search

kubevirt / kubesecondarydns

DNS for KubeVirt VirtualMachines secondary interfaces
Apache License 2.0
7 stars 8 forks source link

Fix NS line for the zone file #61

Closed rabin-io closed 1 year ago

rabin-io commented 1 year ago

What this PR does / why we need it:

There was a missing @ at the beginning of the NS record, which caused the line to be invalid, and we didn't get any alerts about it on zone re/load.

This also broke recourse query for the NS, as the query will be passed to the internal DNS, but the record is missing.

Special notes for your reviewer:

When asking the parent (forcing no recursive query) DNS for the NS, we get a response, 

❯ dig NS vm.cnv2.example.com @ns1.eng.example.com +norecurse

; <<>> DiG 9.18.17 <<>> NS vm.cnv2.example.com @ns1.eng.example.com +norecurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32195
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vm.cnv2.example.com.        IN      NS

;; AUTHORITY SECTION:
vm.cnv2.example.com. 300 IN  NS      ns.vm.cnv2.example.com.

;; ADDITIONAL SECTION:
ns.vm.cnv2.example.com. 300 IN A     10.46.41.90

;; Query time: 9 msec
;; SERVER: 10.46.0.31#53(ns1.eng.example.com) (UDP)
;; WHEN: Thu Sep 14 16:10:56 IDT 2023
;; MSG SIZE  rcvd: 92

But when the server redirects us to our internal DNS, we get not respond.

❯ dig NS vm.cnv2.example.com @ns1.eng.example.com

; <<>> DiG 9.18.17 <<>> NS vm.cnv2.example.com @ns1.eng.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21606
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vm.cnv2.example.com.        IN      NS

;; Query time: 24 msec
;; SERVER: 10.46.0.31#53(ns1.eng.example.com) (UDP)
;; WHEN: Thu Sep 14 16:11:04 IDT 2023
;; MSG SIZE  rcvd: 59

I tested this by manually patching the zone file to include the missing @.

kubevirt-bot commented 1 year ago

Hi @rabin-io. Thanks for your PR.

I'm waiting for a kubevirt member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
oshoval commented 1 year ago

thanks something is weird, it doesnt run tests / git actions

brianmcarey commented 1 year ago

/ok-to-test

oshoval commented 1 year ago

right thanks, but git action still not running

brianmcarey commented 1 year ago

right thanks, but git action still not running

It looks like the GH workflow has to be approved to run - I can see it here in the UI - I can try and kick it off if ye want? image

oshoval commented 1 year ago

yes please, thanks, but we might want to add Rabin to kubevirt group so it wont happen ?

oshoval commented 1 year ago

we might want to bump soon kubevirtci, as 1.25 is too old https://github.com/kubevirt/kubesecondarydns/pull/62

oshoval commented 1 year ago

@rabin-io maybe worth to run please a few times the e2e to see its not flaky ? there was a failure one time according emails

oshoval commented 1 year ago

/test pull-kubesecondarydns-e2e-k8s

lets run few times to see if some flake exists (not sure related to this PR if so)

rabin-io commented 1 year ago

/test pull-kubesecondarydns-e2e-k8s

oshoval commented 1 year ago

/test pull-kubesecondarydns-e2e-k8s

oshoval commented 1 year ago

we are good to go, anyhow it was a cluster-up that fails one time, not tests related

AlonaKaplan commented 1 year ago

\approve Thanks!

AlonaKaplan commented 1 year ago

/approve

kubevirt-bot commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlonaKaplan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubevirt/kubesecondarydns/blob/main/OWNERS)~~ [AlonaKaplan] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment