Request for participants - PMS 1.23.x DNS investigation

Plex Media Server
, , ,
41

Here you go. FWIW I’m already using cloudflare dns as my only upstream dns.

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39720
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c2ed9beb6d99d1c7 (echoed)
;; QUESTION SECTION:
;plex.tv.                       IN      A

;; ANSWER SECTION:
plex.tv.                16      IN      A       108.128.10.254
plex.tv.                16      IN      A       99.81.164.127
plex.tv.                16      IN      A       99.81.153.144

;; Query time: 76 msec
;; SERVER: 172.17.0.10#53(172.17.0.10)
;; WHEN: Sun Jun 27 00:59:04 EDT 2021
;; MSG SIZE  rcvd: 117


; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53150
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ca3265569bb1db40 (echoed)
;; QUESTION SECTION:
;plex.tv.                       IN      AAAA

;; AUTHORITY SECTION:
plex.tv.                30      IN      SOA     jeremy.ns.cloudflare.com. dns.cloudflare.com. 2037643526 10000 2400 604800 3600

;; Query time: 76 msec
;; SERVER: 172.17.0.10#53(172.17.0.10)
;; WHEN: Sun Jun 27 01:01:38 EDT 2021
;; MSG SIZE  rcvd: 133

From plex logs

Jun 27, 2021 00:59:28.879 [0x7f43ec728b38] ERROR - Error issuing curl_easy_perform(handle): 6
Jun 27, 2021 01:00:48.898 [0x7f43ec694b38] ERROR - Error issuing curl_easy_perform(handle): 6
Jun 27, 2021 01:03:28.918 [0x7f43ec791b38] ERROR - Error issuing curl_easy_perform(handle): 6
42

what is this?

jeremy.ns.cloudflare.com.

Are you front-ending CloudFlare in some way?

(DNS is not my strong suit + the hour is late here)

I’m going to ask our guru to come take a look.
Would you mind sharing your /etc/resolv.conf for her to look at ?

43

[root@streamlink ~]# dig plex.tv

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> plex.tv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30907
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 369fcbb2776ac906735059f460d816e5f75aecea8a6e8711 (good)
;; QUESTION SECTION:
;plex.tv. IN A

;; ANSWER SECTION:
plex.tv. 20 IN A 108.128.10.254
plex.tv. 20 IN A 99.81.153.144
plex.tv. 20 IN A 99.81.164.127

;; AUTHORITY SECTION:
plex.tv. 76189 IN NS rafe.ns.cloudflare.com.
plex.tv. 76189 IN NS jeremy.ns.cloudflare.com.

;; ADDITIONAL SECTION:
jeremy.ns.cloudflare.com. 94850 IN A 108.162.193.180
jeremy.ns.cloudflare.com. 94850 IN A 172.64.33.180
jeremy.ns.cloudflare.com. 94850 IN A 173.245.59.180
jeremy.ns.cloudflare.com. 94850 IN AAAA 2803:f800:50::6ca2:c1b4
jeremy.ns.cloudflare.com. 94850 IN AAAA 2a06:98c1:50::ac40:21b4
jeremy.ns.cloudflare.com. 94850 IN AAAA 2606:4700:58::adf5:3bb4

;; Query time: 14 msec
;; SERVER: 10.1.1.2#53(10.1.1.2)
;; WHEN: Sun Jun 27 02:12:53 EDT 2021
;; MSG SIZE rcvd: 301

44

Would you mind sharing your /etc/resolv.conf ?

45

[root@streamlink ~]# cat /etc/resolv.conf

Generated by NetworkManager

search wizard.lab
nameserver 10.1.1.2

10.1.1.2 is a local nameserver that acts as a non forwarder nameserver… in other words it resolves domains on its own without help beisdes root servers…

46

In order to diagnose DNS issues, I’ll need to see the /etc/resolv.conf from the affected system (if it’s in a container/VM, that means within the container, not on the host), as well as /etc/nsswitch.conf (if it exists). This’ll tell me what PMS is attempting to use to resolve domain names, and what other software on your machine might be doing differently.

Please mark config file contents as code blocks (wrap in triple-backticks, ```) or upload them as attachments to avoid formatting issues.

We’re currently aware of 2 issues, both of which should be mitigated in the current release:

  • Nonstandard DNS configurations, e.g. a system where /etc/resolv.conf doesn’t provide a working resolver, 127.0.0.1 (the standard fallback address) also does not host a resolver, and other programs work only by connecting to systemd-resolved via a glibc-specific mechanism.
    • In most cases, this involves resolv.conf either being entirely missing, or containing no nameservers; we’ve resolved these by adding 127.0.0.53 (the address systemd-resolved listens on) as a hardcoded default fallback, but a correct configuration should have nameserver 127.0.0.53 in /etc/resolv.conf.
    • If you do have a resolv.conf that lists nameservers, but none of them is able to resolve plex.tv, then we can’t automatically fall back (since as far as we can tell, your config file looks fine!). If you know of some other way we should be discovering other nameservers to use on your machine, please let us know, but otherwise, you should probably fix your resolv.conf to list a server that works.
  • A bug in the DNS filtering code used in Eero-brand consumer routers (and possibly other systems, though we haven’t had any reports of that) causes the DNS SERVFAIL error response to be sent when the actual response didn’t contain the requested record. This means that responses to AAAA queries for domains that don’t have AAAA records (e.g. plex.tv) return SERVFAIL. This response is normally used to indicate that something has gone wrong (network issue, potential attack, etc.), and conformant servers never return it for routine “no such record” cases, so musl treats this error as fatal and fails the entire lookup.
    • We’re working around this issue by ignoring SERVFAIL replies to AAAA queries when an A query succeeded, matching glibc’s behavior. However, this remains a bug on Eero’s end, and it’s possible that it may cause other issues for Plex and other software later on. It’s been reported to Eero engineering by a few people, but please do let them know if you’re also affected.

It’s very likely that remaining DNS issues are variants of the ones listed above, but if you think you have a different problem, please let us know with all the detail requested above. Thanks for your cooperation.

47

Can 10.1.1.2 resolve plex.tv (e.g. dig plex.tv @10.1.1.2)?

If not, do you know what nameserver other applications on your system are using, or how they’re discovering its address? If resolv.conf just tells us to use a server that isn’t capable of resolving public domains, we’re in a pretty tight spot. It’s possible that the contents of /etc/nsswitch.conf might help.

My best guess is that this is an unfortunate interaction between systemd-resolved and NetworkManager: the glibc-specific /etc/nsswitch.conf points at systemd-resolved, so glibc applications are able to resolve domains using that, but NetworkManager is also creating a valid-looking (but limited-utility) /etc/resolv.conf, so we don’t detect a missing configuration and try to fall back on 127.0.0.1 (the standard address) and 127.0.0.53 (the systemd-resolved one, which we added to try to work around these kinds of situations). I’m not entirely sure how systemd-resolved itself would know that it needs to use something else in this configuration… Maybe you have something in /etc/systemd/resolved.conf?

If I’m right about that, your best bet to address this will be to either configure NetworkManager to stop generating /etc/resolv.conf (if it’s not actually needed for anything), or configure it to append nameserver 127.0.0.53 (so we know to also try systemd-resolved).

Keep in mind that this kind of issue will affect any package that either doesn’t use glibc, or that’s statically linked (and thus unable to use NSS to talk to systemd-resolved).

48

In CentOS all podman/docker container images use the local resolver pointed at /etc/resolv.conf. It’s the same on the host as in the container. 10.1.1.2 is my bind server running as an authorative dns server although that doesn’t matter for external lookups. There are no forwarder addresses so all it’s using is root servers.

49

What do you get from dig plex.tv @10.1.1.2?

50

[root@streamlink ~]# dig plex.tv @10.1.1.2

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> plex.tv @10.1.1.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11723
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 47d98768bbf4ced667fad8a360d82c06b4ff705869cb260a (good)
;; QUESTION SECTION:
;plex.tv. IN A

;; ANSWER SECTION:
plex.tv. 49 IN A 99.81.164.127
plex.tv. 49 IN A 99.81.153.144
plex.tv. 49 IN A 108.128.10.254

;; AUTHORITY SECTION:
plex.tv. 70780 IN NS jeremy.ns.cloudflare.com.
plex.tv. 70780 IN NS rafe.ns.cloudflare.com.

;; ADDITIONAL SECTION:
jeremy.ns.cloudflare.com. 89441 IN A 172.64.33.180
jeremy.ns.cloudflare.com. 89441 IN A 173.245.59.180
jeremy.ns.cloudflare.com. 89441 IN A 108.162.193.180
jeremy.ns.cloudflare.com. 89441 IN AAAA 2606:4700:58::adf5:3bb4
jeremy.ns.cloudflare.com. 89441 IN AAAA 2803:f800:50::6ca2:c1b4
jeremy.ns.cloudflare.com. 89441 IN AAAA 2a06:98c1:50::ac40:21b4

;; Query time: 14 msec
;; SERVER: 10.1.1.2#53(10.1.1.2)
;; WHEN: Sun Jun 27 03:43:02 EDT 2021
;; MSG SIZE rcvd: 301

51

Hmmm, that all looks right… How about for dig plex.tv AAAA @10.1.1.2?

52

[root@streamlink ~]# dig plex.tv AAAA @10.1.1.2

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> plex.tv AAAA @10.1.1.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 488d80f0b03d87f871e239bb60d82d43321767ee0c4be3ee (good)
;; QUESTION SECTION:
;plex.tv. IN AAAA

;; AUTHORITY SECTION:
plex.tv. 2422 IN SOA jeremy.ns.cloudflare.com. dns.cloudflare.com. 2037644551 10000 2400 604800 3600

;; Query time: 0 msec
;; SERVER: 10.1.1.2#53(10.1.1.2)
;; WHEN: Sun Jun 27 03:48:19 EDT 2021
;; MSG SIZE rcvd: 128

I get the same return running it directly on the nameserver.

53

Ah, I checked in for some more details in DM, and it turns out @kegbeach’s setup is actually working just fine with current PMS; we’d just assumed something was wrong since they were posting DNS results in this thread.

If your setup is working properly, there’s no need to send me anything :slight_smile:

54

@Ridley

resolv.conf 
nameserver 172.17.0.10
search default.svc.cluster.local svc.cluster.local cluster.local local
options ndots:5


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files
group:          files
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv @172.17.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21567
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a9329c54cb9f26d4 (echoed)
;; QUESTION SECTION:
;plex.tv.                       IN      A

;; ANSWER SECTION:
plex.tv.                25      IN      A       99.81.164.127
plex.tv.                25      IN      A       99.81.153.144
plex.tv.                25      IN      A       108.128.10.254

;; Query time: 108 msec
;; SERVER: 172.17.0.10#53(172.17.0.10)
;; WHEN: Sun Jun 27 09:39:30 EDT 2021
;; MSG SIZE  rcvd: 117

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv AAAA @172.17.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4896
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8f894678364c2407 (echoed)
;; QUESTION SECTION:
;plex.tv.                       IN      AAAA

;; AUTHORITY SECTION:
plex.tv.                30      IN      SOA     jeremy.ns.cloudflare.com. dns.cloudflare.com. 2037646707 10000 2400 604800 3600

;; Query time: 76 msec
;; SERVER: 172.17.0.10#53(172.17.0.10)
;; WHEN: Sun Jun 27 09:40:34 EDT 2021
;; MSG SIZE  rcvd: 133

Update:
So for some odd reason this morning it is working perfectly. No curl errors in the logs. Las night it was not. Nothing has changed on my end, because I was sleeping……

55

I’m willing to help troubleshoot. This is still a problem for me. I’ve been following since 6/6 when I first ran into this problem. Apologies in advance for the complicated setup and verbosity!

Versions of plex attempted:

  • Works OK: 1.22.3.4392-d7c624def
  • Works OK: 1.22.3.4523-d0ce30438
  • DNS broken: 1.23.3.4707-ebb5fe9f3
  • DNS broken: 1.23.4.4805-186bae04e

Environment:

  • plex is running in k8s, single pod (replica=1), image is plexinc/pms-docker
  • k8s 1.20 on intel nuc (recently upgraded from 1.19, had the same plex dns issues on 1.19)
  • k8s is dual-stack ipv4 and ipv6 via flannel
  • non-k8s network is not dual-stack (ipv4 only)
  • ISP is not dual-stack (ipv4 only)
  • AdGuard DNS (no DHCP; enabled: 53/udp, 53/tcp, DoH, DoT, DoQ), with DoH quad 9 upstream, k8s internal is 53/udp only
  • all hosts are Ubuntu Focal 20.04.2 (focal-server-cloudimg)
  • i do not run EERO devices, i run ubiquiti gear (USG-3P, USW-24-PoE, etc.)
  • DNS path for k8s nodes: plex (source, 10.42.6.171) > k8s coredns (cache, 53/udp, 10.43.0.10) > USG-3P (cache, 53/udp, 192.168.68.1) > AdGuard (cache, DoH, 192.168.68.104) > quad-9 (public destination, https://dns10.quad9.net/dns-query)
  • attached the deployment/network/storage spec i run (parts are redacted):
    k8s-plex.yaml.txt (6.4 KB)

Now for some diagnostic info, :fingers-crossed: private stuff is redacted… -----BEGIN WALL OF TEXT-----

# plex version 1.23.4.4805
ᐅ kubectl get pods -n plex -o go-template='{{range .items}}{{range .spec.containers}}{{.image}} {{end}}{{end}}'
plexinc/pms-docker:1.23.4.4805-186bae04e

# k8s version
ᐅ kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8", GitCommit:"5575935422cc1cf5169dfc8847cb587aa47bac5a", GitTreeState:"clean", BuildDate:"2021-06-16T13:00:45Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8", GitCommit:"5575935422cc1cf5169dfc8847cb587aa47bac5a", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:07Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/arm64"}

# adguard version
ᐅ kubectl get pods -n home-dns -o go-template='{{range .items}}{{range .spec.containers}}{{.image}} {{end}}{{end}}'
adguard/adguardhome:v0.106.3 adguard/adguardhome:v0.106.3

# date
Sun Jul 18 22:01:37 UTC 2021

# grep -iC2 'warn\|error' Plex\ Media\ Server.log
# ... truncated
--
Jul 18, 2021 21:53:02.596 [0x7f039d871b38] DEBUG - MyPlex: Updating device connections (from timer: 1)
Jul 18, 2021 21:53:02.596 [0x7f039d871b38] DEBUG - HTTP requesting PUT https://plex.tv/devices/xxxxSOME_SHA1xxxx?Connection[][uri]=https://xxxx.dev:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=1&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Jul 18, 2021 21:53:02.604 [0x7f039d871b38] ERROR - Error issuing curl_easy_perform(handle): 6
Jul 18, 2021 21:53:02.604 [0x7f039d871b38] WARN - HTTP error requesting PUT https://plex.tv/devices/xxxxSOME_SHA1xxxx?Connection[][uri]=https://xxxxx.dev:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=1&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (6, Couldn't resolve host name) (Could not resolve host: plex.tv)
Jul 18, 2021 21:53:02.604 [0x7f039d871b38] WARN - MyPlex: Updating device connections failed, retrying in 2560 seconds.
Jul 18, 2021 21:53:04.833 [0x7f039da0eb38] DEBUG - Request: [10.42.1.1:34674 (Subnet)] GET /identity (7 live) Signed-in
Jul 18, 2021 21:53:04.833 [0x7f039ddcdb38] DEBUG - Completed: [10.42.1.1:34674] 200 GET /identity (7 live) 0ms 369 bytes
--
Jul 18, 2021 21:55:54.833 [0x7f039ddf0b38] DEBUG - Completed: [10.42.1.1:34828] 200 GET /identity (7 live) 0ms 369 bytes
Jul 18, 2021 21:56:00.561 [0x7f039c56ab38] DEBUG - [MediaProviderManager] HTTP requesting GET https://plex.tv/media/providers?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Jul 18, 2021 21:56:00.569 [0x7f039c56ab38] ERROR - [MediaProviderManager] Error issuing curl_easy_perform(handle): 6
Jul 18, 2021 21:56:00.569 [0x7f039c56ab38] WARN - [MediaProviderManager] HTTP error requesting GET https://plex.tv/media/providers?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (6, Couldn't resolve host name) (Could not resolve host: plex.tv)
Jul 18, 2021 21:56:00.569 [0x7f039c56ab38] ERROR - [MediaProviderManager] Error parsing content.
Jul 18, 2021 21:56:00.569 [0x7f039c56ab38] ERROR - [MediaProviderManager] Error parsing XML: Error parsing file.
Jul 18, 2021 21:56:02.270 [0x7f039da0eb38] DEBUG - Request: [10.42.1.1:34838 (Subnet)] GET /identity (7 live) Signed-in
Jul 18, 2021 21:56:02.271 [0x7f039ddf0b38] DEBUG - Completed: [10.42.1.1:34838] 200 GET /identity (7 live) 0ms 369 bytes
--
Jul 18, 2021 22:00:54.835 [0x7f039ddcdb38] DEBUG - Completed: [10.42.1.1:35074] 200 GET /identity (7 live) 0ms 369 bytes
Jul 18, 2021 22:01:00.571 [0x7f039d871b38] DEBUG - [MediaProviderManager] HTTP requesting GET https://plex.tv/media/providers?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Jul 18, 2021 22:01:00.580 [0x7f039d871b38] ERROR - [MediaProviderManager] Error issuing curl_easy_perform(handle): 6
Jul 18, 2021 22:01:00.580 [0x7f039d871b38] WARN - [MediaProviderManager] HTTP error requesting GET https://plex.tv/media/providers?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (6, Couldn't resolve host name) (Could not resolve host: plex.tv)
Jul 18, 2021 22:01:00.580 [0x7f039d871b38] ERROR - [MediaProviderManager] Error parsing content.
Jul 18, 2021 22:01:00.580 [0x7f039d871b38] ERROR - [MediaProviderManager] Error parsing XML: Error parsing file.
Jul 18, 2021 22:01:02.269 [0x7f039da0eb38] DEBUG - Request: [10.42.1.1:35084 (Subnet)] GET /identity (7 live) Signed-in
Jul 18, 2021 22:01:02.269 [0x7f039ddcdb38] DEBUG - Completed: [10.42.1.1:35084] 200 GET /identity (7 live) 0ms 369 bytes

# cat /etc/resolv.conf 
search plex.svc.cluster.local svc.cluster.local cluster.local xxxxx.dev
nameserver 10.43.0.10
options ndots:5

# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files
group:          files
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

ᐅ kgs -n kube-system
NAME                                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                        AGE
kube-dns                                             ClusterIP   10.43.0.10      <none>        53/UDP,53/TCP,9153/TCP         x
...

ᐅ kds -n kube-system kube-dns
Name:              kube-dns
Namespace:         kube-system
Labels:            k8s-app=kube-dns
                   kubernetes.io/cluster-service=true
                   kubernetes.io/name=KubeDNS
Annotations:       prometheus.io/port: 9153
                   prometheus.io/scrape: true
Selector:          k8s-app=kube-dns
Type:              ClusterIP
IP Families:       <none>
IP:                10.43.0.10
IPs:               10.43.0.10
Port:              dns  53/UDP
TargetPort:        53/UDP
Endpoints:         10.42.2.33:53,10.42.5.19:53
Port:              dns-tcp  53/TCP
TargetPort:        53/TCP
Endpoints:         10.42.2.33:53,10.42.5.19:53
...

ᐅ kgp -n kube-system -lk8s-app=kube-dns -owide
NAME                      READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
coredns-74ff55c5b-f5nc7   1/1     Running   0          12d   10.42.2.33   x        <none>           <none>
coredns-74ff55c5b-tpjmv   1/1     Running   0          12d   10.42.5.19   x        <none>           <none>

# dig plex.tv A @10.43.0.10

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv A @10.43.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56660
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;plex.tv.			IN	A

;; ANSWER SECTION:
plex.tv.		15	IN	A	99.81.164.127
plex.tv.		15	IN	A	99.81.153.144
plex.tv.		15	IN	A	108.128.10.254

;; Query time: 32 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Sun Jul 18 22:08:34 UTC 2021
;; MSG SIZE  rcvd: 105

# dig plex.tv AAAA @10.43.0.10

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv AAAA @10.43.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3736
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;plex.tv.			IN	AAAA

;; Query time: 4 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Sun Jul 18 22:08:51 UTC 2021
;; MSG SIZE  rcvd: 36

# NOTE: same result in both container and host
# dig plex.tv AAAA

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15251
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;plex.tv.			IN	AAAA

;; Query time: 4 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Sun Jul 18 22:09:47 UTC 2021
;; MSG SIZE  rcvd: 36

# NOTE: same result in both container and host
# dig plex.tv A

; <<>> DiG 9.16.1-Ubuntu <<>> plex.tv A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42323
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;plex.tv.			IN	A

;; ANSWER SECTION:
plex.tv.		30	IN	A	108.128.10.254
plex.tv.		30	IN	A	99.81.153.144
plex.tv.		30	IN	A	99.81.164.127

;; Query time: 36 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Sun Jul 18 22:10:11 UTC 2021
;; MSG SIZE  rcvd: 105

# NOTE: same result in both container and host
# curl --ipv4 https://plex.tv
<html><body>You are being <a href="https://www.plex.tv/">redirected</a>.</body></html>

# NOTE: same result in both container and host
# curl --ipv6 https://plex.tv
curl: (6) Could not resolve host: plex.tv

# NOTE: same result on both container and (roughly, in veth form) host
# cat /sys/module/ipv6/parameters/disable
0

# sysctl -a 2>/dev/null | grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

# NOTE: inside the container
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether ee:71:0b:a4:8b:36 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.42.6.171/24 brd 10.42.6.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec71:bff:fea4:8b36/64 scope link 
       valid_lft forever preferred_lft forever

Proof Adguard is getting these queries (formatted to avoid screenshots):

14:50:19 7/18/2021 plex.tv Type: A, Plain DNS Processed 26 ms 192.168.0.0
Response details
  Status: Processed
  DNS server: https://dns10.quad9.net:443/dns-query
  Elapsed: 26 ms
  Response code: NOERROR
  Response:
    A: 99.81.153.144 (ttl=20)
    A: 99.81.164.127 (ttl=20)
    A: 108.128.10.254 (ttl=20)

14:50:17 7/18/2021 plex.tv Type: AAAA, Plain DNS Processed 26 ms 192.168.0.0
Response details
  Status: Processed
  DNS server: https://dns10.quad9.net:443/dns-query
  Elapsed: 26 ms
  Response code: NOERROR

More DNS info from the host perspective (snippets):

# resolvectl status

# ...truncated
Link 8 (vethe7350ab5)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no 

Link 5 (cni0)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no  

Link 4 (flannel.1)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no  

Link 2 (eno1)
      Current Scopes: DNS         
DefaultRoute setting: yes         
       LLMNR setting: yes         
MulticastDNS setting: no          
  DNSOverTLS setting: no          
      DNSSEC setting: no          
    DNSSEC supported: no          
  Current DNS Server: 192.168.68.1
         DNS Servers: 192.168.68.1
          DNS Domain: xxxxx.dev

I downgraded to 1.22.3, and now things are working just fine, e.g.:

# grep -iC2 'plex.tv' /config/Library/Application\ Support/Plex\ Media\ Server/Logs/Plex\ Media\ Server.log
Jul 18, 2021 22:33:55.143 [0x7f1ed77fe700] DEBUG - MyPlex: Updating device connections (from timer: 0)
Jul 18, 2021 22:33:55.143 [0x7f1ed77fe700] DEBUG - HTTP requesting PUT https://plex.tv/devices/xxxxSOME_SHA1xxxx?Connection[][uri]=https://xxxxx.dev:32400&Connection[][uri]=http://x.x.x.x:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=1&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Jul 18, 2021 22:33:55.342 [0x7f1edd0ec700] DEBUG - EventSource: Got event [data] '<Message address="x.x.x.x" port="32400" asyncIdentifier="xxxxx-SOME-UUID-xxxxx" connectivity="0" command="notifyConnectivity"/>'
Jul 18, 2021 22:33:55.342 [0x7f1edd0ec700] DEBUG - PubSub: Got notified of reachability for async identifier xxxxx-SOME-UUID-xxxxx: 0 for x.x.x.x:32400 (responded in 199 ms)
Jul 18, 2021 22:33:55.342 [0x7f1edd0ec700] DEBUG - MyPlex: reachability check - current mapping state: 'Mapped - Publishing'.
56

Hi,
same DNS problem here on NAS Terramaster F2-221
Plex version: 1.23.4.4805
Unable to downgrade as Terramaster doesn’t publish apps’ previous versions…

I was able to fix the “unclaimed Plex server” by adding this link to hosts file:
99.81.153.144 plex.tv

But codec downloads doesn’t work, nor does the Matching agent etc.

Any idea how to solve this or at least where to find Plex v1.22 for my NAS?

Thank you,
Roberto

57

zamnuts - so I also run Plex on K8S and have been having this same error. Spent ages faffing with alternative router DNS settings, removing filtering, blah blah - nothing worked. Well, everything worked except for Plex and it’s extremely picky “new” DNS resolver.

So it turns out the issue was the ndots:5 - iow the resolver tries all the local search domains (so the cluster addresses and any other local domains) first for anything containing less than five dots. For whatever reason Plex’s resolver takes offence at this. However by setting ndots to 1 everything sprang to life.

I’m not sure how you’re deploying Plex on your cluster, in my case it’s a Helm chart from k8s@home. The core fix (regardless) is to set the following (again where and in what form will depend on your deployment):

    dnsConfig:
      options:
        - name: ndots
          value: "1"

This should NOT be necessary, there is NOTHING wrong with this resolv.conf, it’s valid and standard (before someone comes along and says “you’re doing something weird/unusual/broken”). Likewise the resolver chain in my lan is valid and works fine with literally everything else.

@Ridley - an “easy” solution could be to just add a terminating dot to all absolute uris, so for e.g. instead of “plex.tv” you would use “plex.tv.”. That should work fine all round, for everyone (unless the resolver being used in plex is really really bad :P)

59

@numeric.73, thanks for the ndots resolv configuration tip! That did the trick. Just upgraded from 1.22.3 to 1.24.0, and applied the dnsConfig to the podspec template. I also noticed that container spinup time is way faster now; it used to take a good 2 minutes or so for the pod to become healthy, but now the health check succeeds immediately after the readiness probe initial delay period.

Looks like this also fixed my artist/album radio feature. The radio icon in plexamp used to be grayed out for artists and albums. After this fix, and reanalyzing (“Analyze”) my music library, the button is no longer disabled and actually shuffles relevant artists!

Logs are looking super clean/healthy! :success_kid:

# ᐅ kgp -n plex -o go-template='{{range .items}}{{range .spec.containers}}{{.image}} {{end}}{{end}}'
plexinc/pms-docker:1.24.0.4930-ab6e1a058

Here’s the effective resolv in the plex pod now:

# ᐅ k exec -it -n plex plex-865b67886f-82mwl -- cat /etc/resolv.conf
search plex.svc.cluster.local svc.cluster.local cluster.local xxxxx.dev
nameserver 10.43.0.10
options ndots:1
60

As far as I can tell from a quick look around, you’re correct about this; however, the most likely root cause of your issue is that the underlying resolver is returning an incorrect status code (SERVFAIL?) when looking up an subdomain of the search domain that does not exist, and musl’s resolver handles this result by failing the lookup. Setting ndots:1 works around this by telling Plex not to try to use the search domain at all (since all the domains we’re looking up contain at least 1 dot).

Please try running dig @[your local resolver] plex.tv.[your search domain] A plex.tv.[your search domain] AAAA and post the output.

61

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.