[ https://issues.apache.org/jira/browse/YARN-8365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16493884#comment-16493884 ]
Eric Yang commented on YARN-8365: --------------------------------- Root record can still be fetched through ANY or SOA if upstream supports them: {code} dig @registry.dns.host . ANY {code} This is less aggressive than the default behavior. Hence, the change should have negligible effect. > Revisit the record type used by Registry DNS for upstream resolution > -------------------------------------------------------------------- > > Key: YARN-8365 > URL: https://issues.apache.org/jira/browse/YARN-8365 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-native-services > Reporter: Shane Kumpf > Assignee: Shane Kumpf > Priority: Major > Attachments: YARN-8365.001.patch > > > YARN-7326 leveraged the ANY record type for upstream resolution, but some > implementations [don't support > ANY|https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-06] due to the > potential for abuse, namely Cloudflare. Docker Hub leverages Cloudflare for > image distribution, so when Registry DNS is used as the sole resolver, docker > image downloads are failing. > {code:java} > [root@host ~]# docker run -u root -it centos bash > Unable to find image 'centos:latest' locally > latest: Pulling from library/centos > 469cfcc7a4b3: Already exists > docker: error pulling image configuration: Get > https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e9/e934aafc22064b7322c0250f1e32e5ce93b2d19b356f4537f5864bd102e8531f/data?verify=1527265495-nG8jk%2Bya9qrdPVlXRKGMnOhSnV0%3D: > dial tcp: lookup production.cloudflare.docker.com on registry.dns.host:53: > no such host. > {code} > {code:java} > [root@host~]# nslookup production.cloudflare.docker.com registry.dns.host > Server: registry.dns.host > Address: registry.dns.host#53 > Non-authoritative answer: > production.cloudflare.docker.com hinfo = "ANY obsoleted" "See > draft-ietf-dnsop-refuse-any" > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org