ODD DNS issue with packages.elastic.co


(Eric) #1

We had a very odd issue recently and it turned out to be caused by the long DNS record for packages.elastic.co.

The beats.repo uses that URL. During yum installs the DNS lookup would hang.

Turns out there is a limit on DNS UDP packets to 512 bytes. The response seemed to break that limit. DNS would normally then try TCP, but we did not have TCP port 53 open in our security.

The solutions was to enable TCP on port 53.

This is the DNS record response as of today 5/2/17. It is 637 bytes. Apparently this is longer that is was a few days ago when it all worked.

getent ahosts packages.elastic.co
184.72.234.88 STREAM dualstack.download-colb-770446651.us-east-1.elb.amazonaws.com
184.72.234.88 DGRAM
184.72.234.88 RAW
23.21.84.196 STREAM
23.21.84.196 DGRAM
23.21.84.196 RAW
54.204.26.172 STREAM
54.204.26.172 DGRAM
54.204.26.172 RAW
23.21.140.167 STREAM
23.21.140.167 DGRAM
23.21.140.167 RAW
23.23.136.240 STREAM
23.23.136.240 DGRAM
23.23.136.240 RAW
174.129.40.40 STREAM
174.129.40.40 DGRAM
174.129.40.40 RAW
184.73.227.9 STREAM
184.73.227.9 DGRAM
184.73.227.9 RAW
23.21.201.107 STREAM
23.21.201.107 DGRAM
23.21.201.107 RAW


(Mark Walkom) #2

Thanks for raising this, I have checked with our infra team who handles DNS and we'll get back to you :slight_smile:


(Mark Walkom) #3

This is known functionality with DNS (ie Route53) - http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSBehavior.html

And as AWS provide the resolved CNAME, dualstack.download-colb-770446651.us-east-1.elb.amazonaws.com, we can't shorten that either sorry. You will need to use TCP instead of UDP.


(Eric) #4

Understood. It was a tough issue to diagnose. I hope others may find this bit of information useful. I have worked many places and most only default DNS to 53/UDP in their firewalls.


(system) #5

This topic was automatically closed after 21 days. New replies are no longer allowed.