This error arises here: https://github.com/openshift/origin/blob/bc1ddaa85a591d2c5d1c335f17f437be8a3d2841/pkg/diagnostics/pod/dns.go#L124

This diagnostic looks through /etc/resolv.conf and checks every domain against every nameserver to see if any resolve wildcard entries (which causes big problems for DNS usage). It does so by making up an improbable hostname in the domain, e.g. "wildcard.bc1ddaa85a591d2c5d1c.svc.cluster.local" and seeing if it resolves. It shouldn't.

This error is telling you that for the given nameserver and hostname, it got back bad data. This nameserver IP doesn't sound like the skydns IP so my guess is it's one of the other nameservers in /etc/resolv.conf. Can you test directly with `dig wildcard.bc1ddaa85a591d2c5d1c.svc.cluster.local @<IP>` and see if it comes back without error?

If dig has no issue with the server, then it's possible it's a DNS library bug - this has come up before e.g. https://github.com/miekg/dns/issues/234 - in which case we would need a packet trace and any information you might have about the DNS server to try to track down the problem.

My GCE env was gone and I'm trying to install new ones for the bug verification. Will update you later.

Created attachment 1153514 [details]
Packet trace of DNS queries and responses

Packet trace of DNS queries and responses. I don't know which response the library didn't like, though "the last one" is probably a good guess.

@lmeyer Thanks for the follow-up. Yes, I did the dig command from master machine, when I run it on the node machine, it responded fine. Thank you for pointing out this.I'm closing my env on GCE.

OCP 3.6-3.10 is no longer on full support [1]. Marking un-triaged bugs CLOSED DEFERRED. If you have a customer case with a support exception or have reproduced on 3.11+, please reopen and include those details. When reopening, please set the Version to the appropriate version where reproduced.

[1]: https://access.redhat.com/support/policy/updates/openshift