Details
-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
1. Proposed title of this feature request
OpenShift DNS should respond to PTR lookups for OVN Internal Subnet
2. What is the nature and description of the request?
Pods can see traffic sourced from the OVN Internal Subnet (100.64.0.0/16 by default) and may perform a reverse DNS lookup on that IP for logging or other functions. Currently, this request will be forwarded to the cluster's external DNS server which will have no knowledge of the OVN internal subnet and probably return NXDOMAIN. If the external DNS server is unavailable, OpenShift DNS will return a SERVFAIL after a couple of seconds.
Since OpenShift is responsible for the OVN internal subnet, OpenShift DNS should return a meaningful reverse DNS response or at least a fast NXDOMAIN rather than forwarding the request.
3. Why does the customer need this? (List the business requirements here)
Some customer applications are poorly behaved and may block waiting for a reverse DNS request or exhibit some other failure mode. OCPBUGS-18912 is one example of such a case.
While this RFE doesn't solve the application problem, it does mean that the application won't be failing trying to resolve an OpenShift-managed IP address when the external DNS source is unreachable which the application owner will invariably blame on "a platform issue."
In general, it is also bad form to forward requests for known internal IP ranges to external DNS and can result in significant wasted query load.
4. List any affected packages or components.
DNS Operator