1916907 – dns-node-resolver corrupts /etc/hosts if internal registry is not in use

Bug 1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use

Summary: dns-node-resolver corrupts /etc/hosts if internal registry is not in use

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.6.z
Assignee:	Ryan Fredette
QA Contact:	Hongan Li
Docs Contact:
URL:
Whiteboard:
Depends On:	1882485
Blocks:
TreeView+	depends on / blocked

Reported:	2021-01-15 19:36 UTC by Ryan Fredette
Modified:	2024-03-25 17:52 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Intermittent DNS errors Consequence: dns-node-resolver created invalid entries in the node's /etc/hosts file Fix: Filtering error messages out of DNS requests that eventually return a valid record Result: dns-node-resolver no longer creates invalid /etc/hosts entries
Clone Of:	1882485
Environment:
Last Closed:	2021-02-08 13:51:25 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-dns-operator pull 231	0	None	closed	[release-4.6] Bug 1916907: Prevent dig errors from corrupting host's /etc/hosts	2021-02-13 21:00:05 UTC
Red Hat Product Errata	RHSA-2021:0308	0	None	None	None	2021-02-08 13:51:43 UTC

Comment 1 Hongan Li 2021-01-22 09:09:58 UTC

verified with a cluster launch by cluster-bot and passed

$ oc get clusterversion
NAME      VERSION                                           AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t   True        False         9m51s   Cluster version is 4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t

$ oc edit configs.imageregistry.operator
(set spec.ManagementState.Removed)

$ oc -n openshift-image-registry get svc
NAME                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)     AGE
image-registry-operator   ClusterIP   None         <none>        60000/TCP   56m

$ oc debug node/ci-ln-vimgw1t-f76d1-lhh7x-master-0
Creating debug namespace/openshift-debug-node-n4drq ...
Starting pod/ci-ln-vimgw1t-f76d1-lhh7x-master-0-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.0.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# 
sh-4.4# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.254.36 image-registry.openshift-image-registry.svc image-registry.openshift-image-registry.svc.cluster.local # openshift-generated-node-resolver
sh-4.4#

Comment 5 errata-xmlrpc 2021-02-08 13:51:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.6.16 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0308

Comment 8 Red Hat Bugzilla 2023-09-18 00:24:15 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.