Hello, We are using the DNS Proxying feature as described here: Istio / DNS Proxying
ISTIO_META_DNS_CAPTURE and ISTIO_META_DNS_AUTO_ALLOCATE is set to true.
Service entry for customer-service.default.svc.cluster.local is defined and the following curl command usually works well:
curl -v http://customer-service:8092/customer-service/status
But sometimes, the call fails with DNS error.
I’m able to reproduce the problem with an infinite loop:
while :
do
curl -v http://customer-service:8092/customer-service/status
done
I alo tried to avoid using the DNS proxy by specifying some fake ip to curl.
This infinite loop never failed:
while :
do
curl -s -o /dev/null -w "%{http_code}\n" --resolve customer-service:8092:147.32.96.40 http://customer-service:8092/customer-service/status
done
So I think the problem is only in the DNS proxy.
Another way how I was able to reproduce the problem is:
while :
do
nslookup -debug customer-service.default.svc.cluster.local
done
after some time, I can see failed calls like this:
Server: 172.20.0.10
Address: 172.20.0.10:53
Query #1 completed in 1ms:
** server can't find customer-service.default.svc.cluster.local: NXDOMAIN
Query #0 completed in 1ms:
** server can't find customer-service.default.svc.cluster.local: NXDOMAIN
I tried some debugging with istioctl , but everything seems to be in sync. When I enabled trace loging in the sidecar, I still found no info about the dns proxy.
istioctl version
client version: 1.14.1
control plane version: 1.9.9
data plane version: 1.9.9 (4 proxies)
Please is there any way how could I debug the dns proxying? Or what could cause the occasional failures?
Thank you very much for any hints.
Best
Josef
