Cloned for 3.10.z backport.
+++ This bug was initially created as a clone of Bug #1600551 +++
Description of problem: Pods are experiencing intermittent DNS lookup failures when reaching out to dnsmasq. A similar upstream issue has been reported: https://github.com/kubernetes/kubernetes/issues/45976
--- Additional comment from Ryan Howe on 2018-08-09 10:28:47 EDT ---
Working another OpenShift dnsmasq issue we figured the issue to happen when dnsmasq uses a low port number.
Setting min-port=1024 in dnsmasq worked around the issue.
Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger than that specified. Useful for systems behind firewalls.
Dnsmasq bug was logged:
I was not able to reproduce the issue again with this configuration in place.
--- Additional comment from Ryan Howe on 2018-08-09 11:11:26 EDT ---
Created PR to add this configuration via the ansible installer for OpenShift:
OCP 3.10.z backport: https://github.com/openshift/openshift-ansible/pull/9542
Tested and verified in v3.10.35
[root@qe-weliang-3 ~]# oc version
features: Basic-Auth GSSAPI Kerberos SPNEGO
[root@qe-weliang-3 ~]# cat /etc/dnsmasq.d/origin-dns.conf | grep min
[root@qe-weliang-3 ~]# cat /etc/NetworkManager/dispatcher.d/99-origin-dns.sh | grep mi
# couldn't find an existing method to determine if the interface owns the
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.