AWS DNS resolver replies with empty answer for query from docker container

0

Hello,

I am investigating an issue with a docker container, run on a AWS Batch managed - EC2 environment, which is consistently failing to resolve "eu-central-1.wasabisys.com".

When I demonstratively run a simple alpine container, I am not able to resolve the DNS record for "eu-central-1.wasabisys.com" whereas the record for "us-central-1.wasabisys.com" is working as expected.

/ # nslookup eu-central-1.wasabisys.com.
Server:         172.31.0.2
Address:        172.31.0.2:53

Non-authoritative answer:

Non-authoritative answer:

I am successfully able to resolve the record on the host as well as with dig on the container, after installing it's package. This is a tcpdump captured on the host. In the beginning of the following snippet the resolution was done using nslookup (it contained no answers) and in the second try the same resolution was done using dig (it contained answers)

172.31.44.35 = Host IP

172.17.0.2 = Container IP

172.31.0.2 = AWS Resolver (automatically assinged)

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
15:53:09.235581   P 02:42:ac:11:00:02 ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 255, id 36324, offset 0, flags [DF], proto UDP (17), length 72)
    172.17.0.2.60435 > 172.31.0.2.53: [bad udp cksum 0x587a -> 0x190b!] 14781+ A? eu-central-1.wasabisys.com. (44)
15:53:09.235600  In 02:42:ac:11:00:02 ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 255, id 36324, offset 0, flags [DF], proto UDP (17), length 72)
    172.17.0.2.60435 > 172.31.0.2.53: [bad udp cksum 0x587a -> 0x190b!] 14781+ A? eu-central-1.wasabisys.com. (44)
15:53:09.235612 Out 0a:8c:33:66:0d:1e ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 254, id 36324, offset 0, flags [DF], proto UDP (17), length 72)
    172.31.44.35.60435 > 172.31.0.2.53: [bad udp cksum 0x84a9 -> 0xecdb!] 14781+ A? eu-central-1.wasabisys.com. (44)
15:53:09.236215  In 0a:11:09:8b:8f:49 ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 72)
    172.31.0.2.53 > 172.31.44.35.60435: [udp sum ok] 14781| q: A? eu-central-1.wasabisys.com. 0/0/0 (44)
15:53:09.236220 Out 02:42:de:e4:72:cc ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 254, id 0, offset 0, flags [DF], proto UDP (17), length 72)
    172.31.0.2.53 > 172.17.0.2.60435: [udp sum ok] 14781| q: A? eu-central-1.wasabisys.com. 0/0/0 (44)
15:53:09.236221 Out 02:42:de:e4:72:cc ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 254, id 0, offset 0, flags [DF], proto UDP (17), length 72)
    172.31.0.2.53 > 172.17.0.2.60435: [udp sum ok] 14781| q: A? eu-central-1.wasabisys.com. 0/0/0 (44)

[root@ip-172-31-44-35 ec2-user]# tcpdump -nnevvvi any port 53
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
15:53:29.219638   P 02:42:ac:11:00:02 ethertype IPv4 (0x0800), length 111: (tos 0x0, ttl 255, id 9196, offset 0, flags [none], proto UDP (17), length 95)
    172.17.0.2.50529 > 172.31.0.2.53: [bad udp cksum 0x5891 -> 0x120c!] 12676+ [1au] A? eu-central-1.wasabisys.com. ar: . OPT UDPsize=4096 (67)
15:53:29.219638  In 02:42:ac:11:00:02 ethertype IPv4 (0x0800), length 111: (tos 0x0, ttl 255, id 9196, offset 0, flags [none], proto UDP (17), length 95)
    172.17.0.2.50529 > 172.31.0.2.53: [bad udp cksum 0x5891 -> 0x120c!] 12676+ [1au] A? eu-central-1.wasabisys.com. ar: . OPT UDPsize=4096 (67)
15:53:29.219665 Out 0a:8c:33:66:0d:1e ethertype IPv4 (0x0800), length 111: (tos 0x0, ttl 254, id 9196, offset 0, flags [none], proto UDP (17), length 95)
    172.31.44.35.50529 > 172.31.0.2.53: [bad udp cksum 0x84c0 -> 0xe5dc!] 12676+ [1au] A? eu-central-1.wasabisys.com. ar: . OPT UDPsize=4096 (67)
15:53:29.220724  In 0a:11:09:8b:8f:49 ethertype IPv4 (0x0800), length 467: (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 451)
    172.31.0.2.53 > 172.31.44.35.50529: [udp sum ok] 12676 q: A? eu-central-1.wasabisys.com. 23/0/1 eu-central-1.wasabisys.com. [20s] A 130.117.252.29, eu-central-1.wasabisys.com. [20s] A 130.117.252.26, eu-central-1.wasabisys.com. [20s] A 130.117.252.13, eu-central-1.wasabisys.com. [20s] A 130.117.252.18, eu-central-1.wasabisys.com. [20s] A 130.117.252.35, eu-central-1.wasabisys.com. [20s] A 130.117.252.16, eu-central-1.wasabisys.com. [20s] A 130.117.252.27, eu-central-1.wasabisys.com. [20s] A 130.117.252.20, eu-central-1.wasabisys.com. [20s] A 130.117.252.28, eu-central-1.wasabisys.com. [20s] A 130.117.252.23, eu-central-1.wasabisys.com. [20s] A 130.117.252.24, eu-central-1.wasabisys.com. [20s] A 130.117.252.12, eu-central-1.wasabisys.com. [20s] A 130.117.252.17, eu-central-1.wasabisys.com. [20s] A 130.117.252.31, eu-central-1.wasabisys.com. [20s] A 130.117.252.25, eu-central-1.wasabisys.com. [20s] A 130.117.252.21, eu-central-1.wasabisys.com. [20s] A 130.117.252.10, eu-central-1.wasabisys.com. [20s] A 130.117.252.11, eu-central-1.wasabisys.com. [20s] A 130.117.252.22, eu-central-1.wasabisys.com. [20s] A 130.117.252.34, eu-central-1.wasabisys.com. [20s] A 130.117.252.33, eu-central-1.wasabisys.com. [20s] A 130.117.252.19, eu-central-1.wasabisys.com. [20s] A 130.117.252.32 ar: . OPT UDPsize=4096 (423)
15:53:29.220734 Out 02:42:de:e4:72:cc ethertype IPv4 (0x0800), length 467: (tos 0x0, ttl 254, id 0, offset 0, flags [DF], proto UDP (17), length 451)
    172.31.0.2.53 > 172.17.0.2.50529: [udp sum ok] 12676 q: A? eu-central-1.wasabisys.com. 23/0/1 eu-central-1.wasabisys.com. [20s] A 130.117.252.29, eu-central-1.wasabisys.com. [20s] A 130.117.252.26, eu-central-1.wasabisys.com. [20s] A 130.117.252.13, eu-central-1.wasabisys.com. [20s] A 130.117.252.18, eu-central-1.wasabisys.com. [20s] A 130.117.252.35, eu-central-1.wasabisys.com. [20s] A 130.117.252.16, eu-central-1.wasabisys.com. [20s] A 130.117.252.27, eu-central-1.wasabisys.com. [20s] A 130.117.252.20, eu-central-1.wasabisys.com. [20s] A 130.117.252.28, eu-central-1.wasabisys.com. [20s] A 130.117.252.23, eu-central-1.wasabisys.com. [20s] A 130.117.252.24, eu-central-1.wasabisys.com. [20s] A 130.117.252.12, eu-central-1.wasabisys.com. [20s] A 130.117.252.17, eu-central-1.wasabisys.com. [20s] A 130.117.252.31, eu-central-1.wasabisys.com. [20s] A 130.117.252.25, eu-central-1.wasabisys.com. [20s] A 130.117.252.21, eu-central-1.wasabisys.com. [20s] A 130.117.252.10, eu-central-1.wasabisys.com. [20s] A 130.117.252.11, eu-central-1.wasabisys.com. [20s] A 130.117.252.22, eu-central-1.wasabisys.com. [20s] A 130.117.252.34, eu-central-1.wasabisys.com. [20s] A 130.117.252.33, eu-central-1.wasabisys.com. [20s] A 130.117.252.19, eu-central-1.wasabisys.com. [20s] A 130.117.252.32 ar: . OPT UDPsize=4096 (423)
15:53:29.220737 Out 02:42:de:e4:72:cc ethertype IPv4 (0x0800), length 467: (tos 0x0, ttl 254, id 0, offset 0, flags [DF], proto UDP (17), length 451)
    172.31.0.2.53 > 172.17.0.2.50529: [udp sum ok] 12676 q: A? eu-central-1.wasabisys.com. 23/0/1 eu-central-1.wasabisys.com. [20s] A 130.117.252.29, eu-central-1.wasabisys.com. [20s] A 130.117.252.26, eu-central-1.wasabisys.com. [20s] A 130.117.252.13, eu-central-1.wasabisys.com. [20s] A 130.117.252.18, eu-central-1.wasabisys.com. [20s] A 130.117.252.35, eu-central-1.wasabisys.com. [20s] A 130.117.252.16, eu-central-1.wasabisys.com. [20s] A 130.117.252.27, eu-central-1.wasabisys.com. [20s] A 130.117.252.20, eu-central-1.wasabisys.com. [20s] A 130.117.252.28, eu-central-1.wasabisys.com. [20s] A 130.117.252.23, eu-central-1.wasabisys.com. [20s] A 130.117.252.24, eu-central-1.wasabisys.com. [20s] A 130.117.252.12, eu-central-1.wasabisys.com. [20s] A 130.117.252.17, eu-central-1.wasabisys.com. [20s] A 130.117.252.31, eu-central-1.wasabisys.com. [20s] A 130.117.252.25, eu-central-1.wasabisys.com. [20s] A 130.117.252.21, eu-central-1.wasabisys.com. [20s] A 130.117.252.10, eu-central-1.wasabisys.com. [20s] A 130.117.252.11, eu-central-1.wasabisys.com. [20s] A 130.117.252.22, eu-central-1.wasabisys.com. [20s] A 130.117.252.34, eu-central-1.wasabisys.com. [20s] A 130.117.252.33, eu-central-1.wasabisys.com. [20s] A 130.117.252.19, eu-central-1.wasabisys.com. [20s] A 130.117.252.32 ar: . OPT UDPsize=4096 (423)

Has anybody any clue what is going on? Why is the AWS resolver not replying correctly?

Thanks a lot for you help!

KniFFeL
asked a year ago47 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions