Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-6829

while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

    XMLWordPrintable

Details

    • +
    • Important
    • 5
    • Sprint 231, Sprint 232, Sprint 233, Sprint 234, Sprint 235, Sprint 236, Sprint 237
    • 7
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, a non-compliant upstream DNS server that provided a UDP response larger than {product-title}'s specified buffer size of 512 bytes caused CoreDNS to throw an overflow error. Consequently, it would not provide a response to a DNS query.
      +
      With this update, users can now configure the `protocolStrategy` field on the `dnses.operator.openshift.io` custom resource (CR) to be `TCP`. With this field set to `TCP`, CoreDNS uses the TCP protocol for upstream requests and works around UDP overflow issues with non-compliant upstream DNS servers. (link:https://issues.redhat.com/browse/OCPBUGS-6829[*OCPBUGS-6829*])
      Show
      * Previously, a non-compliant upstream DNS server that provided a UDP response larger than {product-title}'s specified buffer size of 512 bytes caused CoreDNS to throw an overflow error. Consequently, it would not provide a response to a DNS query. + With this update, users can now configure the `protocolStrategy` field on the `dnses.operator.openshift.io` custom resource (CR) to be `TCP`. With this field set to `TCP`, CoreDNS uses the TCP protocol for upstream requests and works around UDP overflow issues with non-compliant upstream DNS servers. (link: https://issues.redhat.com/browse/OCPBUGS-6829 [* OCPBUGS-6829 *])
    • Bug Fix
    • Done
    • Hide
      See thread about this in openshift-users Slack channel.
      Vadim Rutkovsky advised me to open this issue here.
      Show
      See thread about this in openshift-users Slack channel. Vadim Rutkovsky advised me to open this issue here.

    Description

      Description of problem:

      While/after upgrading to 4.11 2023-01-14 CoreDNS has a problem with UDP overflows so DNS lookups are very slow and cause the ingress operator upgrade to stall. We needed to work around with force_tcp following this: https://access.redhat.com/solutions/5984291

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      100%, but seems to depend on the network environemnt (excact cause unknown)

      Steps to Reproduce:

      1. install cluster with OKD 4.11-2022-12-02 or earlier
2. initiate upgrade to OKD 4.11-2023-01-14
3. upgrade will stall after upgrading CoreDNS

      Actual results:

      CoreDNS logs: [ERROR] plugin/errors: 2 oauth-openshift.apps.okd-admin.muc.lv1871.de. AAAA: dns: overflowing header size 

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15225 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15225 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15251 while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15605 CoreDNS UDP bufsize unnecessarily restricted to 512

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/api#1429: OCPBUGS-6829: Add protocolStrategy for upstreams in dnses.operator.openshift.io

          GitHub openshift/cluster-dns-operator#359: [WIP] OCPBUGS-6829: Add support for protocolPolicy API field to enable force_tcp configuration

          GitHub openshift/cluster-dns-operator#371: OCPBUGS-6829: Add support for protocolStrategy API field to enable force_tcp configuration

          GitHub openshift/cluster-dns-operator#378: [WIP] [release-4.12] OCPBUGS-6829: Add support for protocolStrategy API field to enable force_tcp configuration

          Web Link RHEA-2023:5006 rpm

          Activity

            People

              gspence@redhat.com Grant Spence
              kai-uwe.rommel@ars.de Kai-Uwe Rommel
              Melvin Joseph Melvin Joseph
              Votes:
              2 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: