New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Core DNS is not resolving external ip #2324
Comments
Should work. If you use the fully qualified name with CoreDNS (as you did with kube-dns), do you get an answer? |
What does the definition of the external name service look like?
|
|
OK, the issue is, I believe, that the external name field is supposed to hold a DNS name, not an IP. For example, per the Cluster DNS spec, this field is expected to be a DNS name because it must be used to construct a CNAME record (which can only contain a DNS name target). If you want to point a cluster service to an external IP, you can do so with a headless service and static endpoint. |
Another explanation here, with an example of a headless service and static endpoint. |
thanks @chrisohaver let me try that and get back ! |
Perhaps. Although strictly speaking, kube-dns is violating the Cluster DNS Spec in behaving that way. IMO, it's not intended that the ExternalName field should be able to contain an IP address. All documentation I can find assumes it will be a name, not an IP. The API should probably not allow IPs in that field. Diving into the k8s API validation code, it looks like the Service validation is letting IPv4s slip through because it thinks they are domain names (after all, an IPV4 address is a series of valid dns labels delimited by dots). For example, looking at the code, an IPv6 address would fail validation because they contain colons. In other words, the API appears to be accepting an IPv4 address as a domain name, not as an IP. This is the regex the API uses ... |
We should release note this in K8s (@rajansandeep ?) as a change in behavior, but CoreDNS is working according to the spec. It's actually a bug in kube-dns - an accident of the skydns code and the missing validations. |
Got into this "issue" from the ingress-nginx controller perspective - version 0.18.0 or later outputs the following line:
This happens when any Both CoreDNS and ingress-nginx are working according to spec, and this detail should be in the official Kubernetes docs for clarity. |
@nikopen - We are facing the same issue. We created the k8s cluster with Kubeadm and deployed nginx-ingress through helm chart. Can you please let me know how you fixed this issue? |
@nvenky this happens when you have some Turn the IPs into hostnames to fix this. |
I too am using externalname services with internal IP addresses. The fact that coredns is not able as kubernetes to resolve them is causing me problems. |
In Kubernetes, IP addresses are not supposed to be allowed in the in ExternalName services. Kubernetes only permits FQDNs, as such an IP would be interpreted as a FQDN not an IP, resulting in unexpected behavior. IMO Kubernetes field validation could be improved here, by screening out numeric TLDs. |
Fix coredns#2324 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
Fix coredns#2324 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
I understand but this is something |
@sylr This is the Kubernetes spec and CoreDNS follows it as intended. Docs have been equally updated to make this detail visible. If you want to push for this change, a good place for that would be SIG-Network in Kubernetes. If accepted and implemented there, only then I assume CoreDNS would propagate the change. |
Not respecting the spec and going beyond it are not the same thing. You'll only make the transition smoother for kube-dns users like myself who unwillingly got into this situation. |
We have a kubernetes service that points to an external service ip. External service IP is the ec2 instance internal IP address where the
mysql
service is running at 3306Please suggest why this is happening.
The logs of CORE DNS when this request is made -
System info
image: gcr.io/google_containers/coredns:1.1.3
1.9.8
1.10.0
The text was updated successfully, but these errors were encountered: