Forward DNS for Consul Service Discovery + DigitalOcean + Youtube

Consul
1

Hello, I have a huge problem with the configuration of DNS in Consul. I am following the tutorial series from Hashicorp (Youtube): # Getting into HashiCorp Consul and I’m stuck in Part 2, which is about the DNS configuration. My test environment is as follows: Two Ubuntu servers from DigitalOcean. Consul is installed and a sample service has been created. But the DNS resolution simply does not work (dig) dig .service.consul returns an error. What I have found out so far:

  1. /etc/resolv.conf has the correct setting at the beginning of the configuration => nameserver 127.0.0.53 but if I proceed as in the docs: https://developer.hashicorp.com/consul/tutorials/networking/dns-forwarding#systemd-resolved-setup it messes up the configuration, which then looks like this: …
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 67.207.67.2 
nameserver 67.207.67.3 
nameserver 67.207.67.2
# Too many DNS servers configured, the following entries may be ignored.

nameserver 67.207.67.3 
nameserver 67.207.67.2 
nameserver 67.207.67.3 
search .
  1. With the command: resolvectl query consul.service.consul I get the following error: consul.service.consul: resolve call failed: ‘consul.service.consul’ not found

As I said, I am using the official docs, to be more precise, the “systemd-resolved-setup”. Hopefully, you can help me further, I wanted to present the “hashistack” in my company in two weeks, I think I was too optimistic XD.
Best regards.

2

Hi @unixbot,

Welcome to HashiCorp Forums!

I was able to get this working by amending the DigitalOcean.conf with the following.

# file: /etc/systemd/resolved.conf.d/DigitalOcean.conf
[Resolve]
DNS=127.0.0.1:8600
FallbackDNS=67.207.67.2 67.207.67.3

Please note that I am not that familiar with the recent DigitalOcean (I used it many years ago), but I hope this works for you. I am not sure whether DigitalOcean would replace this file on reboot.

root@ubuntu-s-1vcpu-512mb-10gb-syd1-01:~# resolvectl status
Global
           Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 127.0.0.1:8600
         DNS Servers: 127.0.0.1:8600
Fallback DNS Servers: 67.207.67.2 67.207.67.3

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 67.207.67.2
       DNS Servers: 67.207.67.2 67.207.67.3

Link 3 (eth1)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 67.207.67.3
       DNS Servers: 67.207.67.2 67.207.67.3

root@ubuntu-s-1vcpu-512mb-10gb-syd1-01:~# resolvectl query consul.service.consul
consul.service.consul: 127.0.0.1

-- Information acquired via protocol DNS in 9.7ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network
root@ubuntu-s-1vcpu-512mb-10gb-syd1-01:~# resolvectl query hashicorp.com
hashicorp.com: 76.76.21.21                     -- link: eth0

-- Information acquired via protocol DNS in 155.7ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

I hope this helps.

1 Like