Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1709178

Summary: DNS names at egressnetworkpolicies causing heavily querying DNS servers
Product: OpenShift Container Platform Reporter: Abhishek <aabhishe>
Component: NetworkingAssignee: Casey Callendrello <cdc>
Networking sub component: openshift-sdn QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: aos-bugs, cdc, dmace, ksalunkh, rekhan, sponnaga, vlaad
Version: 3.11.0Keywords: Reopened
Target Milestone: ---Flags: cdc: needinfo-
Target Release: 3.11.z   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1768702 (view as bug list) Environment:
Last Closed: 2019-11-19 14:36:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1768702    

Description Abhishek 2019-05-13 07:06:01 UTC 
Description of problem: The dnsName in the egressnetworkpolicy causing around thousand DNS queries raised to the DNS server without any application pod running on OCP cluster. Only infra related pods are running.

OCP version: 3.11
Comment 8 Dan Mace 2019-05-17 14:53:14 UTC 
Possible fix: https://github.com/openshift/origin/pull/22855
Comment 10 zhaozhanqi 2019-07-11 07:49:14 UTC 
Verified this bug on v3.11.128

with steps:

1. setup one cluster with 1 master with compute node and infra node
2. Create project z1 and test pod on compute node
3. Create the egressnetworkpolicy in z1 with https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/egress-ingress/dns-egresspolicy1.json
4. rsh in the test pod
   ping yahoo.com
5. During the ping. capture DNS package in compute node and infra node with
   `tcpdump -i eth0 -nn port 53`

6. Check all package are captured with compute node and No package can be captured.
7. also using winshark to capture the package on compute node and did not found the dns.resp.ttl==0
Comment 12 errata-xmlrpc 2019-07-23 19:56:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1753
Comment 13 Dan Mace 2019-10-02 20:14:37 UTC 
I made a mistake and failed to merge the patch to the origin release-3.11 branch and so never shipped in 3.x.
Comment 14 Dan Mace 2019-10-02 20:17:20 UTC 
*** Bug 1741295 has been marked as a duplicate of this bug. ***
Comment 16 kedar 2019-11-18 06:10:44 UTC 
Hello,

Any updates on this?
Comment 18 Dan Mace 2019-11-19 12:47:37 UTC 
The patch landed in the 3.11 branch here: https://github.com/openshift/origin/pull/23904

Moving to ON_QA. Sorry about that.