name resolution issues on fresh install

prusaman

Im trying to install on a fresh ubuntu 22.04 instance hosted in EC2. Nothing special about the EC2 instance, name resolution works fine - can update the box, reach out to the internet for the cloudron-setup file etc. However, when attempting to run cloudron-setup - installation borks about midway through:

echo "==> Install collectd"
==> Install collectd
# without this, libnotify4 will install gnome-shell
apt-get install -y libnotify4 libcurl3-gnutls --no-install-recommends
Reading package lists...
Building dependency tree...
Reading state information...
libcurl3-gnutls is already the newest version (7.81.0-1ubuntu1.6).
libcurl3-gnutls set to manually installed.
The following additional packages will be installed:
  libgdk-pixbuf-2.0-0 libgdk-pixbuf2.0-common
Suggested packages:
  gnome-shell | notification-daemon
Recommended packages:
  libgdk-pixbuf2.0-bin
The following NEW packages will be installed:
  libgdk-pixbuf-2.0-0 libgdk-pixbuf2.0-common libnotify4
0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
Need to get 174 kB of archives.
After this operation, 653 kB of additional disk space will be used.
Ign:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgdk-pixbuf2.0-common all 2.42.8+dfsg-1ubuntu0.2
Ign:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgdk-pixbuf-2.0-0 amd64 2.42.8+dfsg-1ubuntu0.2

looks like thats running from /tmp/box-src-XiBMgT/scripts/init-ubuntu.sh, and the issue crops up right from the installation of unbound but doesnt present until the install of libnotify4, etc.

/etc/resolv.conf before install:

nameserver 127.0.0.53
options edns0 trust-ad
search ec2.internal

and after:

nameserver 127.0.0.1
search ec2.internal
options edns0 trust-ad

any idea how to ensure unbound doesnt bork name resolution during the install?

prusaman

This is what I did to get around things on fresh ubuntu 22.04 - not sure yet if best method or not.

apt install unbound -y

cat /etc/unbound/unbound.conf.d/ec2.conf

server:
  val-permissive-mode: yes
  forward-zone:
    name: "."
    forward-addr: 169.254.169.253

Then proceed with the installation as normal. Any thoughts would be greatly appreciated.

girish

@prusaman said in name resolution issues on fresh install:

forward-addr: 169.254.169.253

What is the above IP address? Is that amazon's internal DNS ?

prusaman

@girish said in name resolution issues on fresh install:

169.254.169.253

Yes. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

girish

@prusaman Thanks. OK, so I tried installing on a fresh EC2 instance Ubuntu 22.04 and it installed fine. Can you give me some more information about the networking side of things?

• Auto assign IPv4 ?
• Auto assign IPv6 ?
• Only inside VPC?
• Elastic IP ?
• Does the security group prevent outbound port 53 ?

prusaman

@girish

• Auto assign IPv4: yes, 1918 address as it resides in an isolated VPC
• Auto assign IPv6: No IPv6
• Only inside VPC: My use case was for it to reside in an isolated VPC so havent tested outside of this
• Elastic IP: Not attached to the instances in question. VPC traffic being routed through an internet gateway with an elastic IP associated with it
• Does the security group prevent outbound port 53: No restrictions on outbound traffic

The workaround I posted above worked for me in case anyone else runs into similar issues.

girish

@prusaman ah ok, so the instance has no public IPv4. Let me see if I can reproduce this.

girish

@prusaman If the instance has no IPv4, how do you ssh in ? Via a jump host?