kubernetes / dns

Kubernetes DNS service
Apache License 2.0
896 stars 459 forks source link

NodeLocal DNS Cache Intercepts all dns queiris #630

Open yahalomimaor opened 2 months ago

yahalomimaor commented 2 months ago

I have deployed the NodeLocal DNS Cache daemonset in my cluster (k8s-dns-node-cache:1.22.28) Im running some DNS queriers from different pods which are located on the same node with the DNS-cache daemonset. and checked the logs in the daemonset, I was able to see the DNS queriers from all the pods running on the same node, Even pods which are not configured to work with the local DNS cache ( pods that have resolve.conf file, with default nameserver configured [coreDNS] (Using ClusterFirst DnsPolicy).

  1. Is that make sense that DNS-cache daemonset is intercepting all DNS the traffic on the node?
  2. Does each pod should be configured explicitly to work with local-DNS-cache server using dns policy?


k8s-ci-robot commented 2 months ago

There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:

Please see the group list for a listing of the SIGs, working groups, and committees available.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
aojea commented 2 months ago

It is explained here in more detail https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/ , can you explain what are your expectations on what should work differently?

yahalomimaor commented 2 months ago

Sure, I have to following config in my testing pod,


As you can see the nameserver which is configured is (CoreDNS IP) and im using ClusterFirst DNS policy which means : "use cluster DNS first, CoreDNS. If the DNS query does not match any domains in cluster DNS, forward it to upstream DNS servers"

So basically im expecting the query to be forward to cordeDNS service. But when im looking at the logs of the Local-DNS-Cache pod (which runs on the same node with the testing pod) I can see these quires which sent from the testing pod to the cordeDNS service.

Now the question is: Why do i see traffic from my testing pod to cordeDNS service, in the Local-DNS-Cache pod? When the traffic is not even destined to the local-cache.

Does Local-DNS-Cache daemonset, intercept all the dns traffic on the node, even if its destined to cordeDNS service? if yes, so how it being done?


aojea commented 1 month ago

/transfer kubernetes/dns /kind support

k8s-ci-robot commented 1 month ago

@aojea: Something went wrong or the destination repo kubernetes/kubernetes/dns does not exist.

In response to [this](https://github.com/kubernetes/dns/issues/630): >/transfer kubernetes/dns >/kind support Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
aojea commented 1 month ago

/transfer dns