Bug 1820785 - baremetal: *.apps DNS record broken on ipv6
Summary: baremetal: *.apps DNS record broken on ipv6
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.0
Assignee: Ben Nemec
QA Contact: Victor Voronkov
Depends On:
Blocks: 1851541
TreeView+ depends on / blocked
Reported: 2020-04-03 21:07 UTC by Ben Nemec
Modified: 2020-10-27 15:58 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Some DNS records were hard-coded for ipv4 Consequence: Some records were not served correctly in ipv6 environments, which might necessitate creating those records in an external DNS server. Fix: DNS records are now populated correctly based on the ip version in use. Result: Internal records are now served correctly in both ipv4 and ipv6.
Clone Of:
: 1851541 (view as bug list)
Last Closed: 2020-10-27 15:57:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 1694 0 None closed Bug 1820785: [baremetal] Correctly handle requests for ipv4/ipv6 records 2021-02-10 16:29:58 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:58:12 UTC

Description Ben Nemec 2020-04-03 21:07:12 UTC
Description of problem: The *.apps.cluster-domain DNS record attempts to return an A record for an IPv6 address, when it needs to be AAAA.

Version-Release number of selected component (if applicable): 4.5 nightly

How reproducible: Always

Steps to Reproduce:
1. Deploy baremetal IPI on IPv6
2. Attempt to lookup any *.apps address against internal DNS.

Actual results: NXDOMAIN

Expected results: DNS record containing the ingress VIP.

Additional info: This is because the coredns configuration is hard-coded to provide A records for the ingress entries. It needs to select the appropriate record type depending on the request.

Comment 2 Eldar Weiss 2020-05-10 14:29:04 UTC
So I just need to run an nslookup on an IPV6 BM environment?

Comment 3 Eldar Weiss 2020-05-11 13:14:58 UTC
Tested on IPV6 4.5 env on titan37.

Pulled the DNS_VIP and ingress and tried nslookup and dig....still results in NXDOMAIN.

Comment 4 Ben Nemec 2020-05-11 14:39:37 UTC
The fix for this has not merged yet.

Comment 5 Eldar Weiss 2020-05-24 11:24:38 UTC
Considering adding an nslookup to test this, after the fix is merged.

Comment 12 Ben Nemec 2020-06-22 14:37:50 UTC
The fix didn't merge until after 4.6 opened, so this isn't actually fixed on 4.5 yet. It will need to be backported.

Comment 13 Antonio Murdaca 2020-06-22 17:17:42 UTC
(In reply to Ben Nemec from comment #12)
> The fix didn't merge until after 4.6 opened, so this isn't actually fixed on
> 4.5 yet. It will need to be backported.

4.5 took off, I think you have to target a z stream of 4.5 by cloning and this goes to 4.6

Comment 14 Ben Nemec 2020-06-26 21:29:39 UTC
Okay, 4.6 should be good to go. I've cloned this to 4.5 so we'll proceed with that one.

Comment 16 Victor Voronkov 2020-07-09 14:00:04 UTC
[kni@provisionhost-0-0 ~]$ oc version
Client Version: 4.6.0-0.nightly-2020-07-07-233934
Server Version: 4.6.0-0.nightly-2020-07-07-233934
Kubernetes Version: v1.18.3+a377312
[kni@provisionhost-0-0 ~]$ cat install-config.yaml | grep ingressVIP
    ingressVIP: fd2e:6f44:5dd8::10

IPv6 resolving working:
[core@master-0-0 ~]$ host 123.apps.ocp-edge-cluster-0.qe.lab.redhat.com
123.apps.ocp-edge-cluster-0.qe.lab.redhat.com has IPv6 address fd2e:6f44:5dd8::10

=== no errors on master coreDns log with A instead of AAAA record

[core@master-0-0 ~]$ sudo cat /var/log/containers/coredns-master-0-0.ocp-edge-cluster-0.qe.lab.redhat.com_openshift-kni-infra_coredns-8c7c47952056158eabf43f1a6e9663cc7ce4b749e94d96792cb957b6f088b804.log | grep -v INFO
2020-07-09T09:12:45.947690599+00:00 stdout F .:53
2020-07-09T09:12:45.947980925+00:00 stdout F CoreDNS-1.6.6
2020-07-09T09:12:45.947980925+00:00 stdout F linux/amd64, go1.14.4,

Comment 19 errata-xmlrpc 2020-10-27 15:57:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.