OCPBUGS-57364: Fix IP address for default AWS DNS resolver

[sadasu]

When ClusterHostedDNS (or custom-dns) is enabled on AWS, the aws-update-dns service running on the control plane, was incorrectly setting 169.254.169.254 as the AWS default Nameserver.

Fixed this IP to 169.254.169.253 , based on Understanding Amazon DNS

[openshift-ci-robot]

@sadasu: This pull request references Jira Issue OCPBUGS-57364, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.0) matches configured target version for branch (4.21.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @yunjiang29

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

When ClusterHostedDNS (or custom-dns) is enabled on AWS, the aws-update-dns service running on the control plane, was incorrectly setting 169.254.169.254 as the AWS default Nameserver.

Fixed this IP to 169.254.169.253 , based on Understanding Amazon DNS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[sadasu]

/retest-required

[gpei]

/payload-job pull-ci-openshift-installer-main-e2e-aws-custom-dns-techpreview

[openshift-ci]

@gpei: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

[gpei]

/verified by @gpei

Reference job: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/pr-logs/pull/openshift_release/70591/rehearse-70591-periodic-ci-openshift-verification-tests-main-installer-rehearse-4.21-installer-rehearse-aws/1988229654103724032

The installation got passed with this PR, the DNS server on masters/workers is configured with node IP and Amazon DNS server

sh-5.1# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.23.117
nameserver 169.254.169.253

[openshift-ci-robot]

@gpei: This PR has been marked as verified by @gpei.

Details

In response to this:

/verified by @gpei

Reference job: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/pr-logs/pull/openshift_release/70591/rehearse-70591-periodic-ci-openshift-verification-tests-main-installer-rehearse-4.21-installer-rehearse-aws/1988229654103724032

The installation got passed with this PR, the DNS server on masters/workers is configured with node IP and Amazon DNS server

sh-5.1# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.23.117
nameserver 169.254.169.253

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tthvo]

/lgtm

[sadasu]

/retest

[jhixson74]

/lgtm

[isabella-janssen]

/approve

Approving based on the information in the provided reference article.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: isabella-janssen, jhixson74, sadasu, tthvo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [isabella-janssen]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 5c30302 and 2 for PR HEAD 1aac42b in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 455d5c3 and 1 for PR HEAD 1aac42b in total

[tthvo]

/retest-required

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 7c04bdb and 0 for PR HEAD 1aac42b in total

[openshift-ci-robot]

/hold

Revision 1aac42b was retested 3 times: holding

[sadasu]

/hold cancel

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD eeabc73 and 2 for PR HEAD 1aac42b in total

[openshift-ci]

@sadasu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@sadasu: Jira Issue OCPBUGS-57364: All pull requests linked via external trackers have merged:

• openshift/installer#9886
• openshift/machine-config-operator#5402

Jira Issue OCPBUGS-57364 has been moved to the MODIFIED state.

Details

In response to this:

When ClusterHostedDNS (or custom-dns) is enabled on AWS, the aws-update-dns service running on the control plane, was incorrectly setting 169.254.169.254 as the AWS default Nameserver.

Fixed this IP to 169.254.169.253 , based on Understanding Amazon DNS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-robot]

Fix included in accepted release 4.21.0-0.nightly-2025-11-15-144034