(OCP4): DNS failures after upstream nameserver GSLB feature enabled
Issue
- After enabling GSLB (Global Server Load Balancing) on upstream nameservers used by OpenShift, observed multiple failures in looking up critical domain addresses and resolving queries within OpenShift.
- Within Oauth container, observed the following failure in looking up the domain address of LDAP server (leading to login failures):
2025-03-31T13:34:35.774860279Z E0331 13:34:35.774817 1 login.go:176] Error authenticating "<username>" with provider "ldap": LDAP Result Code 200 "Network Error": dial tcp: lookup <LDAP-DOMAIN-FQDN-ADDRESS> on 172.30.0.10:53: read udp <local-pod-ip>:46576->172.30.0.10:53: i/o timeout
- coredns pods in openshift-dns are indicating upwards of 6s on multiple calls upstream:
2025-03-31T15:08:48.919642050Z [ERROR] plugin/errors: 2 <target-domain-address>. AAAA: read udp <local-dns-pod>:58925-><nameserver-IP>:53: i/o timeout
2025-03-31T15:08:49.652017873Z [INFO] 10.129.6.50:56101 - 32890 "A IN <target-domain-address>. udp 69 false 1232" - - 0 6.003739349s
2025-03-31T15:08:49.652017873Z [ERROR] plugin/errors: 2 <target-domain-address>. A: read udp <local-dns-pod>:46268-><nameserver-IP>:53: i/o timeout
2025-03-31T15:08:49.656132090Z [INFO] 10.129.6.50:56011 - 12104 "AAAA IN <target-domain-address>. udp 69 false 1232" - - 0 6.00794457s
2025-03-31T15:08:49.656157672Z [ERROR] plugin/errors: 2 <target-domain-address>. AAAA: read udp <local-dns-pod>:32945-><nameserver-IP>:53: i/o timeout
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4.16
- DNS Nameservers with GSLB (Global Server Load Balancing) feature enabled.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
