[jira] [Commented] (YARN-8365) Revisit the record type used by Registry DNS for upstream resolution

Tue, 29 May 2018 10:17:10 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16493884#comment-16493884
 ] 

Eric Yang commented on YARN-8365:
---------------------------------

Root record can still be fetched through ANY or SOA if upstream supports them:

{code}
dig @registry.dns.host . ANY
{code}

This is less aggressive than the default behavior.  Hence, the change should 
have negligible effect.

> Revisit the record type used by Registry DNS for upstream resolution
> --------------------------------------------------------------------
>
>                 Key: YARN-8365
>                 URL: https://issues.apache.org/jira/browse/YARN-8365
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: yarn-native-services
>            Reporter: Shane Kumpf
>            Assignee: Shane Kumpf
>            Priority: Major
>         Attachments: YARN-8365.001.patch
>
>
> YARN-7326 leveraged the ANY record type for upstream resolution, but some 
> implementations [don't support 
> ANY|https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-06] due to the 
> potential for abuse, namely Cloudflare. Docker Hub leverages Cloudflare for 
> image distribution, so when Registry DNS is used as the sole resolver, docker 
> image downloads are failing. 
> {code:java}
> [root@host ~]# docker run -u root -it centos bash
> Unable to find image 'centos:latest' locally
> latest: Pulling from library/centos
> 469cfcc7a4b3: Already exists
> docker: error pulling image configuration: Get 
> https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e9/e934aafc22064b7322c0250f1e32e5ce93b2d19b356f4537f5864bd102e8531f/data?verify=1527265495-nG8jk%2Bya9qrdPVlXRKGMnOhSnV0%3D:
>  dial tcp: lookup production.cloudflare.docker.com on registry.dns.host:53: 
> no such host.
> {code}
> {code:java}
> [root@host~]# nslookup production.cloudflare.docker.com registry.dns.host
> Server:               registry.dns.host
> Address:      registry.dns.host#53
> Non-authoritative answer:
> production.cloudflare.docker.com      hinfo = "ANY obsoleted" "See 
> draft-ietf-dnsop-refuse-any"
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to