No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

It's trying to resolve your host on Google's public DNS. You said it is on your private VPN, you need to use a DNS that resolves internal hostnames for your network

Thanks. Yeah, just noticed this. I'm a bit baffled that the connection works with cURL or my browser, but not with Pulumi.

curl uses a different DNS resolver library to Go programs, so the path to its preferred DNS is different. I can't remember the exact difference now

<https://golang.org/pkg/net/#hdr-Name_Resolution>
&gt; It can use a pure Go resolver that sends DNS requests directly to the servers listed in /etc/resolv.conf, or it can use a cgo-based resolver that calls C library routines such as getaddrinfo and getnameinfo.
&gt; By default the pure Go resolver is used, because a blocked DNS request consumes only a goroutine, while a blocked C call consumes an operating system thread.

You might have Google's DNS on your /etc/resolv.conf and your internal DNS might be configured by your VPN client using the libc apis, which is what curl and browsers uses

Yup, confirmed that. I'm on macOS and it looks there are issues open regarding this for both Terraform and the golang HTTP client:

<https://github.com/hashicorp/terraform/issues/3536>
<https://github.com/golang/go/issues/12524>

I've managed to temporarily solve this by adding the internal DNS IPs to /etc/resolv.conf. Not sure what would be a better solution, but should be enough for me in this exploratory phase.

I think that would depend more on your system.
I'm using an Ubuntu variant, it comes with the resolvconf service as a local dns server, the /etc/resolv.conf points to localhost and the service proxies and caches requests to the real dns server.

Yup, definitely. However, after some more digging, it seems that Go 1.14.3 fixes this issues and Pulumi was upgraded from Go 1.13.x to 1.14.x two days ago. So, I'm looking forward to the Pulumi upgrade :slightly_smiling_face:

<https://github.com/golang/go/commit/f6b42a53e5ac1f1c3f3b1c9ed2407e68e0b637a0>
<https://github.com/pulumi/pulumi/commit/45e1917a30f99ca29c4439e777a614322460aa6d>