From 97c4a7074159f51436cfff3dd4a6f28476167a8c Mon Sep 17 00:00:00 2001
From: k8s-infra-cherrypick-robot
 <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com>
Date: Thu, 6 Mar 2025 15:32:19 -0800
Subject: [PATCH] fix DNS issues with unresolvable backends with ExternalName
 (#12951)

Co-authored-by: Neer Friedman <neerfri@gmail.com>
Co-authored-by: Pierre Ozoux <pierre@ozoux.net>
---
 rootfs/etc/nginx/lua/balancer.lua | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/rootfs/etc/nginx/lua/balancer.lua b/rootfs/etc/nginx/lua/balancer.lua
index 00104c89d..e6ddc1907 100644
--- a/rootfs/etc/nginx/lua/balancer.lua
+++ b/rootfs/etc/nginx/lua/balancer.lua
@@ -77,8 +77,10 @@ local function resolve_external_names(original_backend)
   local endpoints = {}
   for _, endpoint in ipairs(backend.endpoints) do
     local ips = dns_lookup(endpoint.address)
-    for _, ip in ipairs(ips) do
-      table.insert(endpoints, { address = ip, port = endpoint.port })
+    if #ips ~= 1 or ips[1] ~= endpoint.address then
+      for _, ip in ipairs(ips) do
+        table.insert(endpoints, { address = ip, port = endpoint.port })
+      end
     end
   end
   backend.endpoints = endpoints
@@ -104,15 +106,19 @@ local function is_backend_with_external_name(backend)
 end
 
 local function sync_backend(backend)
+  -- We resolve external names before checking if the endpoints are empty
+  -- because the behavior for resolve_external_names when the name was not
+  -- resolved is to return an empty table so we set the balancer to nil below
+  -- see https://github.com/kubernetes/ingress-nginx/pull/10989
+  if is_backend_with_external_name(backend) then
+    backend = resolve_external_names(backend)
+  end
+
   if not backend.endpoints or #backend.endpoints == 0 then
     balancers[backend.name] = nil
     return
   end
 
-  if is_backend_with_external_name(backend) then
-    backend = resolve_external_names(backend)
-  end
-
   backend.endpoints = format_ipv6_endpoints(backend.endpoints)
 
   local implementation = get_implementation(backend)