ingress-dns addon docs/setup

[darkn3rd]

The documentation for ingress-dns is confusing.
It looks like it is instructing users to use resolvconf to configure the new DNS server and then disable resolvconf.
It would be nice to either (or both) explain what is being done for each of these steps and why, as well as have some systemd only instructions, like:

sudo systemd-resolve --interface $BRIDGEINTERFACE --set-dns $MINIKUBE_IP --set-domain test

I also noticed that dnsmasq was running in the background, and that there are minikube configurations there. This obviously cannot run at the same time with systemd-resolved running. There's little docs on that setup or how to use it, or trade-offs between this solution and using dnsmasq.

Steps to reproduce the issue:

1. minikube addons enable ingress-dns
2. Follow Docs: https://github.com/kubernetes/minikube/tree/master/deploy/addons/ingress-dns

[priyawadhwa]

Hey @darkn3rd thanks for pointing this out -- if you or anyone else is interested in contributing to our documentation and fixing this, please comment /assign on this issue!

[jnm]

Hello, I've been struggling a bit getting ingress-dns running on Ubuntu 20.04 and was happy to find this issue. I will note, however, that

sudo systemd-resolve --interface $BRIDGEINTERFACE --set-dns $MINIKUBE_IP --set-domain test

does not work properly, because systemd-resolve sends EDNS to ingress-dns' node-dns server, which returns an invalid response.

Good news: there is an open merge request on ingress-dns to fix this.

To help future searchers, here are some symptoms:

• ping fails:

  hello@world$ ping hello-jane.test
  ping: hello-jane.test: Temporary failure in name resolution
  

• systemd-resolve fails:

  hello@world$ systemd-resolve hello-jane.test
  hello-jane.test: resolve call failed: Received invalid reply
  

• nslookup does resolve as expected:

  hello@world$ nslookup hello-jane.test $(minikube ip)
  Server:         172.17.0.2
  Address:        172.17.0.2#53
  
  Non-authoritative answer:
  Name:   hello-jane.test
  Address: 172.17.0.2
  Name:   hello-jane.test
  Address: 172.17.0.2
  

• dig resolves the hostname but complains about a malformed packet and extra bytes in the response:

  hello@world$ dig @$(minikube ip) hello-jane.test
  ;; Warning: Message parser reports malformed message packet.
  
  ; <<>> DiG 9.16.1-Ubuntu <<>> @172.17.0.2 hello-jane.test
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22209
  ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  ;; WARNING: Message has 8 extra bytes at end
  
  ;; QUESTION SECTION:
  ;hello-jane.test.               IN      A
  
  ;; ANSWER SECTION:
  hello-jane.test.        300     IN      A       172.17.0.2
  
  ;; Query time: 20 msec
  ;; SERVER: 172.17.0.2#53(172.17.0.2)
  ;; WHEN: Fri Oct 09 18:30:40 EDT 2020
  ;; MSG SIZE  rcvd: 73
  

• kubectl --namespace=kube-system logs kube-ingress-dns-minikube shows messages like:

  node-dns > unknow encoder undefined(41)
  node-dns > unknow parser type: undefined(41)
  

[darkn3rd]

@priyawadhwa I wish I could document this, but documentation around systemd-resolved, resolvconf, and whatever sets up dnsmasq (libvirt?) outside of systemd is not well documented. I wouldn't even know where to begin to find out further information. And if there is reference oriented material, this isoften difficult to parse or discern for most people.

[darkn3rd]

@woodcockjosh @jnm For the GitLab MR:

• there seems to be more documentation in the MR comment than what will be merged.
• this was tested with virtualbox. The issue I discovered was using kvm (libvirt was installed).

[woodcockjosh]

I don't really run linux so I wouldn't be able to document very well either.

[mkoval]

As far as I can tell, there are still not any instructions on the ingress-dns addon docs about how to configure systemd-resolve to use this DNS server.

I was pieced together some understanding of how this should work from @darkn3rd's comment, the Gitlab MR, and these systemd-resolved docs. I expected that putting the following in /etc/systemd/network/50-ingress-dns.network and leaving /etc/resolv.conf untouched would work:

[Match]
Name=* # despite what the docs say.

[Network]
DNSDefaultRoute=false
DNS=192.168.49.2
Domains=~myhost

where 192.168.49.2 is the output of minikube ip and myhost is the hostname suffix used to expose my ingress services. I've also tried only Matching the bridge network created by Kubernetes (I think?) to the same effect.

Unfortunately, this causes my minikube node to become unresponsive (i.e. all kubectl commands hang) and ingress-dns DNS server stops responding to queries from nslookup. I am not able to restart the node because minikube start hangs until I remove that configuration.

I suspect either (1) my DNS configuration is applying to more domains than I intend and/or (2) something started by minikube tries to resolve the ingress hostnames (*.myhost in my case) before starting the ingress-dns server. I'm curious if anyone has managed to get this to work - I'd be happy to document it if I can figure it out!