Comment 0 for bug 1807464

This is an upstream Designate bug based on packages installed by our bionic/queens cloud charm configs.

If you add a zone to designate that is actually a zone owned by an upstream DNS server serviced by the forwarders defined for bind, you cannot delete the zone from designate.

You will see the logs looping with:

https://pastebin.ubuntu.com/p/vgpzCQVRbb/

The flag "RA" denotes that this is a referred answer, not an authoritative answer.

In the code, the check is whether the response from Designate is authoritative.

With the DNS backend network included in allowed_recursion_nets, the recursive lookup northward within designate-bind will return an accurate, external SOA record where designate code expects none.

Workaround, remove the forwarders from your charm config, let the zone deletion succeed, then re-add your forwarders.

Anoterh workaround is to configure your dns-backend network into allowed_nets instead of allowed_recursion_nets in the charm config to prefect designate's mdns updates from querying upstream DNS accidentally.