Bug 1772804 - [Azure] Use of DNS private zones from the preview resource model
Summary: [Azure] Use of DNS private zones from the preview resource model
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.0
Assignee: Dan Mace
QA Contact: Hongan Li
Depends On:
Blocks: 1788707
TreeView+ depends on / blocked
Reported: 2019-11-15 08:39 UTC by Nils
Modified: 2022-08-04 22:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-01-23 11:12:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 300 0 'None' 'closed' 'NE-226: Support both DNSZone and PrivateDNSZone resources' 2019-12-02 15:47:45 UTC
Red Hat Product Errata RHBA-2020:0062 0 None None None 2020-01-23 11:13:06 UTC

Description Nils 2019-11-15 08:39:01 UTC
Description of problem:

The installer creates an internal DNS zone, using a preview resource model. This should be updated to use the GA resource model. Microsoft is sending out "Action required" emails, asking users to switch to the new model.

Steps to Reproduce:

Using the az command-line utility:

az network dns zone list --query "[?zoneType=='Private']"
Name                             Location    MaxNumberOfRecordSets    NumberOfRecordSets    ZoneType    ResourceGroup
-------------------------------  ----------  -----------------------  --------------------  ----------  -------------------
dev03.clusters.redacted       global      10000                    8                     Private     dev03-p999d-rg
mothership.clusters.redacted  global      10000                    8                     Private     mothership-tXXX4-rg

Expected results:

The "private-dns" resource should be used

az network private-dns zone list
--> Expect to see zones here

Additional info:

I have received the following email from Microsoft:

 Migrate Azure DNS private zones from the preview resource model to the GA resource model

You're receiving this email because you are using one or more Azure DNS private zones that were created using the preview resource model (API version 2018-03-01-preview).

During public preview, private DNS zones were created using dnszones resource with zoneType property set to Private. Support for these zones will be retired on December 31, 2019 and must be migrated to GA resource model. The GA resource model makes use of privateDnsZones resource type instead of dnszones.

After December 31, 2019, these zones will be automatically migrated to the GA resource model and you will not be able to use the preview resource model/API/SDK to interact with these zones.

To find out the dnszones resources that require migration; execute the below command in Azure CLI. Substitute the subscription ID(s) listed in the Account Information section of this email in these commands.

az account set --subscription <SubscriptionId>

az network dns zone list --query "[?zoneType=='Private']"

Required Action

1. Please delete the private DNS zone if it is no longer required and was created only for evaluation or testing purposes.

2. If the private DNS zones are in use please follow the step by step instructions provided in our migration guide to migrate the preview DNS zones to latest resource model.

3. Start using privateDnsZones resource instead of dnszones resource.

4. Update your automations (scripts/templates) to use API version 2018-09-01 and switch to the latest CLI/PowerShell/SDKs.

More Information

If you have questions, please contact us.


The migration guide can be found here: https://docs.microsoft.com/azure/dns/private-dns-migration-guide

Comment 1 Dan Mace 2019-11-18 14:28:47 UTC
Already fixed in 4.3 by https://github.com/openshift/cluster-ingress-operator/pull/300

Comment 3 Hongan Li 2019-11-19 07:15:40 UTC
verified with 4.3.0-0.nightly-2019-11-18-175710 and issue has been fixed.

$ oc get dnsrecords/default-wildcard -o yaml -n openshift-ingress-operator
  - dnsZone:
      id: /subscriptions/xxxxxxxx/resourceGroups/hongli-az710-n9lzj-rg/providers/Microsoft.Network/privateDnsZones/hongli-az710.qe.azure.devcluster.openshift.com
  - dnsZone:
      id: /subscriptions/xxxxxxxx/resourceGroups/os4-common/providers/Microsoft.Network/dnszones/qe.azure.devcluster.openshift.com

Comment 5 errata-xmlrpc 2020-01-23 11:12:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.