NO-ISSUE: DNS bad wildcard validation message should include IP addre…

…sses This commit improves the bad DNS wildcard validation message to include a list of IP addresses that the bad wildcard domain resolves to so they can be included in the message. This might help users understand where the bad wildcard record is coming from. See openshift#4477 - user was stuck on this validation for a while but was able to figure out the issue almost immediately when I told them the IP address that gets resolved is 127.0.0.1 (turns out it's some weird known router issue/behavior)
omertuc · Oct 10, 2022 · 86ce66c · 86ce66c
1 parent cff5d2f
commit 86ce66c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/internal/host/validations_test.go b/internal/host/validations_test.go
@@ -419,7 +419,7 @@ var _ = Describe("Validations test", func() {
 		Describe("Wildcard connectivity check is performed", func() {
 			successMessage := "DNS wildcard check was successful"
 			successMessageDay2 := "DNS wildcard check is not required for day2"
-			failureMessage := "DNS wildcard configuration was detected for domain *.test-cluster.example.com The installation will not be able to complete while the entry exists. Please remove it to proceed."
+			failureMessage := "DNS wildcard configuration was detected for domain *.test-cluster.example.com - the installation will not be able to complete while the entry exists. Please remove it to proceed. The domain resolves to addresses 7.8.9.10/24, 1003:db8::40/120"
 			errorMessage := "Error while parsing DNS resolution response"
 			pendingMessage := "DNS wildcard check cannot be performed yet because the host has not yet performed DNS resolution"
 

diff --git a/internal/host/validator.go b/internal/host/validator.go
@@ -1499,14 +1499,29 @@ func (v *validator) isDNSWildcardNotConfigured(c *validationContext) (Validation
 	dnsWildcardName := domainNameToResolve(c, constants.DNSWildcardFalseDomainName)
 
 	// Note that we're validating that the wildcard DNS *.<cluster_name>.<base_domain> is NOT configured, since this causes known problems for OpenShift
-	for _, domain := range response.Resolutions {
-		if domain.DomainName != nil && *domain.DomainName == dnsWildcardName {
-			if len(domain.IPV4Addresses) == 0 && len(domain.IPV6Addresses) == 0 {
+	var wildcardDomainResolution *models.DomainResolutionResponseDomain 
+	for _, domainResolution := range response.Resolutions {
+		if domainResolution.DomainName != nil && *domainResolution.DomainName == dnsWildcardName {
+			wildcardDomainResolution = domainResolution
+			if len(domainResolution.IPV4Addresses) == 0 && len(domainResolution.IPV6Addresses) == 0 {
 				return ValidationSuccess, "DNS wildcard check was successful"
 			}
 		}
 	}
-	return ValidationFailure, fmt.Sprintf("DNS wildcard configuration was detected for domain *.%s.%s The installation will not be able to complete while the entry exists. Please remove it to proceed.", c.cluster.Name, c.cluster.BaseDNSDomain)
+
+	// Compile a list of IP addresses that the bad wildcard domain resolves to
+	// so they can be included in the message. This might help users understand
+	// where the bad wildcard record is coming from.
+	addressStrings := []string{}
+	for _, ipv4Address := range wildcardDomainResolution.IPV4Addresses {
+		addressStrings = append(addressStrings, string(ipv4Address))
+	}
+	for _, ipv6Address := range wildcardDomainResolution.IPV6Addresses {
+		addressStrings = append(addressStrings, string(ipv6Address))
+	}
+
+	return ValidationFailure, fmt.Sprintf("DNS wildcard configuration was detected for domain *.%s.%s - the installation will not be able to complete while the entry exists. Please remove it to proceed. The domain resolves to addresses %s",
+		c.cluster.Name, c.cluster.BaseDNSDomain, strings.Join(addressStrings, ", "))
 }
 
 func areNetworksOverlapping(c *validationContext) (ValidationStatus, error) {