Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-799

Reply packet for DNS conversation to service IP uses pod IP as source

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 4.10.0
    • Networking / ovn-kubernetes
    • None
    • Moderate
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      For some reason, some of the packets on a DNS conversation to the {{openshift-dns/dns-default}} service cluster IP don't get properly denatted, i.e. the reply packet has the pod IP as source IP instead of the service IP.

      Version-Release number of selected component (if applicable):

      4.10.25

      How reproducible:

      Sometimes

      Steps to Reproduce:

      1. Try to resolve DNS with cluster DNS

      Actual results:

      DNS timeout. Reply packets have the pod IP instead of the service IP the request was sent to.

      Expected results:

      DNS working.

      Additional info:

      I'll elaborate about this in the attachments, but I could find nothing wrong in nbdb or any OVN-Kubernetes or OVN logs that rang a bell.
The only interesting thing I could see was that `conntrack -L` had no reference to this conversation, so it makes kind of sense that the reply packet address is not translated back to the service IP one, but I have not been able to find the reason of this.
The query/response packets can be correlated via DNS transaction ID.

              sseethar Surya Seetharaman
              rhn-support-palonsor Pablo Alonso Rodriguez
              Anurag Saxena Anurag Saxena
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: