Unwanted ip4v and ipv6 dns request being generated

#1

So while troubshooting an unstable dns server we started to notice a large amount of requests coming from istio (1.0.6). We have about 10 separate clusters and from each of them we are seeing A and AAAA requests being made for zipkin and istio-pilot.

The break down is like this - on environments where tracing is NOT enabled we see large amount of A requests for zipkin.istio-system, all of which fail since tracing isn’t enabled. We also see AAAA requests for zipkin.istio-system and istio-pilot.istio-system. Looking at the configuration yaml it seems like there is still some zipkin config even though it isn’t enabled.

On environments where tracing is enabled we’re using jaeger and we don’t see the request for A records. However we’re still getting large amounts of AAAA requests for zipkin.istio-system and istio-pilot.istio-system.

So anybody have any idea on:

Why we’re seeing any requests at all for zipkin.istio-system when tracing is disabled and
Why are we getting AAAA requests and can they be disabled?

Between all the clusters this is generating a LOT of unneeded traffic and it’s exacerbating the problems we’re having with our dns servers.

Here’s the config we use for the non tracing enabled environments.
The env’s with tracing enabled also have tracing.enabled set to true

helm template install/kubernetes/helm/istio --name istio --namespace istio-system > ./istio.yaml
–set global.mtls.enabled=true
–set gateways.istio-ingressgateway.enabled=true
–set gateways.istio-ingressgateway.type=NodePort
–set gateways.istio-egressgateway.enabled=false
–set gateways.istio-egressgateway.type=NodePort
–set global.proxy.includeIPRanges=“10.96.0.0/12,10.244.0.0/16”
–set grafana.enabled=true

0 Likes

#2

i just fixed the AAAA issue in 1.1

0 Likes

#3

That’s great! We’ve been trying to figure out ways to block the AAAA requests in from leaving the cluster.

One question - do you mean the fix is already in 1.1 or it will be in a point release?

EDIT: Ok, I found the issue on github:

0 Likes

#4

it will be in 1.1.x (possibly in the upcoming one or the week after that)

0 Likes