Helm Connector DNS not working

inshaal · December 5, 2022, 1:03am

I have Twingate connectors deployed in my Kubernetes cluster via the Helm chart. Once I allow access to the Services subnet, I can access them locally via IP. Like so:

> curl 10.32.14.162/health
{"status":200}

But , when I try to use the the Kubernetes DNS name, it hangs and then can’t find the host (I have validated that this is the correct DNS name from within the k8s cluster):

> curl test-app.default.svc.cluster.local/health    
curl: (6) Could not resolve host: test-app.default.svc.cluster.local

Looking up the DNS values returns nothing, forward and reverse.

# Redacting some IP values in case they are sensitive
> nslookup 10.32.14.162       
Server:         100.x.x.x
Address:        100.x.x.x#53

** server can't find x.x.x.x in-addr.arpa: NXDOMAIN


> nslookup test-app.default.svc.cluster.local
Server:         100.x.x.x
Address:        100.x.x.x#53

** server can't find test-app.default.svc.cluster.local: NXDOMAIN

I also tried deploying the connector with connector.dnsServer set to the value of my Kubernetes DNS server, but it had no effect.

According to this article, the connector should use the private DNS server in its domain. This is not the case for my deployment, however.

Anything I’m missing here? My goal here is to be able to hit a service via the Service name as if you are inside the Kubernetes cluster.

Thanks for any help!

Arthur · December 9, 2022, 8:46pm

Hey Inshaal,

Sorry to hear you’re having this issue.

In order for the client to understand that traffic for test-app.default.svc.cluster.local needs to be routed through the connector, you would need to have it (or a wildcard that covers it) defined as a resource within your Twingate dashboard.

I do see one single wildcard there (*.redacted.dev), so I’m not sure if that should be covering it or not, but if the hostname is truly test-app.default.svc.cluster.local, you will need to define that resource.

I do see that you have an IP range defined for the space that contains the IP you’re connecting to successfully, so we’re halfway there!

If you add the hostname as a resource, does that resolve the issue for you?

Let us know!

inshaal · December 9, 2022, 9:50pm

Hi Arthur,
Yes! That was it! Thank you!

I added *.default.svc.cluster.local to my resources and can access the kubernetes services with test-app.default.svc.cluster.local now.

Arthur · December 9, 2022, 10:10pm

I’m glad to hear it! Let us know if there’s any other issues!

Topic		Replies	Views
Telepresence Connectivity Issues Behind Twingate Support / Troubleshooting	6	174	August 31, 2023
Accessing remote container by name Support / Troubleshooting	4	526	September 22, 2022
Understanding DNS	0	596	May 8, 2023
Issue connecting to .local websites on my LAN using Twingate Support / Troubleshooting	6	271	October 12, 2023
DNS trouble - cannot resolve FQDN Support / Troubleshooting	4	2606	August 15, 2022

Helm Connector DNS not working

Related Topics