Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: 4.11
Component/s: Networking / DNS
Labels:
- qe-test-coverage

Test Coverage:

+
Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-63512
Severity:
Important
Regression:
No
Story Points:
3
Sprint:
Sprint 238, Sprint 239
sprint_count:
2
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Before this update, a non-compliant upstream DNS server, providing a UDP response larger than OpenShift's specified bufsize (512 bytes), caused CoreDNS to throw an overflow error and not provide a response to a DNS query. With this update, users can now configure the protocolStrategy field on the dnses.operator.openshift.io CR to be "TCP". By setting this field to TCP, CoreDNS will use TCP for upstream requests, working around UDP overflow issues with non-compliant upstream DNS servers.

Show
Before this update, a non-compliant upstream DNS server, providing a UDP response larger than OpenShift's specified bufsize (512 bytes), caused CoreDNS to throw an overflow error and not provide a response to a DNS query. With this update, users can now configure the protocolStrategy field on the dnses.operator.openshift.io CR to be "TCP". By setting this field to TCP, CoreDNS will use TCP for upstream requests, working around UDP overflow issues with non-compliant upstream DNS servers.
Release Note Type:
Bug Fix
Latest Status Summary:

Hide
See thread about this in openshift-users Slack channel.
Vadim Rutkovsky advised me to open this issue here.

Show
See thread about this in openshift-users Slack channel. Vadim Rutkovsky advised me to open this issue here.
Target Version:

4.13.z

SFDC Cases Counter:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-6829~~. The following is the description of the original issue:
—
Description of problem:

While/after upgrading to 4.11 2023-01-14 CoreDNS has a problem with UDP overflows so DNS lookups are very slow and cause the ingress operator upgrade to stall. We needed to work around with force_tcp following this: https://access.redhat.com/solutions/5984291

Version-Release number of selected component (if applicable):

How reproducible:

100%, but seems to depend on the network environemnt (excact cause unknown)

Steps to Reproduce:

1. install cluster with OKD 4.11-2022-12-02 or earlier
2. initiate upgrade to OKD 4.11-2023-01-14
3. upgrade will stall after upgrading CoreDNS

Actual results:

CoreDNS logs: [ERROR] plugin/errors: 2 oauth-openshift.apps.okd-admin.muc.lv1871.de. AAAA: dns: overflowing header size

Expected results:

Additional info:

blocks

OCPBUGS-15251 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

Closed

clones

OCPBUGS-6829 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

Closed

is blocked by

OCPBUGS-6829 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

Closed

links to

openshift/api#1500: [release-4.13] OCPBUGS-15225: Add protocolStrategy for upstreams in dnses.operator.openshift.io

openshift/cluster-dns-operator#372: [release-4.13] OCPBUGS-15225: Add support for protocolStrategy API field to enable force_tcp configuration

Assignee:: Grant Spence

Reporter:: OpenShift Prow Bot

QA Contact:: Melvin Joseph

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/06/20 9:21 PM

Updated:: 2023/08/16 5:21 AM

Resolved:: 2023/07/20 5:12 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates