1916907 – dns-node-resolver corrupts /etc/hosts if internal registry is not in use

Bug 1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use [NEEDINFO]

Summary: dns-node-resolver corrupts /etc/hosts if internal registry is not in use

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.6.z
Assignee:	Ryan Fredette
QA Contact:	Hongan Li
Docs Contact:
URL:
Whiteboard:
Depends On:	1882485
Blocks:
TreeView+	depends on / blocked

Reported:	2021-01-15 19:36 UTC by Ryan Fredette
Modified:	2022-12-15 02:46 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Intermittent DNS errors Consequence: dns-node-resolver created invalid entries in the node's /etc/hosts file Fix: Filtering error messages out of DNS requests that eventually return a valid record Result: dns-node-resolver no longer creates invalid /etc/hosts entries
Clone Of:	1882485
Environment:
Last Closed:	2021-02-08 13:51:25 UTC
Target Upstream Version:
Flags:	dpateriy: needinfo? (rfredette)

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-dns-operator pull 231	0	None	closed	[release-4.6] Bug 1916907: Prevent dig errors from corrupting host's /etc/hosts	2021-02-13 21:00:05 UTC
Red Hat Product Errata	RHSA-2021:0308	0	None	None	None	2021-02-08 13:51:43 UTC

Comment 1 Hongan Li 2021-01-22 09:09:58 UTC

verified with a cluster launch by cluster-bot and passed

$ oc get clusterversion
NAME      VERSION                                           AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t   True        False         9m51s   Cluster version is 4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t

$ oc edit configs.imageregistry.operator
(set spec.ManagementState.Removed)

$ oc -n openshift-image-registry get svc
NAME                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)     AGE
image-registry-operator   ClusterIP   None         <none>        60000/TCP   56m

$ oc debug node/ci-ln-vimgw1t-f76d1-lhh7x-master-0
Creating debug namespace/openshift-debug-node-n4drq ...
Starting pod/ci-ln-vimgw1t-f76d1-lhh7x-master-0-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.0.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# 
sh-4.4# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.254.36 image-registry.openshift-image-registry.svc image-registry.openshift-image-registry.svc.cluster.local # openshift-generated-node-resolver
sh-4.4#

Comment 5 errata-xmlrpc 2021-02-08 13:51:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.6.16 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0308

Note You need to log in before you can comment on or make changes to this bug.