Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-6829

while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

XMLWordPrintable

    • +
    • Important
    • None
    • 5
    • Sprint 231, Sprint 232, Sprint 233, Sprint 234, Sprint 235, Sprint 236, Sprint 237
    • 7
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, a non-compliant upstream DNS server that provided a UDP response larger than {product-title}'s specified buffer size of 512 bytes caused CoreDNS to throw an overflow error. Consequently, it would not provide a response to a DNS query.
      +
      With this update, users can now configure the `protocolStrategy` field on the `dnses.operator.openshift.io` custom resource (CR) to be `TCP`. With this field set to `TCP`, CoreDNS uses the TCP protocol for upstream requests and works around UDP overflow issues with non-compliant upstream DNS servers. (link:https://issues.redhat.com/browse/OCPBUGS-6829[*OCPBUGS-6829*])
      Show
      * Previously, a non-compliant upstream DNS server that provided a UDP response larger than {product-title}'s specified buffer size of 512 bytes caused CoreDNS to throw an overflow error. Consequently, it would not provide a response to a DNS query. + With this update, users can now configure the `protocolStrategy` field on the `dnses.operator.openshift.io` custom resource (CR) to be `TCP`. With this field set to `TCP`, CoreDNS uses the TCP protocol for upstream requests and works around UDP overflow issues with non-compliant upstream DNS servers. (link: https://issues.redhat.com/browse/OCPBUGS-6829 [* OCPBUGS-6829 *])
    • Bug Fix
    • Done
    • Hide
      See thread about this in openshift-users Slack channel.
      Vadim Rutkovsky advised me to open this issue here.
      Show
      See thread about this in openshift-users Slack channel. Vadim Rutkovsky advised me to open this issue here.

      Description of problem:

      While/after upgrading to 4.11 2023-01-14 CoreDNS has a problem with UDP overflows so DNS lookups are very slow and cause the ingress operator upgrade to stall. We needed to work around with force_tcp following this: https://access.redhat.com/solutions/5984291

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      100%, but seems to depend on the network environemnt (excact cause unknown)

      Steps to Reproduce:

      1. install cluster with OKD 4.11-2022-12-02 or earlier
2. initiate upgrade to OKD 4.11-2023-01-14
3. upgrade will stall after upgrading CoreDNS

      Actual results:

      CoreDNS logs: [ERROR] plugin/errors: 2 oauth-openshift.apps.okd-admin.muc.lv1871.de. AAAA: dns: overflowing header size 

      Expected results:

       

      Additional info:

       

              gspence@redhat.com Grant Spence
              kai-uwe.rommel@ars.de Kai-Uwe Rommel
              Melvin Joseph Melvin Joseph
              Votes:
              2 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: