Reverse DNS fails (dns: bad rdata) if container name is larger than 62 characters

curtiskennington · April 13, 2021, 9:13am

Hi,

I am using GitLab CI/CD which generates container names in a very large format to ensure uniqueness across projects, pipelines, etc - e.g.:

runner-jl9klc-project-30504-concurrent-0-fd6217607b395033-build-3

Gitlab also provides aliases for these containers (e.g. build, mariadb, etc.)

I am trying to connect to a Java JMX/RMI interface which is hosted on another container in the same bridge network. Forward DNS lookups for the alias work correctly, but Java RMI security requires a reverse DNS lookup to authenticate the connection. In this case no response is received from Docker DNS:

nslookup build
Server:		127.0.0.11
Address:	127.0.0.11#53

Non-authoritative answer:
Name:	build
Address: 172.18.0.2

.

nslookup 172.18.0.2
;; connection timed out; no servers could be reached

Looking into the docker daemon log I can see the following errors:

Apr 13 08:20:06 test-docker.novalocal dockerd[15371]: time="2021-04-13T08:20:06.417125309Z" level=debug msg="[resolver] lookup for IP 2.0.19.172: name runner-jl9klc-project-30504-concurrent-0-fd6217607b395033-build-3.runner-jl9klc-project-30504-concurrent-0-job-1297211-network"
Apr 13 08:20:06 test-docker.novalocal dockerd[15371]: time="2021-04-13T08:20:06.417150733Z" level=error msg="[resolver] error writing resolver resp, dns: bad rdata"

Through manual testing I was able to verify that reverse DNS fails once the container name is larger than 62 characters.

Unfortunately I believe this Gitlab CI Runner behaviour is hard-coded so cannot be configured to make the container names smaller. Is there something that can be done in docker to mitigate this issue?

OS: CentOS 7
Docker Version:

Server: Docker Engine - Community
 Engine:
  Version:          20.10.6
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8728dd2
  Built:            Fri Apr  9 22:43:57 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.4
  GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc:
  Version:          1.0.0-rc93
  GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdec
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Curtis