Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Machine config DNS order doesn't seem to be preserved by resolver #9274

Closed
Tracked by #8484
michaelbeaumont opened this issue Sep 4, 2024 · 1 comment · Fixed by #9310
Closed
Tracked by #8484

Machine config DNS order doesn't seem to be preserved by resolver #9274

michaelbeaumont opened this issue Sep 4, 2024 · 1 comment · Fixed by #9310
Assignees

Comments

@michaelbeaumont
Copy link
Contributor

michaelbeaumont commented Sep 4, 2024

Bug Report

Description

I'm trying to get Tailscale DNS to work on my nodes and in my machine config I have

        nameservers:
            - fd7a:115c:a1e0::53
            - 2606:4700:4700::1111
            - 1.1.1.1

where fd7a:115c:a1e0::53 is the Tailscale DNS server. I see:

❯ talosctl get dnsupstream
NODE   NAMESPACE   TYPE          ID                     VERSION   HEALTHY   ADDRESS
cp-0   network     DNSUpstream   1.1.1.1                1         true      1.1.1.1:53
cp-0   network     DNSUpstream   2606:4700:4700::1111   1         true      [2606:4700:4700::1111]:53
cp-0   network     DNSUpstream   fd7a:115c:a1e0::53     1         true      [fd7a:115c:a1e0::53]:53

Then on a hostNetwork: true Pod I see:

$ dig @fd7a:115c:a1e0::53 my-machine.my-network.ts.net
my-machine.my-network.ts.net. 600	IN	A	100.90.80.70

which is the response I want, but on the local resolver:

$ dig @169.254.116.108 my-machine.my-network.ts.net
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25224
ts.net.			10	IN	SOA	ns1.dnsimple.com. admin.dnsimple.com.
$ dig @127.0.0.53 my-machine.my-network.ts.net
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27285
ts.net.			10	IN	SOA	ns1.dnsimple.com. admin.dnsimple.com.

and cloudflare:

$ dig @2606:4700:4700::1111 my-machine.my-network.ts.net
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27199
ts.net.			10	IN	SOA	ns1.dnsimple.com. admin.dnsimple.com.

I see here:

upstreams, err := safe.ReaderListAll[*network.DNSUpstream](ctx, r)
if err != nil {
return fmt.Errorf("error getting resolver status: %w", err)
}
addrs, prxs := make([]string, 0, upstreams.Len()), make([]*proxy.Proxy, 0, upstreams.Len())
for it := upstreams.Iterator(); it.Next(); {
prx := it.Value().TypedSpec().Value.Prx
addrs = append(addrs, prx.Addr())
prxs = append(prxs, prx.(*proxy.Proxy)) //nolint:forcetypeassert
}
if ctrl.handler.SetProxy(prxs) {

which like get dnsupstreams doesn't seem to preserve the order from the machine config.

Logs

None

Environment

  • Talos version: v1.8.0-alpha.2
  • Kubernetes version:
Client Version: v1.30.3
Server Version: v1.30.2
  • Platform: metal
@smira
Copy link
Member

smira commented Sep 6, 2024

Just some additional verification, the config is correctly applied/merged, but DNSUpstreams lose the original order:

$ talosctl -n 172.20.0.5 get resolvers
NODE         NAMESPACE   TYPE             ID          VERSION   RESOLVERS
172.20.0.5   network     ResolverStatus   resolvers   3         ["fd7a:115c:a1e0::53","2606:4700:4700::1111","1.1.1.1"]
$ talosctl -n 172.20.0.5 get dnsupstream 
NODE         NAMESPACE   TYPE          ID                     VERSION   HEALTHY   ADDRESS
172.20.0.5   network     DNSUpstream   1.1.1.1                1         true      1.1.1.1:53
172.20.0.5   network     DNSUpstream   2606:4700:4700::1111   1         true      [2606:4700:4700::1111]:53
172.20.0.5   network     DNSUpstream   fd7a:115c:a1e0::53     1         true      [fd7a:115c:a1e0::53]:53

DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Sep 11, 2024
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
we need to rework "DNSUpstreams.net.talos.dev" resource ID from destination host to "dns №<num>".

Fixes siderolabs#9274

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Sep 12, 2024
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.

Fixes siderolabs#9274

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Sep 12, 2024
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.

Fixes siderolabs#9274

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
DmitriyMV added a commit to DmitriyMV/talos that referenced this issue Sep 12, 2024
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.

Fixes siderolabs#9274

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
smira pushed a commit to smira/talos that referenced this issue Sep 13, 2024
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.

Fixes siderolabs#9274

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
(cherry picked from commit 79cd031)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
3 participants