Cause:
The fix for Bug 1953097 enabled the CoreDNS Bufsize plugin with a size of 1232 bytes. Some primitive DNS resolvers are not capable of receiving DNS response messages over UDP that are greater than 512 bytes. Note that DNS resolvers that retry lookups using TCP (such as Dig) are not affected by this bug.
Consequence:
Some DNS resolvers (such as Go's internal DNS library) are unable to receive long-winded DNS responses from openshift-dns.
Fix:
Set the CoreDNS bufsize to 512 bytes for all servers.
Result:
DNS Clients that require UDP DNS messages to not exceed 512 bytes function as expected.
verified with 4.6.0-0.nightly-2021-06-10-234022 and passed.
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.6.0-0.nightly-2021-06-10-234022 True False 35m Cluster version is 4.6.0-0.nightly-2021-06-10-234022
$ oc -n openshift-dns get cm/dns-default -oyaml
apiVersion: v1
data:
Corefile: |
# test
mytest.ocp:5353 {
forward . 192.168.1.2
errors
bufsize 512
}
.:5353 {
bufsize 512
errors
health {
lameduck 20s
}
ready
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6.35 bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2021:2410
verified with 4.6.0-0.nightly-2021-06-10-234022 and passed. $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.6.0-0.nightly-2021-06-10-234022 True False 35m Cluster version is 4.6.0-0.nightly-2021-06-10-234022 $ oc -n openshift-dns get cm/dns-default -oyaml apiVersion: v1 data: Corefile: | # test mytest.ocp:5353 { forward . 192.168.1.2 errors bufsize 512 } .:5353 { bufsize 512 errors health { lameduck 20s } ready