external-dns
external-dns copied to clipboard
kubernetes-sigs
Error while adding RR with rfc2136 provider
What happened:
I've configured external dns with provider rfc2136. Then I continously got this message in the external-dns pod's log:
time="2022-08-26T02:11:37Z" level=info msg="Configured RFC2136 with zone '« zone »' and nameserver 'freeipa1-nbg1.« zone »:53'" time="2022-08-26T02:11:42Z" level=error msg="AXFR error: dns: bad xfr rcode: 5" time="2022-08-26T02:11:42Z" level=info msg="Adding RR: external.« zone » 60 A «NS IP»" time="2022-08-26T02:11:42Z" level=info msg="Adding RR: external.« zone » 0 TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress"" time="2022-08-26T02:11:42Z" level=info msg="Adding RR: a-external« zone » 0 TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress"" time="2022-08-26T02:12:42Z" level=error msg="AXFR error: dns: bad xfr rcode: 5" time="2022-08-26T02:12:42Z" level=info msg="Adding RR: external.« zone » 60 A «NS IP»" time="2022-08-26T02:12:42Z" level=info msg="Adding RR: external.« zone » 0 TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress"" time="2022-08-26T02:12:42Z" level=info msg="Adding RR: a-external.« zone » 0 TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress"" time="2022-08-26T02:13:42Z" level=error msg="AXFR error: dns: bad xfr rcode: 5"
What you expected to happen:
The external-dns creates all record successfully. Now the A and TXT records are created successfully, but it seems that external dns don't recognize it, so tries again and again. When the dns entries are no longer needed (for example the ingress object was deleted) the DNS entries remain in place. I think this is because external dns thinks that the entries does not exist at all. I've also tested with aws, gcp provider, that works as expected.
How to reproduce it (as minimally and precisely as possible):
I have kubeadm created k8s claster running with version 1.24.3. The NS server is a named (freeipa 4.9.10 BIND 9.16.31-RH (Extended Support Version))
Anything else we need to know?:
Named logs are seems clean:
ug 26 10:34:33 freeipa1-nbg1.« zone » named[7014]: client @0x7f8394006550 138.201.119.102#60593/key tsig-key: updating zone '« zone »/IN': adding an RR at 'external.« zone »' A 167.235.109.18 Aug 26 10:34:33 freeipa1-nbg1« zone »[7014]: client @0x7f8394006550 138.201.119.102#60593/key tsig-key: updating zone '« zone »/IN': adding an RR at 'external.« zone »' TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress" Aug 26 10:34:33 freeipa1-nbg1.« zone » named[7014]: client @0x7f8394006550 138.201.119.102#60593/key tsig-key: updating zone '« zone »/IN': adding an RR at 'a-external.« zone »' TXT "heritage=external-dns,external-dns/owner=default,external-dns/resource=service/ingress-external/haproxy-ingress-kubernetes-ingress" Aug 26 10:34:33 freeipa1-nbg1,« zone » named[7014]: zone « zone »/IN: sending notifies (serial 1661510074) Aug 26 10:34:33 freeipa1-nbg1.« zone » named[7014]: client @0x7f83bc2bebe0 138.201.119.102#38139: received notify for zone '« zone »' Aug 26 10:34:33 freeipa1-nbg1.« zone » named[7014]: client @0x7f83a8040b10 65.108.57.7#60428: received notify for zone '« zone »' Aug 26 10:34:38 freeipa1-nbg1.« zone » named[7014]: zone « zone »/IN: sending notifies (serial 1661510074) Aug 26 10:34:38 freeipa1-nbg1.« zone » named[7014]: client @0x7f83b0030170 138.201.119.102#59751: received notify for zone '« zone »' Aug 26 10:34:38 freeipa1-nbg1.« zone » named[7014]: client @0x7f8394006550 65.108.57.7#32931: received notify for zone '« zone »'
Environment:
- External-DNS version (use
external-dns --version): v0.12.2 - DNS provider: freeipa 4.9.10 BIND 9.16.31-RH / rfc2136
- Others:
