Why ping registry-1.docker.io returns Request timeout for icmp_seq even when I can nslookup or dig

catalinadnsNetwork

I used google and cloudflare and can dig with both set as DNS server on my mac.

$ dig registry-1.docker.io

; <<>> DiG 9.10.6 <<>> registry-1.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16322
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;registry-1.docker.io.      IN  A

;; ANSWER SECTION:
registry-1.docker.io.   5   IN  A   107.23.149.57
registry-1.docker.io.   5   IN  A   34.195.246.183
registry-1.docker.io.   5   IN  A   23.22.155.84
registry-1.docker.io.   5   IN  A   34.238.187.50
registry-1.docker.io.   5   IN  A   52.1.121.53
registry-1.docker.io.   5   IN  A   52.5.11.128
registry-1.docker.io.   5   IN  A   18.213.137.78
registry-1.docker.io.   5   IN  A   54.236.165.68

;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 20 23:32:34 GMT 2021
;; MSG SIZE  rcvd: 177

worked with cloudlfare too

$ dig registry-1.docker.io

; <<>> DiG 9.10.6 <<>> registry-1.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64168
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;registry-1.docker.io.      IN  A

;; ANSWER SECTION:
registry-1.docker.io.   29  IN  A   54.236.165.68
registry-1.docker.io.   29  IN  A   52.1.121.53
registry-1.docker.io.   29  IN  A   54.85.56.253
registry-1.docker.io.   29  IN  A   34.238.187.50
registry-1.docker.io.   29  IN  A   34.195.246.183
registry-1.docker.io.   29  IN  A   54.236.131.166
registry-1.docker.io.   29  IN  A   18.232.227.119
registry-1.docker.io.   29  IN  A   52.54.232.21

;; Query time: 60 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Feb 20 23:30:34 GMT 2021
;; MSG SIZE  rcvd: 177

using nslookup too gives result:
$ nslookup registry-1.docker.io
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: registry-1.docker.io
Address: 54.236.165.68
Name: registry-1.docker.io
Address: 54.85.56.253
Name: registry-1.docker.io
Address: 3.211.199.249
Name: registry-1.docker.io
Address: 34.195.246.183
Name: registry-1.docker.io
Address: 52.55.168.20
Name: registry-1.docker.io
Address: 34.238.187.50
Name: registry-1.docker.io
Address: 18.232.227.119
Name: registry-1.docker.io
Address: 54.236.131.166

but when I try to ping this is what I am getting:

$ ping registry-1.docker.io     
PING registry-1.docker.io (54.236.165.68): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4

I was trying to build a pod when I discovered this issue ! and I am getting ImagePullBackOff while trying

kubectl run redis --image=redis:alpine

Best Answer

The inability to ping the name does not in any way indicate a problem with your setup or anything else.

Using dig and nslookup allows you to look up the IP-addresses linked with the name registry-1.docker.io. This works fine for you and you get a list of IP-addresses.

Now when you ping the name - only one of the IP-addresses will be chosen to be pinged. If the system behind that IP-address has chosen not to respond to pings, you'll get the "Request timeout" message you're seeing.

It is perfectly valid for server operators to choose that they do not want to reply to pings. It does not indicate that the server is down, that the network is flawed, or anything of the kind.

The ImagePullBackOff message you're seeing can be caused by multiple things. I would advise using the kubectl describe command to get an idea of what happened.

It could be for example that you have specified an image that actually do not exist, or that you have specified a private image without giving the proper credentials.

Related Question