Skip to content

OCPBUGS-57364: Fix IP address for default AWS DNS resolver #5402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCPBUGS-57364: Fix IP address for default AWS DNS resolver #5402

wants to merge 1 commit into from
+1 −1

Conversation

@sadasu
Copy link
Contributor

@sadasu sadasu commented Nov 10, 2025

When ClusterHostedDNS (or custom-dns) is enabled on AWS, the aws-update-dns service running on the control plane, was incorrectly setting 169.254.169.254 as the AWS default Nameserver.

Fixed this IP to 169.254.169.253 , based on Understanding Amazon DNS

@sadasu sadasu changed the title Aws custom dns OCPBUGS-57364: Fix IP address for default AWS DNS resolver Nov 10, 2025
@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Nov 10, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Nov 10, 2025

@sadasu: This pull request references Jira Issue OCPBUGS-57364, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.21.0) matches configured target version for branch (4.21.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @yunjiang29

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

When ClusterHostedDNS (or custom-dns) is enabled on AWS, the aws-update-dns service running on the control plane, was incorrectly setting 169.254.169.254 as the AWS default Nameserver.

Fixed this IP to 169.254.169.253 , based on Understanding Amazon DNS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from yunjiang29 November 10, 2025 17:29
@sadasu
AWS ClusterHostedDNS: Fix IP address for AWS DNS resolution
1aac42b 
The IP address for the Nameserver to be used as resolver for everything
other than API, API-Int and *.apps was incorrect. Fixed it based
on AWS documentation.
@sadasu
Copy link
Contributor Author

sadasu commented Nov 10, 2025

/retest-required

@gpei
Copy link

gpei commented Nov 11, 2025

/payload-job pull-ci-openshift-installer-main-e2e-aws-custom-dns-techpreview

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2025

@gpei: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2025

@sadasu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn 1aac42b link false /test okd-scos-e2e-aws-ovn
ci/prow/bootstrap-unit 1aac42b link false /test bootstrap-unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@gpei
Copy link

gpei commented Nov 11, 2025

/verified by @gpei

Reference job: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/pr-logs/pull/openshift_release/70591/rehearse-70591-periodic-ci-openshift-verification-tests-main-installer-rehearse-4.21-installer-rehearse-aws/1988229654103724032

The installation got passed with this PR, the DNS server on masters/workers is configured with node IP and Amazon DNS server

sh-5.1# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.23.117
nameserver 169.254.169.253

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Nov 11, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Nov 11, 2025

@gpei: This PR has been marked as verified by @gpei.

In response to this:

/verified by @gpei

Reference job: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/pr-logs/pull/openshift_release/70591/rehearse-70591-periodic-ci-openshift-verification-tests-main-installer-rehearse-4.21-installer-rehearse-aws/1988229654103724032

The installation got passed with this PR, the DNS server on masters/workers is configured with node IP and Amazon DNS server

sh-5.1# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.23.117
nameserver 169.254.169.253

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

tthvo
tthvo reviewed Nov 11, 2025
View reviewed changes
Copy link
Member

@tthvo tthvo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 11, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sadasu, tthvo
Once this PR has been reviewed and has the lgtm label, please assign rishabhsaini for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkhater-redhat dkhater-redhat Awaiting requested review from dkhater-redhat

@yuqi-zhang yuqi-zhang Awaiting requested review from yuqi-zhang

@yunjiang29 yunjiang29 Awaiting requested review from yunjiang29

1 more reviewer

@tthvo tthvo tthvo left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@tthvo tthvo

Labels

jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sadasu @openshift-ci-robot @gpei @tthvo