Istio Gateway-Connected Clusters DNS Resolution Not Searching

I went through the gateway multi-cluster example and followed this to make calls from foo on cluster1 to bar on cluster2 https://istio.io/docs/examples/multicluster/gateways/. To avoid the namespace differences I also deployed the httpbin in cluster2 to a foo namespace on cluster2 as well.

This all worked well, from the sleep pod on cluster1 I can call httpbin.foo.global and httpbin.bar.global.

The way I understand the DNS search is that if I just call http://httpbin from cluster1 sleep pod it should look for http://httpbin.svc.cluster.local, not find it and eventually look for httpbin.foo.global which should resolve. However, when I just call http://httpbin I get “no healthy upstream” and when I call http://httpbin.foo I get upstream connect error or disconnect/reset before headers. reset reason: connection failure/.

What I want is for istio to look at the local cluster first for the service and if it can’t find it go to the global but that doesn’t seem to be working, the only way I can make the call is if I explicitly call with .global.

So looks like nslookup is working, but I still can’t get resolution.

nslookup httpbin resolves to httpbin.foo.global but I can’t get a curl to httpbin to work

Is it possible to set it up so that httpbin tries to call as httpbin.svc.cluster.local if there are healthy backends and if not tries as global? The use case is running two identical clusters, we want traffic to stay local if possible and only reach out to the remote cluster if there are issues on the local cluster.

Looks like I need to run split-horizon-eds but I want to do it with two full control planes, if anyone has tips on how to do that it would be appreciated.