Rfc2136 / bind 9 RFC2136 update failed: bad return code: NOTZONE"

Rancher
1

Hallo,
next round to user rfc2136 with an bind 9.
Connection is working now but RFC2136 update failed: bad return code: NOTZONE appears.
has anyone an idea wthat is going wrong?
I used this tutorial.


I m using external-dns Version 3.0.2 fom the bitnami catalog.

Thanks for hints
Ralf

time=“2020-05-22T08:47:48Z” level=info msg=“Adding RR: srvrancherprod.comline.de 0 A 192.168.242.160”

time=“2020-05-22T08:47:48Z” level=info msg=“Adding RR: srvrancherprod.comline.de 0 A 192.168.243.28”

time=“2020-05-22T08:47:48Z” level=info msg=“Adding RR: srvrancherprod.comline.de 0 A 192.168.245.100”

time=“2020-05-22T08:47:48Z” level=info msg="Adding RR: srvrancherprod.comline.de 0 TXT “heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/webseite01"”

time=“2020-05-22T08:47:48Z” level=info msg=“Bad dns.Client.Exchange response: ;; opcode: UPDATE, status: NOTZONE, id: 7685\n;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; QUESTION SECTION:\n;docker.comline.local.\tIN\t SOA\n\n;; ADDITIONAL SECTION:\n\n;; TSIG PSEUDOSECTION:\nrndc-key.\t0\tCLASS255\tTSIG\t hmac-md5.sig-alg.reg.int. 20200522084747 300 16 400F568B6370E567C109E41F0443C694 7685 0 0 \n”

time=“2020-05-22T08:47:48Z” level=error msg=“RFC2136 update failed: bad return code: NOTZONE”

Here my zoen files

$TTL 604800
@ IN SOA srvbind92.docker.comline.locale. admin.docker.comline.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS srvbind92.docker.comline.local.
IN NS 000c29ddec8c.docker.comline.local.

; name servers - A records
srvbind92.docker.comline.local. IN A 192.168.241.85
000c29ddec8c.docker.comline.local. IN A 192.168.242.253

$TTL 604800
@ IN SOA srvbind92.docker.comline.local. admin@docker.comline.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS records
IN NS srvbind92.docker.comline.local.
IN NS 000c29ddec8c.docker.comline.local.

; PTR Records
85.241 IN PTR srvbind92.docker.comline.local. ;192.168.241.85
253.242 IN PTR 000c29ddec8c.docker.comline.local. ;192.168.242.253

2

solved:
domain Rancher is named firma.de , dns zone in my bind is firma.local.
rfc2136 is configure to use firma.local.
Reconfiguring my dns zone in bind in firma.de solved the problem for the moment as a first test.
Question ist how to reconfigure rancher info firma.local.

Ralf

3

Hi Ralf,

Just to clarify, this is in regards to external DNS outside the cluster, correct? You are not trying to use rtc2136 inside the cluster (Core DNS does that in Rancher 2).

The rfc2136.zone option will set the zone used in the records.

Check out the RFC 2136 tutorial at https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/rfc2136.md and see if that helps you. It took me several tries. The --dry-run and --log-level=debug options helped a lot.

Note that the Bitnami chart will accept options even if they are invalid, so watch out for typos. You can doublecheck the options by inspecting the Kubernetes YAML. An invalid option will NOT be passed onto Kubernetes and therefore will not appear under spec.containers.args if you check it:

docker01 $ kubectl get deploy external-dns -n external-dns -o yaml
...
    spec:
      containers:
      - args:
        - --log-level=info
        - --log-format=text
        - --domain-filter=rancher.example.org
        - --rfc2136-zone=rancher.example.org.
...
4

Hallo,
yes that is correct. The bind9 is a vmware system running in the network.
I can see in the logfile of the rfc2136 container that it uses as RR name.company.de. Is there a way to change it in name.company.local?
A second question.
In our rancher 1.6 environement the rfc2136 container has the option ro define the sended dns name using some variables. Is there an similar option existing for external dns?
Thanks
Ralf

5

Yes, this is called the FQDN Template, which should support options such as --fqdn-template "{.metadata.name}.{metadata.namespace}".

Personally, I have not gotten this to work with Rancher yet, because Rancher’s web form for the ingress requires that a human set up some sort of name.

6

Can you post your external-dns configuration, minus any sensitive data like the TSIG keys?

7

Hallo,
I will do this later this week.
Thanks for your help.
Ralf

8

Hallo,
I ve a simple working config for the moment.
Because of corona everything about Rancher 2.4 is on stand-by now.
For the next time will bring only systems up that are working out of box and dns is really tricky with rancher 2.4.
The things we need for the moment for our developers are working using Ingress.

Ralf

9

I agree that External DNS is pretty tricky with Rancher 2. Rancher 2 has DNS integrations for cloud providers, but we need solutions that work on-premise.

I’m also just a Rancher 2 end user. It took me a while to get the External DNS RFC2136 provider working as needed with Rancher 2. I had to find a happy medium that worked with External DNS, Nginx Ingress, and the Rancher 2 UI.

My next step is to try and figure out how to use FQDN Templates to simplify what our users need to do. Currently, Rancher 2 requires users to type in a hostname, but external-dns can do this programmatically— I’m unsure how to bridge the two worlds.

Feel free to join us in the k8s Slack channel #external-dns.

-= Stefan

10

Hallo,
can you post an example of your config for the template to rewrite the dns entry?
Thanks
Ralf