Bug 1791008

Summary: [OCP] Nameserver limits were exceeded, some nameservers have been omitted
Product: OpenShift Container Platform Reporter: mchoma
Component: InstallerAssignee: Martin André <m.andre>
Installer sub component: OpenShift on OpenStack QA Contact: David Sanz <dsanzmor>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: medium CC: abonilla, alchan, aos-bugs, jcallen, jmalde, kfryklun, llowinge, m.andre, nchavan, ppitonak, pprinett, scuppett, Waheed.barghouthi
Version: 4.3.0   
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: On OpenStack platforms, control plane and compute node run a DNS server and inject their IP address into their /etc/resolv.conf as the preferred nameserver. Consequence: When the hosts already had 3 nameservers in their /etc/resolv.conf file, pods generate alerts about "nameserver limits were exceeded" Fix: Only leave the first 3 nameservers in the generated /etc/resolv.conf Result: Pods no longer complain about "nameserver limits were exceeded"
 Story Points: ---
Clone Of:
: 1825909 (view as bug list) Environment:
Last Closed: 2020-07-13 17:13:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1825909, 1829752    

Description mchoma 2020-01-14 16:47:38 UTC 
Description of problem:

On fresh OCP 4.3 cluster a lot of similar events are generated:

Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 172.119.0.6 172.119.0.11 172.119.0.10



Version-Release number of selected component (if applicable):

OpenShift Version 4.3.0-0.nightly-2020-01-11-070223 
IPI Openstack installation
Comment 1 Pierre Prinetti 2020-01-16 16:50:52 UTC 
Here is a Github issue mentioning the same problem (in that case, 4.2 on OSP13): https://github.com/openshift/installer/issues/2230
Comment 3 Stephen Cuppett 2020-01-17 18:11:32 UTC 
Setting target release to the active development branch (4.4). For fixes, if any, which require backport to prior versions, clones of this BZ will be created.
Comment 4 Lukas Lowinger 2020-02-06 07:11:25 UTC 
I can see the same events in 4.4 (openshift-install-linux-4.4.0-0.nightly-2020-02-05-054438)

Pnode-exporter-df6cp
NamespaceNSopenshift-monitoring
a minute ago
Generated from kubelet on foo44lpff-oxpd-zncbb-worker-ljmxh
939 times in the last 20 hours
Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 172.21.0.30 172.21.0.11 172.21.0.10
Comment 6 Keith Fryklund 2020-03-19 16:16:32 UTC 
Note: I'm seeing this issue as well in all of my PSI OCP4.3 environments (which live on RHOS).
Comment 9 Alejandro Bonilla 2020-04-22 05:28:30 UTC 
Is there a workaround for this? I'd like to avoid seeing this warning a 1000/s. TIA.
Comment 10 David Sanz 2020-04-30 10:38:14 UTC 
Verified on 4.5.0-0.nightly-2020-04-29-111042
Comment 11 Niket Chavan 2020-05-01 05:13:17 UTC 
Hello Team,

I have a customer with OCP 4.2 cluster on vSphere 6.5. They are also observing similar alerts/messages as shown below;

openshift-cluster-machine-approver       3m25s       Warning   DNSConfigForming               pod/machine-approver-c9d9fc974-dgx4r                        Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X

openshift-cluster-node-tuning-operator   4m27s       Warning   DNSConfigForming               pod/tuned-49mm2                                             Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X


The purpose of pointing out this is, the issue referred in the description above is targeting the OpenStack as the environment but in my customer's case its seen on vSphere as well. I can see that the bz is on ON_QA state, thus I need to confirm if the patch/fix is specifically targeting the clusters with OpenStack as environment or it would be applicable to my customer's case as well? like a platform neutral fix?

Let me know if I can track this current bugzilla itself(if the fix would be applicable to this case as well) OR should I raise a new bugzilla specifically for vSphere as the environment?

-Niket.
Comment 12 Niket Chavan 2020-05-04 06:44:51 UTC 
(In reply to Niket Chavan from comment #11)
> Hello Team,
> 
> I have a customer with OCP 4.2 cluster on vSphere 6.5. They are also
> observing similar alerts/messages as shown below;
> 
> openshift-cluster-machine-approver       3m25s       Warning  
> DNSConfigForming               pod/machine-approver-c9d9fc974-dgx4r         
> Nameserver limits were exceeded, some nameservers have been omitted, the
> applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X
> 
> openshift-cluster-node-tuning-operator   4m27s       Warning  
> DNSConfigForming               pod/tuned-49mm2                              
> Nameserver limits were exceeded, some nameservers have been omitted, the
> applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X
> 
> 
> The purpose of pointing out this is, the issue referred in the description
> above is targeting the OpenStack as the environment but in my customer's
> case its seen on vSphere as well. I can see that the bz is on ON_QA state,
> thus I need to confirm if the patch/fix is specifically targeting the
> clusters with OpenStack as environment or it would be applicable to my
> customer's case as well? like a platform neutral fix?
> 
> Let me know if I can track this current bugzilla itself(if the fix would be
> applicable to this case as well) OR should I raise a new bugzilla
> specifically for vSphere as the environment?
> 
> -Niket.

Hello Team,

Can somebody please response to this. I will help to take next action on the case.

-Niket
Comment 13 Martin André 2020-05-04 13:35:35 UTC 
Hi Niket, this patch is specifically addressing the issue on OpenStack platform. It shouldn't be difficult to port it to vSphere since it's using the same architecture, however it might be more difficult to backport this to 4.2.

/cc jcallen
Comment 15 Waheed Barghouthi 2020-06-11 16:41:00 UTC 
I think its not actually a bug, as far as I understand if you have more than three DNS servers in your /etc/resolv.conf or /run/systemd/resolve/resolv.conf then that warning should appear, in fact the warning is self-descriptive and yes you do have more than three dns server entries which are mostly your IPV6 dns server addresses.



I had the same warning and here is what i did to resolve the warning message from the logs:

edit your net plan config located here /etc/netplan/SOME_FILE.yaml and make sure to keep up to three `nameservers`

then systemctl daemon-reload && systemctl systemd-networkd && systemctl restart systemd-resolved && systemctl restart kubelet



Please excuse any typos
Comment 16 Waheed Barghouthi 2020-06-11 16:50:32 UTC 
Also from resolve.conf man page https://man7.org/linux/man-pages/man5/resolv.conf.5.html

Up to MAXNS (currently 3, see <resolv.h>) name servers may be listed, one per keyword.
Comment 18 errata-xmlrpc 2020-07-13 17:13:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409