[rancher-dns] dns server & dns update stack create wrong entries ( all updates get dns server IP instead of container IP )

Hi All,

I posted this as an issue over @github, but I thought the ppl at the rancher forum might have an idea or two on this issue :slight_smile:

To create a good upgrade path to Rancher 2.1 I decided to upgrade to Rancher 1.6.17, previously we plugged into the Rancher network agent for DNS discovery directly, but because the new stack has that agent buried in the Docker network it seems no longer an option. Therefore we thought it would be good to deploy the DNS Server & DNS update combo to expose the DNS service to the internal network.

It is there where we hit a snag: the dns update stack create wrong entries ( all updates get dns server IP instead of container IP )

Would be great if someone with experience in Rancher Agent DNS exposure of the Rancher 1.6.x stack to the edge of the VM would read this because it is impeding the implementation of this newer environment. Someone with experience of using the DNS Server / DNS Update agent that fetches the DNS info from the Rancher Agent in the new 1.6.x stack would be great also.

Here is the info on the stack:

Rancher versions:
rancher/server or rancher/rancher: 1.6.17
rancher/agent or rancher/rancher-agent: v1.2.10

Infrastructure Stack versions:
healthcheck: v0.3.6
ipsec: : v0.13.11
network-services: metadata:v0.10.2
scheduler: v0.8.3

Docker version: (docker version,docker info preferred) - 17.12.1-ce

Operating system and kernel: (cat /etc/os-release, uname -r preferred)
VERSION=“18.04 LTS (Bionic Beaver)” - 4.15.0-22-generic

Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO)
QEMU 2.5.0+dfsg-5ubuntu10.26

Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB)
Single Node internal DB

Environment Template: (Cattle/Kubernetes/Swarm/Mesos)
Cattle

Steps to Reproduce:
Select Bind9 DNS server, compatible with the “DNS Update (RFC2136)” in catalog, v 1.0.0-rancher1
Root domain: rancher.internal
Bind9 TSIG keyname: rancher.internal
Bind9 TSIG Key (base64): cmFuY2hlci5pbnRlcm5hbA==
Bin9pros & bind9 forwarders stay on default ( 53 & 8.8.8.8;8.8.4.4 )

Select Rancher External DNS service powered by any RFC2136 compatible DNS server in catalog - v0.7.2 & v0.6.2
DNS server IP: external IP of host where DNS server is deployed or container IP
TSIG Key Name and TSIG key same as on the DNS server
Zone name: rancher.internal
TTL & DNS Name template entries kept at default

Results:

DNS updates that are pushed from the DNS update component to the DNS server container are false, records are seen and updated, yet contain the IP of the DNS server entered in the field of the DNS Server in the DNS Update component.

Logs: dnsupdate-rfc2136-rfc2136dns-1:

06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Starting Rancher External DNS service v0.7.2”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Configured RFC2136 with zone ‘rancher.internal.’ and nameserver ‘192.168.1.102:53’”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Healthcheck handler is listening on :1000”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Adding dns record: {ipsec ipsec {ipsec.ipsec.development.rancher.internal. [192.168.1.102] A 60}}”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Adding dns record: {sugarcrm deploy-nvidia-docker-dev {sugarcrm.deploy-nvidia-docker-dev.development.rancher.internal. [192.168.1.102] A 60}}”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Adding dns record: {bind9 bind9 {bind9.bind9.development.rancher.internal. [192.168.1.102] A 60}}”
06/06/2018 09:44:12time=“2018-06-06T07:44:12Z” level=info msg=“Adding dns record: { {external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal. [bind9.bind9.development.rancher.internal. ipsec.ipsec.development.rancher.internal. sugarcrm.deploy-nvidia-docker-dev.development.rancher.internal.] TXT 60}}”

Logs: bind9-bind9-1
06/06/2018 09:43:0906-Jun-2018 07:43:09.174 managed-keys-zone: loaded serial 0
06/06/2018 09:43:0906-Jun-2018 07:43:09.174 zone 0.in-addr.arpa/IN: loaded serial 1
06/06/2018 09:43:0906-Jun-2018 07:43:09.176 zone 127.in-addr.arpa/IN: loaded serial 1
06/06/2018 09:43:0906-Jun-2018 07:43:09.177 zone 255.in-addr.arpa/IN: loaded serial 1
06/06/2018 09:43:0906-Jun-2018 07:43:09.179 zone localhost/IN: loaded serial 2
06/06/2018 09:43:0906-Jun-2018 07:43:09.180 /etc/bind/zones/db.rancher.internal:1: no TTL specified; using SOA MINTTL instead
06/06/2018 09:43:0906-Jun-2018 07:43:09.180 zone rancher.internal/IN: loaded serial 20041125
06/06/2018 09:43:0906-Jun-2018 07:43:09.180 all zones loaded
06/06/2018 09:43:0906-Jun-2018 07:43:09.181 running
06/06/2018 09:44:1206-Jun-2018 07:44:12.431 client 10.50.72.208#40912/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR started: TSIG rancher.internal
06/06/2018 09:44:1206-Jun-2018 07:44:12.432 client 10.50.72.208#40912/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR ended
06/06/2018 09:44:1206-Jun-2018 07:44:12.436 client 10.50.72.208#40914/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR started: TSIG rancher.internal
06/06/2018 09:44:1206-Jun-2018 07:44:12.436 client 10.50.72.208#40914/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR ended
06/06/2018 09:44:1206-Jun-2018 07:44:12.437 client 10.50.72.208#35060/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.437 client 10.50.72.208#35060/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘ipsec.ipsec.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.439 client 10.50.72.208#35060/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.439 client 10.50.72.208#35060/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘ipsec.ipsec.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.440 client 10.50.72.208#48454/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.440 client 10.50.72.208#48454/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘sugarcrm.deploy-nvidia-docker-dev.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.441 client 10.50.72.208#48454/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.441 client 10.50.72.208#48454/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘sugarcrm.deploy-nvidia-docker-dev.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.441 client 10.50.72.208#49481/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.441 client 10.50.72.208#49481/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘bind9.bind9.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.442 client 10.50.72.208#49481/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.442 client 10.50.72.208#49481/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘bind9.bind9.development.rancher.internal’ A
06/06/2018 09:44:1206-Jun-2018 07:44:12.443 client 10.50.72.208#49751/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.443 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:44:1206-Jun-2018 07:44:12.443 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:44:1206-Jun-2018 07:44:12.443 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:44:1206-Jun-2018 07:44:12.444 client 10.50.72.208#49751/key rancher.internal: signer “rancher.internal” approved
06/06/2018 09:44:1206-Jun-2018 07:44:12.444 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:44:1206-Jun-2018 07:44:12.444 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:44:1206-Jun-2018 07:44:12.444 client 10.50.72.208#49751/key rancher.internal: updating zone ‘rancher.internal/IN’: adding an RR at ‘external-dns-17379725-7297-4a45-8e91-ba0f5d838b3c.rancher.internal’ TXT
06/06/2018 09:45:1206-Jun-2018 07:45:12.891 client 10.50.72.208#41254/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR started: TSIG rancher.internal
06/06/2018 09:45:1206-Jun-2018 07:45:12.891 client 10.50.72.208#41254/key rancher.internal (rancher.internal): transfer of ‘rancher.internal/IN’: AXFR ended