1791008 – [OCP] Nameserver limits were exceeded, some nameservers have been omitted

Bug 1791008 - [OCP] Nameserver limits were exceeded, some nameservers have been omitted

Summary: [OCP] Nameserver limits were exceeded, some nameservers have been omitted

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	4.5.0
Assignee:	Martin André
QA Contact:	David Sanz
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1825909 1829752
TreeView+	depends on / blocked

Reported:	2020-01-14 16:47 UTC by mchoma
Modified:	2023-09-07 21:27 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: On OpenStack platforms, control plane and compute node run a DNS server and inject their IP address into their /etc/resolv.conf as the preferred nameserver. Consequence: When the hosts already had 3 nameservers in their /etc/resolv.conf file, pods generate alerts about "nameserver limits were exceeded" Fix: Only leave the first 3 nameservers in the generated /etc/resolv.conf Result: Pods no longer complain about "nameserver limits were exceeded"
Clone Of:
Clones:	1825909 (view as bug list)
Environment:
Last Closed:	2020-07-13 17:13:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift machine-config-operator pull 1573	0	None	closed	Bug 1791008: OpenStack: Limit the number of nameservers to 3	2021-02-19 14:10:45 UTC
Red Hat Product Errata	RHBA-2020:2409	0	None	None	None	2020-07-13 17:13:43 UTC

Description mchoma 2020-01-14 16:47:38 UTC

Description of problem:

On fresh OCP 4.3 cluster a lot of similar events are generated:

Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 172.119.0.6 172.119.0.11 172.119.0.10



Version-Release number of selected component (if applicable):

OpenShift Version 4.3.0-0.nightly-2020-01-11-070223 
IPI Openstack installation

Comment 1 Pierre Prinetti 2020-01-16 16:50:52 UTC

Here is a Github issue mentioning the same problem (in that case, 4.2 on OSP13): https://github.com/openshift/installer/issues/2230

Comment 3 Stephen Cuppett 2020-01-17 18:11:32 UTC

Setting target release to the active development branch (4.4). For fixes, if any, which require backport to prior versions, clones of this BZ will be created.

Comment 4 Lukas Lowinger 2020-02-06 07:11:25 UTC

I can see the same events in 4.4 (openshift-install-linux-4.4.0-0.nightly-2020-02-05-054438)

Pnode-exporter-df6cp
NamespaceNSopenshift-monitoring
a minute ago
Generated from kubelet on foo44lpff-oxpd-zncbb-worker-ljmxh
939 times in the last 20 hours
Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 172.21.0.30 172.21.0.11 172.21.0.10

Comment 6 Keith Fryklund 2020-03-19 16:16:32 UTC

Note: I'm seeing this issue as well in all of my PSI OCP4.3 environments (which live on RHOS).

Comment 9 Alejandro Bonilla 2020-04-22 05:28:30 UTC

Is there a workaround for this? I'd like to avoid seeing this warning a 1000/s. TIA.

Comment 10 David Sanz 2020-04-30 10:38:14 UTC

Verified on 4.5.0-0.nightly-2020-04-29-111042

Comment 11 Niket Chavan 2020-05-01 05:13:17 UTC

Hello Team,

I have a customer with OCP 4.2 cluster on vSphere 6.5. They are also observing similar alerts/messages as shown below;

openshift-cluster-machine-approver       3m25s       Warning   DNSConfigForming               pod/machine-approver-c9d9fc974-dgx4r                        Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X

openshift-cluster-node-tuning-operator   4m27s       Warning   DNSConfigForming               pod/tuned-49mm2                                             Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X


The purpose of pointing out this is, the issue referred in the description above is targeting the OpenStack as the environment but in my customer's case its seen on vSphere as well. I can see that the bz is on ON_QA state, thus I need to confirm if the patch/fix is specifically targeting the clusters with OpenStack as environment or it would be applicable to my customer's case as well? like a platform neutral fix?

Let me know if I can track this current bugzilla itself(if the fix would be applicable to this case as well) OR should I raise a new bugzilla specifically for vSphere as the environment?

-Niket.

Comment 12 Niket Chavan 2020-05-04 06:44:51 UTC

(In reply to Niket Chavan from comment #11)
> Hello Team,
> 
> I have a customer with OCP 4.2 cluster on vSphere 6.5. They are also
> observing similar alerts/messages as shown below;
> 
> openshift-cluster-machine-approver       3m25s       Warning  
> DNSConfigForming               pod/machine-approver-c9d9fc974-dgx4r         
> Nameserver limits were exceeded, some nameservers have been omitted, the
> applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X
> 
> openshift-cluster-node-tuning-operator   4m27s       Warning  
> DNSConfigForming               pod/tuned-49mm2                              
> Nameserver limits were exceeded, some nameservers have been omitted, the
> applied nameserver line is: 192.168.X.X 192.168.X.X 192.168.X.X
> 
> 
> The purpose of pointing out this is, the issue referred in the description
> above is targeting the OpenStack as the environment but in my customer's
> case its seen on vSphere as well. I can see that the bz is on ON_QA state,
> thus I need to confirm if the patch/fix is specifically targeting the
> clusters with OpenStack as environment or it would be applicable to my
> customer's case as well? like a platform neutral fix?
> 
> Let me know if I can track this current bugzilla itself(if the fix would be
> applicable to this case as well) OR should I raise a new bugzilla
> specifically for vSphere as the environment?
> 
> -Niket.

Hello Team,

Can somebody please response to this. I will help to take next action on the case.

-Niket

Comment 13 Martin André 2020-05-04 13:35:35 UTC

Hi Niket, this patch is specifically addressing the issue on OpenStack platform. It shouldn't be difficult to port it to vSphere since it's using the same architecture, however it might be more difficult to backport this to 4.2.

/cc jcallen

Comment 15 Waheed Barghouthi 2020-06-11 16:41:00 UTC

I think its not actually a bug, as far as I understand if you have more than three DNS servers in your /etc/resolv.conf or /run/systemd/resolve/resolv.conf then that warning should appear, in fact the warning is self-descriptive and yes you do have more than three dns server entries which are mostly your IPV6 dns server addresses.



I had the same warning and here is what i did to resolve the warning message from the logs:

edit your net plan config located here /etc/netplan/SOME_FILE.yaml and make sure to keep up to three `nameservers`

then systemctl daemon-reload && systemctl systemd-networkd && systemctl restart systemd-resolved && systemctl restart kubelet



Please excuse any typos

Comment 16 Waheed Barghouthi 2020-06-11 16:50:32 UTC

Also from resolve.conf man page https://man7.org/linux/man-pages/man5/resolv.conf.5.html

Up to MAXNS (currently 3, see <resolv.h>) name servers may be listed, one per keyword.

Comment 18 errata-xmlrpc 2020-07-13 17:13:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409

Note You need to log in before you can comment on or make changes to this bug.