AKS icon indicating copy to clipboard operation
AKS copied to clipboard
verified publisher icon Azure

[BUG]CoreDNS reverse dns query didn't work on AKS 1.32

Open Calotte opened this issue 10 months ago • 2 comments

Describe the bug A clear and concise description of what the bug is. We have a program that will get the pod's dns via dns reverse query, it works in aks 1.31 but on 1.32 it failed with the following error:

2025-03-03T06:54:39.433868+00:00 af80d705-9259-4940-84a6-f30f750da0af        directdns         debug looking up PTR for 10.240.10.253 using server 10.0.0.10
2025-03-03T06:54:39.438568+00:00 af80d705-9259-4940-84a6-f30f750da0af        directdns         error invalid response for 10.240.10.253: NXDOMAIN

To Reproduce Steps to reproduce the behavior:

dig a pod ip's dns.

Also can use this function:

func doServerReverseLookup(ctx context.Context, addr string, server string, logger *log.Entry) ([]string, error) {
	logger.Debugf("looking up PTR for %s using server %s", addr, server)
	c := dns.Client{}
	m := dns.Msg{}
	reverseAddr, err := dns.ReverseAddr(addr)
	if err != nil {
		return nil, fmt.Errorf("could not reverse %s: %v", addr, err)
	}
	m.SetQuestion(reverseAddr, dns.TypePTR)
	r, t, err := c.ExchangeContext(ctx, &m, server+":53")
	if err != nil {
		return nil, fmt.Errorf("failed to perform PTR lookup for %s: %v", addr, err)
	}
	logger.Tracef("PTR lookup for %s took %v", addr, t)
	if r.Rcode != dns.RcodeSuccess {
		return nil, fmt.Errorf("invalid response for %s: %v", addr, dns.RcodeToString[r.Rcode])
	}
	hosts := make([]string, 0)
	for _, ans := range r.Answer {
		host := ans.(*dns.PTR).Ptr
		if strings.HasSuffix(host, ".") {
			host = host[0 : len(host)-1]
		}
		hosts = append(hosts, host)
	}

	return hosts, nil
}

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem. Make sure not to include sensitive or personal information.

Environment (please complete the following information):

  • CLI Version 1.31
  • Kubernetes version 1.32
  • CLI Extension version [e.g. 1.7.5] if applicable
  • Browser [e.g. chrome, safari] is applicable

Additional context Add any other context about the problem here.

Calotte avatar Mar 03 '25 08:03 Calotte

CoreDNS issue disccused here: https://github.com/coredns/coredns/issues/7177

Before the coredns makes a path through, AKS team is evaluating if we should downgrade coredns to 1.11.3 for k8s 1.32 clusters.

robbiezhang avatar Mar 07 '25 05:03 robbiezhang

This issue needs attention of @robbiezhang. Please provide an update on the investigation progress. Thanks!

microsoft-github-policy-service[bot] avatar Mar 24 '25 04:03 microsoft-github-policy-service[bot]

This issue needs attention of @robbiezhang. Please provide an update on the investigation progress. Thanks!

microsoft-github-policy-service[bot] avatar Mar 31 '25 07:03 microsoft-github-policy-service[bot]

AKS has downgraded the coredns to 1.11.3 on k8s 1.32

robbiezhang avatar Apr 04 '25 05:04 robbiezhang