The unbound DNS instance is used to resolve names for the physical equipment on the management networks within the system, such as NCNs, UANs, switches, and compute nodes. This instance is accessible only within the HPE Cray EX system.
cray-dns-unbound podscray-dns-unbound podsCheck the status of the pods:
ncn-mw# kubectl get -n services pods | grep unbound
Example output:
cray-dns-unbound-696c58647f-26k4c 2/2 Running 0 121m
cray-dns-unbound-696c58647f-rv8h6 2/2 Running 0 121m
cray-dns-unbound-coredns-q9lbg 0/2 Completed 0 121m
cray-dns-unbound-manager-1596149400-5rqxd 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-8ppv4 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-cwksv 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-dtm9p 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-hckmp 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-t24w6 0/2 Completed 0 20h
cray-dns-unbound-manager-1596149400-vzxnp 0/2 Completed 0 20h
cray-dns-unbound-manager-1596222000-bcsk7 0/2 Completed 0 2m48s
cray-dns-unbound-manager-1596222060-8pjx6 0/2 Completed 0 118s
cray-dns-unbound-manager-1596222120-hrgbr 0/2 Completed 0 67s
cray-dns-unbound-manager-1596222180-sf46q 1/2 NotReady 0 7s
For more information about the pods displayed in the output above:
cray-dns-unbound-xxx - These are the main unbound pods.cray-dns-unbound-manager-yyy - These are job pods that run periodically to update DNS from DHCP (Kea) and the SLS/SMD content for the Hardware State Manager (HSM).
Pods will go into the Completed status, and then independently be reaped later by Kubernetes.cray-dns-unbound-coredns-zzz - This pod is run one time during installation of Unbound and reconfigures CoreDNS/ExternalDNS to point to Unbound for all site/internet lookups.The table below describes what the status of each pod means for the health of the cray-dns-unbound services and pods. The Init and NotReady states are not necessarily bad;
they mean that the pod is being started or is processing. The cray-dns-manager and cray-dns-coredns pods for cray-dns-unbound are job pods that run periodically.
| Pod | Healthy Status | Error Status | Other |
|---|---|---|---|
cray-dns-unbound |
Running |
CrashBackOffLoop |
|
cray-dns-coredns |
Completed |
CrashBackOffLoop |
InitNotReady |
cray-dns-manager |
Completed |
CrashBackOffLoop |
InitNotReady |
Logs for the Unbound pods will show the status and health of actual DNS lookups.
Any logs with ERROR or Exception are an indication that the Unbound service is not healthy.
ncn-mw# kubectl logs -n services -l app.kubernetes.io/instance=cray-dns-unbound -c unbound
Example output:
[1596224129] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224129] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224135] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224135] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224140] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224140] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224145] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224145] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224149] unbound[8:0] debug: using localzone health.check.unbound. transparent
[1596224149] unbound[8:0] debug: using localzone health.check.unbound. transparent
...snip...
[1597020669] unbound[8:0] error: error parsing local-data at 33 '69.0.254.10.in-addr.arpa. PTR .local': Empty label
[1597020669] unbound[8:0] error: Bad local-data RR 69.0.254.10.in-addr.arpa. PTR .local
[1597020669] unbound[8:0] fatal error: Could not set up local zones
If there are any errors in the Unbound logs:
using localzone health.check.unbound. transparent log is not an issue.customization.yaml file and look at the system_to_site_lookup values. Ensure that the external lookup values are valid and working.Manager logs will show the status of the latest “true up” of DNS with respect to DHCP actual leases and SLS/SMD status.
The following command shows the last four lines of the last Manager run, and can be adjusted as needed.
ncn-mw# kubectl logs -n services pod/$(kubectl get -n services pods | grep unbound | tail -n 1 | cut -f 1 -d ' ') -c manager | tail -n4
Example output:
uid: bc1e8b7f-39e2-49e5-b586-2028953d2940
Comparing new and existing DNS records.
No differences found. Skipping DNS update
Any log with ERROR or Exception is an indication that DNS is not healthy. The above example includes one of two possible reports for a healthy manager run.
The healthy states are described below, as long as the write to the ConfigMap has not failed:
No differences found. Skipping DNS updateDifferences found. Writing new DNS records to our configmap.The Manager runs periodically, about once every minute. Check if this is a one-time occurrence or if it is a recurring issue.
If any errors discovered in the sections above have been deemed transient or have not been resolved, then restart the Unbound pods.
Use the following command to restart the pods:
ncn-mw# kubectl -n services rollout restart deployment cray-dns-unbound
A rolling restart of the Unbound pods will occur; old pods will not be terminated and new pods will not be added to the load balancer until the new pods have successfully loaded the DNS records.
Unbound stores records it obtains from DHCP, SLS, and SMD via the Manager job in a ConfigMap. It is possible to clear this ConfigMap and allow the next Manager job to regenerate the content.
This is useful in the following cases:
The following clears the (DNS Helper) Manager generated data in the ConfigMap. This is generally safe as Unbound runtime data is held elsewhere.
ncn-mw# kubectl -n services patch configmaps cray-dns-unbound --type merge -p '{"binaryData":{"records.json.gz":"H4sICLQ/Z2AAA3JlY29yZHMuanNvbgCLjuUCAETSaHADAAAA"}}'