Core_dns keeps failing my local DNS server, so local hosts don't resolve

Hi folks,

I have this setup replicated across multiple homes, I’m not sure why this one is different:

Router: Technicolor TG799vac, rooted
HomeAssistant Installation: supervised install on Armbian, Orange Pi Prime


docker exec -it hassio_cli ha dns info
host: 172.30.32.3
locals:
- dns://10.0.21.1
servers:
- dns://10.0.21.1
version: "9"
version_latest: "9"
docker exec -it hassio_dns bash
bash-5.0# nslookup
> server 10.0.21.1
Default server: 10.0.21.1
Address: 10.0.21.1#53
> set type=ns
> .
Server:		10.0.21.1
Address:	10.0.21.1#53

Non-authoritative answer:
.	nameserver = i.root-servers.net.
.	nameserver = f.root-servers.net.
.	nameserver = g.root-servers.net.
.	nameserver = d.root-servers.net.
.	nameserver = c.root-servers.net.
.	nameserver = l.root-servers.net.
.	nameserver = a.root-servers.net.
.	nameserver = j.root-servers.net.
.	nameserver = k.root-servers.net.
.	nameserver = m.root-servers.net.
.	nameserver = e.root-servers.net.
.	nameserver = h.root-servers.net.
.	nameserver = b.root-servers.net.

Authoritative answers can be found from:
root@server:/usr/share/hassio/dns# cat corefile
.:53 {
    log
    errors
    loop
    
    hosts /config/hosts {
        fallthrough
    }
    template ANY AAAA local.hass.io hassio {
        rcode NOERROR
    }
    mdns
    forward . dns://10.0.21.1 dns://127.0.0.1:5553 {
        except local.hass.io
        policy sequential
        health_check 5s
	max_fails 0
    }
    fallback REFUSED . dns://127.0.0.1:5553
    fallback SERVFAIL . dns://127.0.0.1:5553
    fallback NXDOMAIN . dns://127.0.0.1:5553
    cache 10
}

.:5553 {
    log
    errors
    
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
        except local.hass.io
        health_check 10s
    }
    cache 30
}

On my latest install, CoreDNS keeps ignoring my local DNS server, unless I set max_fails 0 in hassio/dns/corefile (which occasionally gets clobbered). CoreDNS docs say this occurs if the DNS server returns an error, but it seems to be working OK when I poke it with nslookup from within the DNS container.

Does anyone know why this is going on? Is there a way to customise the generated corefile?

Cheers

1 Like

have you ever found a resolution ?