On Wed, Mar 15, 2017 at 12:58:02PM +0000, dominic.chambers@glencore.com wrote:
> HI Rich,
> 
> Thanks for the prompt response here. Apologies for any confusion I
> may have created, but I think the server is responding with an
> overall `NXDOMAIN` response. This is what I get from running `dig
> google.com.default.svc.cluster.local`:
> 
> ```
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com.default.svc.cluster.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20863
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;google.com.default.svc.cluster.local. IN A
> 
> ;; AUTHORITY SECTION:
> cluster.local.          60      IN      SOA     ns.dns.cluster.local. hostmaster
> .cluster.local. 1489579200 28800 7200 604800 60
> 
> ;; Query time: 0 msec
> ;; SERVER: 10.43.0.10#53(10.43.0.10)
> ;; WHEN: Wed Mar 15 12:49:14 UTC 2017
> ;; MSG SIZE  rcvd: 147
> ```
> 
> Although there's less information with nslookup, the response from
> running `nslookup google.com.default.svc.cluster.local` seems even
> more definitive:
> 
> ```
> Server:         10.43.0.10
> Address:        10.43.0.10#53
> 
> ** server can't find google.com.default.svc.cluster.local: NXDOMAIN
> ```
> 
> Maybe I was just reading too much into the output from dig regarding
> exactly what was being returned from the server. Any further
> thoughts?

Can you send an strace log of an affected lookup with musl's resolver
(rather than dig/nslookup which use bind's resolver) for me to look
at? Attached is source for a trivial sample utility to perform a
lookup.

Rich