59pm

@akala515 - I found that my CNI was using iptables-legacy even though my debian 10 VMs were set to use nt_tables. This was causing my rules for 10.96 to be applied to iptables-legacy and iptables-legacy -t nat for CNI and causing this breakage.

Resolution for me was to start over, remove all iptables for both legacy and nft, and start from scratch.
kubeadm init…
Followed by, instead of an install of calico directly from one of their manifest, you should pull it down and add
- name: FELIX_IPTABLESBACKEND
value: “NFT”
to the env vars. This will force NFT. After then installing calico from this updated version of it, it all worked for me and I had no iptables-legacy changes and everything lived in nft.

tillus · February 2, 2022, 12:49pm

@Brandon_Ojeda I managed to get it working with your instructions (networking - Kubernetes: unreachable backend: read udp 10.200.0.9:46159->183.60.83.19:53: i/o timeout - Stack Overflow) + HINFO: unreachable backend: read udp 10.200.0.9:46159->183.60.83.19:53: i/o timeout · Issue #2693 · coredns/coredns · GitHub + rebooting my system at some point. I am still confused, but happy that it is working now. Thanks for that

rahgadda · May 3, 2022, 7:09pm

I faced the same issue and resolved it. Details are available here

Parshva_Shah · June 6, 2023, 6:06am

K8s :- V1.26.1
OS : - RHEL 8.7
VM is hosted using Azure cloud provider.

Core dns logs :-
CoreDNS-1.9.3
linux/amd64, go1.18.2, 45b0a11
[ERROR] plugin/errors: 2 2568389657905608835.8295431261288812352. HINFO: read udp 192.168.54.66:34391->168.63.129.16:53: read: no route to host
[ERROR] plugin/errors: 2 2568389657905608835.8295431261288812352. HINFO: read udp 192.168.54.66:34275->168.63.129.16:53: read: no route to host
[ERROR] plugin/errors: 2 2568389657905608835.8295431261288812352. HINFO: read udp 192.168.54.66:59435->168.63.129.16:53: read: no route to host

Unable to reach internet from inside the pod. nslookup fails with below error

Bo-Zi · August 17, 2023, 3:12am

That could be the case of proper firewall configuration:

firewall-cmd --add-masquerade --permanent Kubernetes on CentOS 7 with Firewalld | by Nilesh Jayanandana | Medium
(optionally) firewall-cmd --permanent --zone={name} --add-interface=vxlan.calico Kubernetes cluster with firewall enabled on CentOS(calico) not working - Stack Overflow

Topic		Replies	Views
[ERROR] plugin/errors: HINFO: read udp 172.20.0.23:37025-><dns_server>:53: i/o timeout in coredns General Discussions	2	3374	July 8, 2020
Why coredns occurs this error: [ERROR] plugin/errors: 2 kube-dns.kube-system. AAAA: read udp 10.244.0.2:42616->8.8.4.4:53: i/o timeout v0.16.1 General Discussions	2	4780	September 25, 2023
CoreDNS CrashLoopBackOff General Discussions	3	2299	April 20, 2024
coreDNS not working. connection timed out is result of running nsloopkup Kubernetes service General Discussions	1	3870	June 6, 2023
CoreDNS Host is unreachable General Discussions	2	1469	September 17, 2021

CoreDNS [ERROR] plugin/errors: 2

Related topics