Infra DNS resolvers should be specified first in the upstream_dns_servers var

Bug #1627680 reported by Bogdan Dobrelya
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fuel-ccp
New
Undecided
Unassigned

Bug Description

Use case: Deploying CCP Openstack from infra docker registries to be resolved via a custom intranet DNS server (hereafter the_given_infra_resolver_ip).

Steps to repro:
 * Deploy Kubernetes by Fuel CCP installer with a custom infra DNS resolver, which is configured in an either way of:
 - nameservers: the_given_infra_resolver_ip
 - upstream_dns_servers: [ external_resolver_ip, the_given_infra_resolver_ip ]

Expected: docker registry name is always resolved via one of available DNS nameservers configured.

Actual (Linux distro specific): It may end up failing to resolve docker registry name, given that the_given_infra_resolver_ip=172.18.32.6:

$ cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local ccp.svc.cluster.local mcp.mirantis.net mirantis.net
# Ansible nameservers BEGIN
nameserver 10.233.0.3
nameserver 8.8.8.8
nameserver 172.18.32.6
# Ansible nameservers END
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
options timeout:2
options attempts:2

Solution: Infra DNS resolvers' the_given_infra_resolver_ip addresses should be specified in a first place followed by external resolvers, if any, and defined in the upstream_dns_servers var.

For example:
nameservers: [8.8.8.8]
upstream_dns_servers: [172.18.32.6]
OR
upstream_dns_servers: [172.18.32.6, 8.8.8.8, 8.8.8.4]

Tags: docs
Revision history for this message
Sergii Golovatiuk (sgolovatiuk) wrote :

The problem is in DNS split view. 8.8.8.8 resolves artifactory.mcp.mirantis.net but gives no A record. From DNS stand point there were no issues.

dig @8.8.8.8 artifactory.mcp.mirantis.net
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 artifactory.mcp.mirantis.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51748
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;artifactory.mcp.mirantis.net. IN A

;; AUTHORITY SECTION:
mirantis.net. 1799 IN SOA pdns01.domaincontrol.com. dns.jomax.net. 2016060100 28800 7200 604800 3600

;; Query time: 54 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 26 12:16:01 CEST 2016
;; MSG SIZE rcvd: 127

if we do dig via internal nameserver it will give A record

dig @172.18.32.6 artifactory.mcp.mirantis.net

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @172.18.32.6 artifactory.mcp.mirantis.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32400
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;artifactory.mcp.mirantis.net. IN A

;; ANSWER SECTION:
artifactory.mcp.mirantis.net. 300 IN CNAME mcpsrv001-scc.mcp.mirantis.net.
mcpsrv001-scc.mcp.mirantis.net. 2678 IN A 172.18.247.7

;; Query time: 57 msec
;; SERVER: 172.18.32.6#53(172.18.32.6)
;; WHEN: Mon Sep 26 12:18:32 CEST 2016
;; MSG SIZE rcvd: 101

tags: added: docs
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.