Skip to main content

DNS

The dns collector can be used to help diagnose DNS resolution problems, such as detecting search domain misconfiguration. During execution, the collector does the following:

  • Output Kubernetes Service Cluster IP retrieved from kube-apiserver
  • Run a test pod of image registry.k8s.io/e2e-test-images/agnhost:2.39, and run dig command
    • to kubernetes Service and output content of /etc/resolv.conf
    • to a non-resolveable domain to check for potential wildcard DNS issue
  • Check if DNS pods are running
  • Check if DNS service is up
  • Check if DNS endpoints are populated
  • Output CoreDNS/KubeDNS config

Parameters

In addition to the shared collector properties, the dns collector accepts the following parameters:

image (Optional)

Utility image to run dig command. Must have dig installed. Defaults to registry.k8s.io/e2e-test-images/agnhost:2.39.

nonResolvable (Optional)

A non-resolveable domain. The collector will make a DNS query to this domain. Defaults to *.

See the examples below for use cases.

Example Collector Definition

apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
  name: sample
spec:
  collectors:
    - dns:
        image: registry.k8s.io/e2e-test-images/agnhost:2.39
        nonResolvable: "*"

Included resources

When this collector is executed, it includes the following file in a support bundle:

/dns/debug.txt

=== Kubernetes Cluster IP from API Server: 10.43.0.1
=== Test DNS resolution in pod registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3:
=== /etc/resolv.conf ===
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.43.0.10
options ndots:5
=== dig kubernetes ===
10.43.0.1
=== dig non-existent-domain ===
=== Running kube-dns pods: coredns-77ccd57875-76dt4
=== Running kube-dns service: 10.43.0.10
=== kube-dns endpoints: 10.42.0.6:53
=== CoreDNS config:
.:53 {
    errors
    health
    ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
      pods insecure
      fallthrough in-addr.arpa ip6.arpa
    }
    hosts /etc/coredns/NodeHosts {
      ttl 60
      reload 15s
      fallthrough
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
    import /etc/coredns/custom/*.override
}
import /etc/coredns/custom/*.server

/dns/debug.json

{
  "kubernetesClusterIP": "10.43.0.1",
  "podResolvConf": "search default.svc.cluster.local svc.cluster.local cluster.local\nnameserver 10.43.0.10\noptions ndots:5\n",
  "query": {
    "kubernetes": {
      "name": "kubernetes",
      "address": "10.43.0.1"
    },
    "nonResolvableDomain": {
      "name": "*",
      "address": ""
    }
  },
  "kubeDNSPods": ["coredns-77ccd57875-76dt4"],
  "kubeDNSService": "10.43.0.10",
  "kubeDNSEndpoints": "10.42.0.6:53"
}