Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-4356

Reply packet for DNS conversation to service IP uses pod IP as source

XMLWordPrintable

    • Moderate
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      For some reason, some of the packets on a DNS conversation to the {{openshift-dns/dns-default}} service cluster IP don't get properly denatted, i.e. the reply packet has the pod IP as source IP instead of the service IP.

      Version-Release number of selected component (if applicable):

      4.10.25

      How reproducible:

      Sometimes

      Steps to Reproduce:

      1. Try to resolve DNS with cluster DNS

      Actual results:

      DNS timeout. Reply packets have the pod IP instead of the service IP the request was sent to.

      Expected results:

      DNS working.

      Additional info:

      I'll elaborate about this in the attachments, but I could find nothing wrong in nbdb or any OVN-Kubernetes or OVN logs that rang a bell.
The only interesting thing I could see was that `conntrack -L` had no reference to this conversation, so it makes kind of sense that the reply packet address is not translated back to the service IP one, but I have not been able to find the reason of this.
The query/response packets can be correlated via DNS transaction ID.

            sseethar Surya Seetharaman
            rhn-support-palonsor Pablo Alonso Rodriguez
            Anurag Saxena Anurag Saxena
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: