Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1245

DNS TCP queries are not being traced by agent

    • Improvement
    • False
    • None
    • False
    • OCPSTRAT-965 - DNS tracking improvements
    • Modified DNS tracking ebpf logic from release 1.4 to be able to support DNS over TCP, the new approach doesn't need to set privileged however to get an accurate latency its recommended to configure ebpf sampling with value of 1
    • NetObserv - Sprint 240, NetObserv - Sprint 241, NetObserv - Sprint 242, NetObserv - Sprint 243, NetObserv - Sprint 244
    • Important

      .Configure a pod with following spec, notice dnsConfig option to enable openshift-dns server to use TCP:

      apiVersion: v1
      kind: Pod
      metadata:
        name: dnsutils
        namespace: dns-traffic
      spec:
        securityContext:
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        dnsConfig:
          options:
            - name: "use-vc"
        containers:
          - name: utils
            image: tutum/dnsutils
            command: ["/bin/sh", "-ec", "while :; do dig www.google.com +tcp ; sleep 5 ; done"]
            restartPolicy: Never
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
      

      DNS flows generated out of this Pod is not enriched by DNS Info by agent.

      on UI, make sure you select "Show Duplicates" and NS as destination where above pod is running

              mmahmoud@redhat.com Mohamed Mahmoud
              rhn-support-memodi Mehul Modi
              Amogh Rameshappa Devapura Amogh Rameshappa Devapura
              Sara Thomas Sara Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: