Cloned for 3.10.z backport. +++ This bug was initially created as a clone of Bug #1600551 +++ Description of problem: Pods are experiencing intermittent DNS lookup failures when reaching out to dnsmasq. A similar upstream issue has been reported: https://github.com/kubernetes/kubernetes/issues/45976 [...] --- Additional comment from Ryan Howe on 2018-08-09 10:28:47 EDT --- Working another OpenShift dnsmasq issue we figured the issue to happen when dnsmasq uses a low port number. Setting min-port=1024 in dnsmasq worked around the issue. --min-port=<port> Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger than that specified. Useful for systems behind firewalls. Dnsmasq bug was logged: https://bugzilla.redhat.com/show_bug.cgi?id=1614331 I was not able to reproduce the issue again with this configuration in place. --- Additional comment from Ryan Howe on 2018-08-09 11:11:26 EDT --- Created PR to add this configuration via the ansible installer for OpenShift: https://github.com/openshift/openshift-ansible/pull/9505 [...]
OCP 3.10.z backport: https://github.com/openshift/openshift-ansible/pull/9542
Tested and verified in v3.10.35 [root@qe-weliang-3 ~]# oc version oc v3.10.35 kubernetes v1.10.0+b81c8f8 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://qe-weliang-3.10master-etcd-nfs-1:8443 openshift v3.10.35 kubernetes v1.10.0+b81c8f8 [root@qe-weliang-3 ~]# cat /etc/dnsmasq.d/origin-dns.conf | grep min min-port=1024 [root@qe-weliang-3 ~]# cat /etc/NetworkManager/dispatcher.d/99-origin-dns.sh | grep mi # couldn't find an existing method to determine if the interface owns the min-port=1024 [root@qe-weliang-3 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2376