DNS Resolution does not work when using VPN

[5nafu]

What happened?

after the first install and trying to connect to a cluster via VPN, I do get an error:

dial tcp: lookup <MYCLUSTER> on <MY_LOCAL_DNS_SERVER>:53: no such host

What did you expect to happen?

I expected rbac-lookup to connect via VPN to my kubernetes cluster as kubectl and ping

How can we reproduce this?

on a OSX system, connect to a VPN and try to use rbac-lookup to connect to a private kubernetes cluster through this VPN.

version

version 0.7.1 Commit:98a09819f7b91ba2c22da08452fa5d2266b796ee

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

This issue appears to be connected to the Compiler flag CGO_ENABLED=0 as this will tell go (<1.13) to use the go-internal resolver. But this resolver relies on /etc/resolv.conf instead system in place on OSX.
Using VPN with split routing (only traffic to the "private" hostnames are routed via VPN) will not update this file.

You can check the different DNS server in place with scutil --dns

See golang/go#12524 and https://docwhat.org/macos-dns-and-go for details (and a possible work-around for end users).

[sudermanjr]

I'll have to take a look and see if I can reproduce this. Thanks!

[sudermanjr]

I just pushed v0.8.1. Once it's released, can you verify if this is fixed? Thanks!

[5nafu]

Hi @sudermanjr,

thanks for the quick response and release. Unfortunately the result appears to be the same.

For now I compiled the app myself, directly on OSX and was able to use this (192.168.1.1 is my local resolver):

$ for cmd in rbac-lookup_*; do ./$cmd version; ./$cmd -k serviceaccount ; done
#####################
# rbac-lookup_0.8.0 #
#####################
Version:0.8.0 Commit:60c3f3883024f3cd208db3e0a13e225017c58baf
Error loading role bindings
Error loading RBAC Bindings: Get "https://XXX/k8s/clusters/c-qcnln/apis/rbac.authorization.k8s.io/v1/rolebindings": dial tcp: lookup XXX on 192.168.1.1:53: no such host
#####################
# rbac-lookup_0.8.1 #
#####################
Version:0.8.1 Commit:2a901e7d260ede8cf506696dde0824c89b97fe8a
Error loading role bindings
Error loading RBAC Bindings: Get "https://XXX/k8s/clusters/c-qcnln/apis/rbac.authorization.k8s.io/v1/rolebindings": dial tcp: lookup XXX on 192.168.1.1:53: no such host
#############################
# rbac-lookup_self_compiled #
#############################
Version: Commit:n/a
SUBJECT                                                                                                  SCOPE                                                          ROLE
:category-classifier-delegator                                                                           category-classifier                                            Role/namespace-reader
:events-kubernetes-event-exporter                                                                        event-exporter                                                 Role/events-kubernetes-event-exporter-leader
[...]

[sudermanjr]

Can you share what flags you used when compiling? If possible, can you also try using goreleaser --snapshot to compile it? That's what generates the binaries in the release.