ghost
commented
4 years ago Hi digeler, AKS bot here :wave: Thank you for posting on the AKS Repo, I'll do my best to get a kind human from the AKS team to assist you.
I might be just a bot, but I'm told my suggestions are normally quite good, as such: 1) If this case is urgent, please open a Support Request so that our 24/7 support team may help you faster. 2) Please abide by the AKS repo Guidelines and Code of Conduct. 3) If you're having an issue, could it be described on the AKS Troubleshooting guides or AKS Diagnostics? 4) Make sure your subscribed to the AKS Release Notes to keep up to date with all that's new on AKS. 5) Make sure there isn't a duplicate of this issue already reported. If there is, feel free to close this one and '+1' the existing issue. 6) If you have a question, do take a look at our AKS FAQ. We place the most common ones there!
PixelRobots
What happened: i have enabled private link for two resources: service.bus and documents. i have pods that are having name resolution issues , happens only when i connect the link to the vnet.
What you expected to happen: forward the dns request to external if the record is not in the list of the private dns linked to this vnet.
How to reproduce it (as minimally and precisely as possible): create and aks . set private endpoint to servicebus and cosmos db ,set private dns and link it to the aks vnet. try to use nslookup for a name that does not exist in the a record list : for example : the below name does not in the list of the a record to which this private dns that this vnet is link too.
polydgeusegc-workercluster-database.documents.azure.com canonical name = polydgeusegc-workercluster-database.privatelink.documents.azure.com. ** server can't find polydgeusegc-workercluster-database.privatelink.documents.azure.com: NXDOMAIN
if you remove the link from the vnet its resolves to the external dns which is ok.
after removing the private dns link :
Non-authoritative answer: polydgeusegc-workercluster-database.documents.azure.com canonical name = polydgeusegc-workercluster-database.privatelink.documents.azure.com. polydgeusegc-workercluster-database.privatelink.documents.azure.com canonical name = cdb-ms-prod-eastus1-fd28.cloudapp.net. Name: cdb-ms-prod-eastus1-fd28.cloudapp.net Address: 40.79.154.131
Anything else we need to know?:
seems like the azure dns forwarder is not working as expected , if the name is not in the list of the private dns associated to this vnet , it should resolve externally.
coredns logs show : [INFO] 10.244.1.24:55593 - 46667 "AAAA IN polydgeusegc-workercluster-database.privatelink.documents.azure.com. udp 85 false 512" NXDOMAIN qr,aa,rd,ra 205 0.000074905s
it cant be non existent domain ,as it resolves externally.
if you try this name external dns ,it resolves : this is from external dns on the internet : polydgeusegc-workercluster-database.documents.azure.com Server: OpenWrt.lan Address: 192.168.1.1
Non-authoritative answer: Name: cdb-ms-prod-eastus1-fd28.cloudapp.net Address: 40.79.154.131 Aliases: polydgeusegc-workercluster-database.documents.azure.com polydgeusegc-workercluster-database.privatelink.documents.azure.com
Environment:
Kubernetes version (use
kubectl version): Client Version: version.Info{Major:"1", Minor:"16+", GitVersion:"v1.16.6-beta.0", GitCommit:"e7f962ba86f4ce7033828210ca3556393c377bcc", GitTreeState:"clean", BuildDate:"2020-01-15T08:26:26Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"windows/amd64"} Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.10", GitCommit:"89d8075525967c7a619641fabcb267358d28bf08", GitTreeState:"clean", BuildDate:"2020-06-23T02:52:37Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}Size of cluster (how many worker nodes are in the cluster?) 2
General description of workloads in the cluster (e.g. HTTP microservices, Java app, Ruby on Rails, machine learning, etc.)
Others: c# access to eventhub ,cosmosdb