DNS lookup attempted on externalNames that are IPs, causing errors in the logs

[sonjalim]

What happened:
Getting error message for services that use IP in the spec.externalName field

2022/08/19 14:45:51 [error] 757218#757218: *223796477 [lua] dns.lua:150: dns_lookup(): failed to query the DNS server for 10.66.176.5:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer

What you expected to happen:
Expected these errors do not occur

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.28.0
  Build:         git-1f93cb8f3
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.17.7

-------------------------------------------------------------------------------

Kubernetes version (use kubectl version):

kubernetes 1.21

Environment:

• Cloud provider or hardware configuration: Google Cloud

• OS (e.g. from /etc/os-release): linux

• Kernel (e.g. uname -a): 5.4.188+

• Install tools: gcloud

• How was the ingress-nginx-controller installed:

  •     - args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
        - --watch-namespace=$(POD_NAMESPACE)
        - --force-namespace-isolation
        - --ingress-class=nginx
        - --logtostderr
        - --configmap=$(POD_NAMESPACE)/nginx-configuration
    

How to reproduce this issue:
Service and ingress that reproduces the error

---
apiVersion: v1
kind: Service
metadata:
  annotations:
    cloud.google.com/neg: '{"ingress":true}'
  labels:
    managed: "true"
  name: external-name-svc
spec:
  externalName: 10.56.132.26
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  sessionAffinity: None
  type: ExternalName
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "10000"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "10000"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "10000"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/send-timeout: "10000"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/uwsgi_read_timeout: "10000"
  name: external-name-ingress
spec:
  rules:
  - host: test.example.com
    http:
      paths:
      - backend:
          service:
            name: external-name-svc
            port:
              number: 80
        path: /something/?(.*)
        pathType: ImplementationSpecific
status:
  loadBalancer:
    ingress:
    - ip: 34.105.130.202

[k8s-ci-robot]

@sonjalim: This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Dark-Bob]

It seems like it's not checking if it's an IP address and attempting to do a DNS look-up even if it is. From this discussion on the kubernetes forum, it seems like we should expect it to work?

[longwuyuan]

https://kubernetes.io/docs/concepts/services-networking/service/#externalname

ExternalName: Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.

Also this ;

% k explain service.spec.type.externalName
KIND:     Service
VERSION:  v1

FIELD:    externalName <string>

DESCRIPTION:
     type determines how the Service is exposed. Defaults to ClusterIP. Valid
     options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
     "ClusterIP" allocates a cluster-internal IP address for load-balancing to
     endpoints. Endpoints are determined by the selector or if that is not
     specified, by manual construction of an Endpoints object or EndpointSlice
     objects. If clusterIP is "None", no virtual IP is allocated and the
     endpoints are published as a set of endpoints rather than a virtual IP.
     "NodePort" builds on ClusterIP and allocates a port on every node which
     routes to the same endpoints as the clusterIP. "LoadBalancer" builds on
     NodePort and creates an external load-balancer (if supported in the current
     cloud) which routes to the same endpoints as the clusterIP. "ExternalName"
     aliases this service to the specified externalName. Several other fields do
     not apply to ExternalName services. More info:
     https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

     Possible enum values:
     - `"ClusterIP"` means a service will only be accessible inside the cluster,
     via the cluster IP.
     - `"ExternalName"` means a service consists of only a reference to an
     external name that kubedns or equivalent will return as a CNAME record,
     with no exposing or proxying of any pods involved.

An IP address in the value for that field can return a A record and not a CNAME as required

/remove-kind bug
/kind support
/close

[k8s-ci-robot]

@longwuyuan: Closing this issue.

In response to this:

https://kubernetes.io/docs/concepts/services-networking/service/#externalname

[ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname): Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.

Also this ;

% k explain service.spec.type.externalName
KIND:     Service
VERSION:  v1

FIELD:    externalName <string>

DESCRIPTION:
    type determines how the Service is exposed. Defaults to ClusterIP. Valid
    options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
    "ClusterIP" allocates a cluster-internal IP address for load-balancing to
    endpoints. Endpoints are determined by the selector or if that is not
    specified, by manual construction of an Endpoints object or EndpointSlice
    objects. If clusterIP is "None", no virtual IP is allocated and the
    endpoints are published as a set of endpoints rather than a virtual IP.
    "NodePort" builds on ClusterIP and allocates a port on every node which
    routes to the same endpoints as the clusterIP. "LoadBalancer" builds on
    NodePort and creates an external load-balancer (if supported in the current
    cloud) which routes to the same endpoints as the clusterIP. "ExternalName"
    aliases this service to the specified externalName. Several other fields do
    not apply to ExternalName services. More info:
    https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

    Possible enum values:
    - `"ClusterIP"` means a service will only be accessible inside the cluster,
    via the cluster IP.
    - `"ExternalName"` means a service consists of only a reference to an
    external name that kubedns or equivalent will return as a CNAME record,
    with no exposing or proxying of any pods involved.

An IP address in the value for that field can return a A record and not a CNAME as required

/remove-kind bug
/kind support
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.