ODD DNS issue with packages.elastic.co

(Eric) #1

We had a very odd issue recently and it turned out to be caused by the long DNS record for packages.elastic.co.

The beats.repo uses that URL. During yum installs the DNS lookup would hang.

Turns out there is a limit on DNS UDP packets to 512 bytes. The response seemed to break that limit. DNS would normally then try TCP, but we did not have TCP port 53 open in our security.

The solutions was to enable TCP on port 53.

This is the DNS record response as of today 5/2/17. It is 637 bytes. Apparently this is longer that is was a few days ago when it all worked.

getent ahosts packages.elastic.co STREAM dualstack.download-colb-770446651.us-east-1.elb.amazonaws.com DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW STREAM DGRAM RAW

(Mark Walkom) #2

Thanks for raising this, I have checked with our infra team who handles DNS and we'll get back to you :slight_smile:

(Mark Walkom) #3

This is known functionality with DNS (ie Route53) - http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSBehavior.html

And as AWS provide the resolved CNAME, dualstack.download-colb-770446651.us-east-1.elb.amazonaws.com, we can't shorten that either sorry. You will need to use TCP instead of UDP.

(Eric) #4

Understood. It was a tough issue to diagnose. I hope others may find this bit of information useful. I have worked many places and most only default DNS to 53/UDP in their firewalls.

(system) #5

This topic was automatically closed after 21 days. New replies are no longer allowed.