Localstack.cloud never resolves in browser/ping

Platform
1

I am basing my docker-compose on the suggested file and it looks like this:

services:
  localstack:
    container_name: "${LOCALSTACK_DOCKER_NAME-novelcrafter_localstack_main}"
    image: localstack/localstack-pro:3.2
    ports:
      - "127.0.0.1:4566:4566"            # LocalStack Gateway
      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
      - "127.0.0.1:443:443"              # LocalStack HTTPS Gateway (Pro)
    environment:
      - DEBUG=${DEBUG-}
      - LOCALSTACK_AUTH_TOKEN="ls-xxxxxxxxxx"
      - SNAPSHOT_SAVE_STRATEGY=SCHEDULED
      - SNAPSHOT_LOAD_STRATEGY=ON_STARTUP
      - PERSISTENCE=1
    volumes:
      - "localstack_pods:/var/lib/localstack"
      - "./docker/files:/home/external"
      - "/var/run/docker.sock:/var/run/docker.sock"

volumes:
  localstack_pods: {}

I never got the local resolving to function at all. Based on the guide over at Frequently Asked Questions | Docs I am getting the following dig results:

spaceemotion@NOSTROMO ~> dig 8khjekjeycs899y8sftu4w535b4qj6a5.lambda-url.us-east-1.localhost.localstack.cloud

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> 8khjekjeycs899y8sftu4w535b4qj6a5.lambda-url.us-east-1.localhost.localstack.cloud
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63923
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;8khjekjeycs899y8sftu4w535b4qj6a5.lambda-url.us-east-1.localhost.localstack.cloud. IN A

;; Query time: 310 msec
;; SERVER: 172.23.128.1#53(172.23.128.1) (UDP)
;; WHEN: Fri May 24 21:33:39 CEST 2024
;; MSG SIZE  rcvd: 98

spaceemotion@NOSTROMO ~> dig api.localstack.cloud

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> api.localstack.cloud
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20199
;; flags: qr rd ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;api.localstack.cloud.          IN      A

;; ANSWER SECTION:
api.localstack.cloud.   0       IN      A       3.68.177.64
api.localstack.cloud.   0       IN      A       18.195.56.220

;; Query time: 30 msec
;; SERVER: 172.23.128.1#53(172.23.128.1) (UDP)
;; WHEN: Fri May 24 21:34:31 CEST 2024
;; MSG SIZE  rcvd: 90

I am using NextDNS for my network DNS and even put localstack.cloud onto the allowlist, but I am not sure what’s supposed to happen.

A ping results in ping: 8khjekjeycs899y8sftu4w535b4qj6a5.lambda-url.us-east-1.localhost.localstack.cloud: No address associated with hostname and the browser also can’t call any HTTP things unless I specifically use localhost as hostname.

I am running this in Docker via WSL2 on Windows 10.

2

Hey @spaceemotion, i think there’s a confusion around what’s local and what isn’t. api.localstack.cloud is actually our SaaS API and shouldn’t resolve to a local IP, so that’s expected.

localhost.localstack.cloud however should, but ping isn’t super reliable for that. so what does dig localhost.localstack.cloud return?

3

Sure thing:

spaceemotion@NOSTROMO ~> dig localhost.localstack.cloud

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> localhost.localstack.cloud
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46081
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;localhost.localstack.cloud.    IN      A

;; Query time: 30 msec
;; SERVER: 172.23.128.1#53(172.23.128.1) (UDP)
;; WHEN: Fri May 24 22:14:25 CEST 2024
;; MSG SIZE  rcvd: 44
4

Well, it looks like the DNS server isn’t resolving the localstack container correctly. Anything in the logs to indicate what may be going on?

5

I checked the logs and NextDNS sadly does not contain the resulting IP, but…

clientIp: "95.xx.xxx.203"
device: {id: "xxx", name: "Home xxxx"}
dnssec: false
domain: "8khjekjeycs899y8sftu4w535b4qj6a5.lambda-url.us-east-1.localhost.localstack.cloud"
encrypted: true
protocol: "DNS-over-TLS"
reasons: [{id: "allowlist", name: "Allowlist"}]
root: "localstack.cloud"
status: "allowed"
timestamp: "2024-05-24T20:04:12.795Z"
type: "A"

I checked and I had “CNAME” flattening enabled. maybe that’ll help having it turned off…

However, I can also add DNS rewrites, so what place does localhost.localstack.cloud point towards? just 127.0.0.1 or somewhere else?

6

Okay I think I found the culprit!

To everyone using a FRITZ!Box, make sure to check your DNS Rebinding settings in the router settings. They automatically block any hostnames that would resolve in local network addresses.

Link to their documentation: DNS-Auflösung privater IP-Adressen nicht möglich | FRITZ!Box 7390 | AVM Deutschland

Here is what I added:

image
image1077×385 7.55 KB

Afterwards, the localhost hostnames can now be resolved.

I assume that other routers might have a similar firewall/protection feature, so you’ll have to browse their manual on that one.