Exposing UDP port of the DNS service externally

Question

I am having a custom DNS server whose Kubernetes manifest yml looks like below. I am exposing the UDP port 53 using the loadbalancer.

---
apiVersion: v1
kind: Service
metadata:
  name: somedns-lb
  labels:
    k8s-app: somedns
    type: LoadBalancer
spec:
  # Expose the service as LoadBalancer to the outside
  type: LoadBalancer
  ports:
    # Define the access port from outside
    - port: 53
      targetPort: 53
      protocol: UDP
      nodePort: 30153
      name: some-dns
  selector:
    k8s-app: somedns
---
apiVersion: v1
kind: Service
metadata:
  name: somedns
  labels:
    name: somedns
spec:
  clusterIP: None
  selector:
    k8s-app: somedns
  ports:
  - port: 53
    protocol: UDP
    name: dns-udp
    targetPort: 53
---
# Deployment kind goes here

Now when I try to make a lookup from the host server where the Kubernetes is hosted like below, the DNS should have been resolved

dig +notcp -p 30153 @localhost <domain-name-to-be-resolved> ANY

#### Response I get is as below

;; reply from unexpected source: 127.0.0.1#xxxxx, expected 127.0.0.1#30153

If I try the same with the server domain name or server ip instead of localhost then the request gets expected response

dig +notcp -p 30153 @xxx-xxx.xxx-xx.com <domain-name-to-be-resolved> ANY

### response I get 

; <<>> DiG x.xx.x-1ubuntu1.13-Ubuntu <<>> +notcp -p 30153 @xxx-xxx.xxx-xx.com <domain-name-to-be-resolved> ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22174
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;<domain-name-to-be-resolved>       IN  ANY

;; ANSWER SECTION:
<domain-name-to-be-resolved>    xxxxx   IN  A   x.xxx.xx.x
<domain-name-to-be-resolved>    xxxxx   IN  AAAA    <mac address>

;; AUTHORITY SECTION:
xxx.            xxxxxx  IN  NS  x.xx.xxx

;; ADDITIONAL SECTION:
x.xx.xx.        xxxxxx  IN  A   127.0.0.1

;; Query time: 0 msec
;; SERVER: xxx.xxx.xxx.xxx#30153(xxx.xxx.xxx.xxx)
;; WHEN: Thu Nov 05 16:47:42 CET 2020
;; MSG SIZE  rcvd: 113

I am unable to understand what's the issue here. Why the localhost doesn't return the result which the same server domain name or the the ip address does? Please let me know what am I missing here?

It's possible that the port 30153 only work for the ip of the host, not localhost. you can check it with `netstat -an | grep 30153` — Kun Li, Nov 06 '20 at 07:37
udp6 5376 0 :::30153 :::* It seems the port is open for all the ips — Vinay Kumar, Nov 06 '20 at 07:57
If I change the protocol of the load balancer to TCP then it works with localhost too. It seems the issue is when using the UDP protocol — Vinay Kumar, Nov 06 '20 at 10:30
What I see is udp6. number 6 suggests ipv6 so try `::1` instead of localhost — Matt, Nov 06 '20 at 11:23
dig +notcp -p 30153 @::1 ANY (connection times out) dig +notcp -p 30153 @127.0.0.1 ANY (reply from unexpected source) — Vinay Kumar, Nov 06 '20 at 11:38

Exposing UDP port of the DNS service externally

0 Answers0