lua-nginx-module icon indicating copy to clipboard operation
lua-nginx-module copied to clipboard
verified publisher icon openresty

could not be resolved (3: Host not found)

Open dayongi opened this issue 2 years ago • 5 comments

I deployed an OpenResty Pod in kubernetes, and I use "ngx.socket.tcp" to request another application of the current kubernetes cluster in the format of "serviceName.namespace", but could not be resolved (3: Host not found) error, why is this? My sample code is as follows:

local ok, err = ngx.sokcet.connect("echo.eplat", 80)
if not ok then
     ngx.log(err)  -- could not be resolved (3: Host not found)
end

The resolver directive has been set in my Nginx configuration file, and the configuration is as follows:

http{
    ...
    resolver ipv6=off local=on;
    ...
}

When I use the proxy_pass directive of Nginx as a proxy, I can access the target service. and the configuration is as follows:

...
location =/test {
     proxy_pass http://echo.eplat;
}
...

bash-5.1$ curl -X GET http://localhost:9080/test


Hostname: echo-7cc69d9cd8-27xhd

Pod Information:
	node name:	minikube
	pod name:	echo-7cc69d9cd8-27xhd
	pod namespace:	eplat
	pod IP:	172.17.0.9

Server values:
	server_version=nginx: 1.13.3 - lua: 10008

Request Information:
	client_address=::ffff:172.17.0.1
	method=GET
	real path=/test
	query=
	request_version=1
	request_scheme=http
	request_uri=http://echo.eplat:80/test

Request Headers:
	accept=*/*
	connection=close
	host=echo.eplat
	user-agent=curl/7.80.0

Request Body:
	-no body in request-

bash-5.1$

I can ping this address directly inside the container, and it can also be pinged:

bash-5.1$ ping echo.eplat
PING echo.eplat (10.102.19.162): 56 data bytes
ping: permission denied (are you root?)

I checked OpenResty's documentation (https://github.com/openresty/lua-nginx-module#tcpsockconnect), which clearly states that the first positional parameter can be in domain name format. If it is in domain name format, this method will use Nginx The core dynamic resolver resolves the domain name without blocking, and the resolver nginx.conf directive needs to be configured in the file; at this point, I am very confused, why the proxy_pass directive of Nginx can proxy this address, while the ngx.socket. Connect can't resolve this address? Don't they all use Nginx's dns resolver? image

dayongi avatar May 11 '23 16:05 dayongi

It sounds wired, Can you try to Tcpdump to capture your container traffic to analyze DNS requests? I am sure openresty cosocket will use the nginx resolver to dynamic resolver DNS name.

oowl avatar May 18 '23 03:05 oowl

I also encountered this problem, please help me solve it。

│ 2023/10/25 07:56:31 [error] 10#10: *42 [lua] gfe.lua:256: pass(): connect error: engine-master.app-xx.svc.cluster.local:2202 could not be resolved (3: Host │

olddriver4 avatar Oct 25 '23 07:10 olddriver4

same here, please if you fixed the issue, comment the solution. I will greatly appreciate your time

GitDemis avatar Sep 26 '24 18:09 GitDemis

@GitDemis, hi

In a Kubernetes environment, you'll need to use the FQDN echo.eplat.svc.cluster.local in the ngx.socket.connect function. The root cause here is that Nginx's resolver doesn't support ndots or search lists —it rigidly asks CoreDNS to resolve just echo.eplat, which predictably fails.

On the other hand, proxy_pass works because Nginx uses getaddrinfo during startup to resolve echo.eplat, and that function's underlying implementation does support ndots and search lists. It will try resolving echo.eplat.svc.cluster.local via the CoreDNS server, leading to a successful result.

This issue is pretty stale at this point, but I hope this explanation still helps!

gavin0616 avatar Sep 18 '25 03:09 gavin0616

Add k8s dns-pod-service document

gavin0616 avatar Sep 18 '25 03:09 gavin0616