Description of problem: The dnsName in the egressnetworkpolicy causing around thousand DNS queries raised to the DNS server without any application pod running on OCP cluster. Only infra related pods are running. OCP version: 3.11
Possible fix: https://github.com/openshift/origin/pull/22855
Verified this bug on v3.11.128 with steps: 1. setup one cluster with 1 master with compute node and infra node 2. Create project z1 and test pod on compute node 3. Create the egressnetworkpolicy in z1 with https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/egress-ingress/dns-egresspolicy1.json 4. rsh in the test pod ping yahoo.com 5. During the ping. capture DNS package in compute node and infra node with `tcpdump -i eth0 -nn port 53` 6. Check all package are captured with compute node and No package can be captured. 7. also using winshark to capture the package on compute node and did not found the dns.resp.ttl==0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1753
I made a mistake and failed to merge the patch to the origin release-3.11 branch and so never shipped in 3.x.
*** Bug 1741295 has been marked as a duplicate of this bug. ***
Hello, Any updates on this?
The patch landed in the 3.11 branch here: https://github.com/openshift/origin/pull/23904 Moving to ON_QA. Sorry about that.