Goal

Complete pre-work consisting of a required R&D spike to proof the method out and determine if all the information needed is available, for the following issue and targeted resolution path.

Currently, OpenShift DNS forwards all reverse DNS (PTR) lookups—including those for addresses within the OVN-Kubernetes internal subnet (default 100.64.0.0/16)—to external DNS servers. Since these external servers are not authoritative for OpenShift-managed subnets, they typically return NXDOMAIN, or in failure scenarios (e.g. if the external DNS is slow or unreachable), the lookup results in a SERVFAIL after a timeout, delaying application responses or causing false negatives in health checks.  Applications with strict timing windows can fail or misbehave due to the DNS timeout, even though the IP in question is internal to OpenShift.

This behavior can negatively impact workloads that perform reverse lookups for logging, telemetry, or health checks, leading to blocked or failed operations and misattributed “platform” issues.

To address this, OpenShift DNS should become authoritative for the OVN-Kubernetes internal subnet (100.64.0.0/10) and handle PTR requests locally, returning a meaningful response (or a fast NXDOMAIN) without external forwarding.

Benefit Hypothesis:

To improve reliability and correctness, OpenShift DNS should handle PTR queries for the OVN internal subnet internally by:

• Acting as an authoritative resolver for the 100.64.0.0/10 PTR zone.
• Returning either a meaningful internal response (if possible) or a fast NXDOMAIN without forwarding.

This change prevents unnecessary forwarding of internal address queries, reduces external DNS load, and improves platform resilience and response times for internal queries.

Resources

Success Criteria

The following are considered success criteria for the eventual Feature, should it be accepted, but may still serve to be useful for this R&D spike. 

• Make OpenShift DNS authoritative for the 100.64.0.0/10 PTR zone (OVN internal subnet).
• Ensure that PTR lookups for OVN internal subnet addresses are resolved internally without being forwarded to external DNS.
• Return fast, deterministic responses (NXDOMAIN or valid PTR record) to avoid delays or SERVFAIL conditions.
• Prevent unnecessary external DNS traffic for internal-only address space.
  Mitigate issues caused by slow or unreachable upstream DNS servers that lead to application timeouts or failures.
• Improve reliability and perceived stability of OpenShift networking by eliminating avoidable DNS resolution latency for internal IPs.
• Maintain current behavior for non-OVN addresses and external PTR queries to ensure backward compatibility.

Results

[Add results here once the Initiative is started. Recommend discussions & updates once per quarter in bullets.]