consul provider cannot resolve server on VPN

[igrayson]

Hi team,

My consul server lives on a VPN with private DNS. While connected to the VPN, I expect the consul provider to be able to resolve and connect to my consul server.

provider "consul" {
  scheme     = "http"
  address    = "myconsul.myco.com:8500"
  datacenter = "${var.region}"
}

Error:

  Error refreshing state: 1 error(s) occurred:

  * 1 error(s) occurred:

  * Failed to get value for path 'production/redis/service/port' from Consul: Get http://myconsul.myco.com:8500/v1/kv/production/redis/service/port?dc=us-west-2: dial tcp: lookup myconsul.myco.com: no such host

I can ping him:

$ ping myconsul.myco.com
PING myconsul.myco.com (10.10.27.22): 56 data bytes
64 bytes from 10.10.27.22: icmp_seq=0 ttl=63 time=10.788 ms

consul can talk to him:

$ consul --version                                                                                                                                                                                
Consul v0.5.2
Consul Protocol: 2 (Understands back to: 1)
$ consul members -rpc-addr=myconsul.myco.com:8400
Node                                       Address             Status  Type    Build  Protocol  DC
..

This error began with terraform 0.5.3. terraform 0.6.0 does not work either.

This error does not appear, and I am able to use the consul provider fully, in terraform 0.5.2.

[nevir]

Also, in the configuration above, myconsul.myco.com is registered in a private Route 53 zone, which is advertised to the caller via split DNS for myco.com

[igrayson]

Ping. This is pinning us to terraform 0.5.2.

(Still an issue as of latest 0.6.3)

[phinze]

Sorry for the trouble here - that's a weird regression. Will try to reproduce and follow up.

[benlangfeld]

I'm seeing the same sort of thing for the vSphere provider:

* Error setting up client: Post https://pa-cv-vc01.mydatainmotion.com/sdk: dial tcp: lookup pa-cv-vc01.mydatainmotion.com on 208.67.222.222:53: no such host

[apparentlymart]

I think this might be the same thing as #3536, assuming you're on a Mac.

It seems that the cause there was Go's DNS resolver going directly to the global nameservers and bypassing the more complex resolver steps that libc-based applications would do. More details in PR #5925.

Does this seem like plausibly the same thing to you, @igrayson? If so, I'd like to consolidate the discussion about the issue in #3536.

[KostyaSha]

Would it be possible to push docker versions for previous minor versions instead of 3 latest 0.6.x?

[igrayson]

@apparentlymart Plausible.

[apparentlymart]

Thanks @igrayson! I am going to close this in favor of the other existing issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.