1820785 – baremetal: *.apps DNS record broken on ipv6

Bug 1820785 - baremetal: *.apps DNS record broken on ipv6

Summary: baremetal: *.apps DNS record broken on ipv6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Machine Config Operator
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Ben Nemec
QA Contact:	Victor Voronkov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1851541
TreeView+	depends on / blocked

Reported:	2020-04-03 21:07 UTC by Ben Nemec
Modified:	2020-10-27 15:58 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Some DNS records were hard-coded for ipv4 Consequence: Some records were not served correctly in ipv6 environments, which might necessitate creating those records in an external DNS server. Fix: DNS records are now populated correctly based on the ip version in use. Result: Internal records are now served correctly in both ipv4 and ipv6.
Clone Of:
Clones:	1851541 (view as bug list)
Environment:
Last Closed:	2020-10-27 15:57:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift machine-config-operator pull 1694	0	None	closed	Bug 1820785: [baremetal] Correctly handle requests for ipv4/ipv6 records	2021-02-10 16:29:58 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 15:58:12 UTC

Description Ben Nemec 2020-04-03 21:07:12 UTC

Description of problem: The *.apps.cluster-domain DNS record attempts to return an A record for an IPv6 address, when it needs to be AAAA.


Version-Release number of selected component (if applicable): 4.5 nightly


How reproducible: Always


Steps to Reproduce:
1. Deploy baremetal IPI on IPv6
2. Attempt to lookup any *.apps address against internal DNS.
3.

Actual results: NXDOMAIN


Expected results: DNS record containing the ingress VIP.


Additional info: This is because the coredns configuration is hard-coded to provide A records for the ingress entries. It needs to select the appropriate record type depending on the request.

Comment 2 Eldar Weiss 2020-05-10 14:29:04 UTC

So I just need to run an nslookup on an IPV6 BM environment?

Comment 3 Eldar Weiss 2020-05-11 13:14:58 UTC

Tested on IPV6 4.5 env on titan37.

Pulled the DNS_VIP and ingress and tried nslookup and dig....still results in NXDOMAIN.

Comment 4 Ben Nemec 2020-05-11 14:39:37 UTC

The fix for this has not merged yet.

Comment 5 Eldar Weiss 2020-05-24 11:24:38 UTC

Considering adding an nslookup to test this, after the fix is merged.

Comment 12 Ben Nemec 2020-06-22 14:37:50 UTC

The fix didn't merge until after 4.6 opened, so this isn't actually fixed on 4.5 yet. It will need to be backported.

Comment 13 Antonio Murdaca 2020-06-22 17:17:42 UTC

(In reply to Ben Nemec from comment #12)
> The fix didn't merge until after 4.6 opened, so this isn't actually fixed on
> 4.5 yet. It will need to be backported.

4.5 took off, I think you have to target a z stream of 4.5 by cloning and this goes to 4.6

Comment 14 Ben Nemec 2020-06-26 21:29:39 UTC

Okay, 4.6 should be good to go. I've cloned this to 4.5 so we'll proceed with that one.

Comment 16 Victor Voronkov 2020-07-09 14:00:04 UTC

[kni@provisionhost-0-0 ~]$ oc version
Client Version: 4.6.0-0.nightly-2020-07-07-233934
Server Version: 4.6.0-0.nightly-2020-07-07-233934
Kubernetes Version: v1.18.3+a377312
[kni@provisionhost-0-0 ~]$ cat install-config.yaml | grep ingressVIP
    ingressVIP: fd2e:6f44:5dd8::10

IPv6 resolving working:
[core@master-0-0 ~]$ host 123.apps.ocp-edge-cluster-0.qe.lab.redhat.com
123.apps.ocp-edge-cluster-0.qe.lab.redhat.com has IPv6 address fd2e:6f44:5dd8::10

=== no errors on master coreDns log with A instead of AAAA record

[core@master-0-0 ~]$ sudo cat /var/log/containers/coredns-master-0-0.ocp-edge-cluster-0.qe.lab.redhat.com_openshift-kni-infra_coredns-8c7c47952056158eabf43f1a6e9663cc7ce4b749e94d96792cb957b6f088b804.log | grep -v INFO
2020-07-09T09:12:45.947690599+00:00 stdout F .:53
2020-07-09T09:12:45.947980925+00:00 stdout F CoreDNS-1.6.6
2020-07-09T09:12:45.947980925+00:00 stdout F linux/amd64, go1.14.4,

Comment 19 errata-xmlrpc 2020-10-27 15:57:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.