Consul domain name resolve

I deployed Nomad and Consul in Azure via Terraform by using the following repo.

Cluster is running and I’m able to access the Nomad and Consul web interface and run Consul and Nomad commands to check the clients and servers.

I deployed jobs to the Nomad cluster, but containers are not able to resolve consul domain names.
Dig command output:

could you help me to fix the issue pls?

Hi @serxansherif,

Welcome to the HashiCorp Forums!

The DNS resolution doesn’t work because the Consul Cluster has ACL enabled, and by default (when the default policy is deny), the DNS won’t return results due to insufficient permission.

Ideally, for the DNS resolution to work, you have to create a new token with enough policy and apply the token as a default token for the Consul agent, which acts as the DNS.

Considering you are running Nomad and every client agent needs to resolve DNS queries, you can consider updating the anonymous token policy to allow DNS queries to work.

Try the following steps:

  • Create a policy for anonymous token
consul acl policy create \
    -name anonymous-policy \
    -rules 'service_prefix "" { policy = "read" } node_prefix "" { policy = "read" }' \
    -token <your-consul-bootstrap-token>
  • Attach the policy to the anonymous token
consul acl token update -id anonymous -policy-name anonymous-policy -token <your-consul-bootstrap-token>

Retry the DNS lookup from the host, and it should start working.

If the same has to work from within the container, the containers should be started with --dns <docker-bride-ip> arg. In Nomad, you can do the equivalent by using the network {} block.

Ref: network Block - Job Specification | Nomad | HashiCorp Developer

1 Like

hi @Ranjandas
thanks for your comment.

this helped me to solve the issue.
thanks for your support.