Resolving DNS resolution issues with Coredns

Problem statement

Increase in timeouts while DNS resolution in a Kubernetes Cluster (EKS on AWS).

Suspected Problem

Coredns getting overwhelmed with DNS resolution requests and resolution takes multiple hops and searches thus decreasing Coredns capability to handle the requests.

Solutions Implemented

1. Added coredns monitoring using prometheus and cloudwatch.

2. Update coredns configmap to increase the DNS cache time.

3. Added lameduck configuration for better graceful handling during scale-in and scale-out of coredns pods.

Corefile: |
  .:53 {
      log
      errors
      health {
        lameduck 5s
      }
      ready
      kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
      }
      prometheus :9153
      forward . /etc/resolv.conf
      cache 100
      loop
      reload
      loadbalance
  }

4. Updated ndots configurations in the pod.specs from default 5 to 2 to reduce the number of internal DNS resolution hits. Refer this article for better understanding of ndots configurations.
To update ndots configurations for a microservice, update the deployment template podExtraSpecs section as below:

podExtraSpecs:
dnsConfig:
options:
- name: ndots
value: "2"

Related Articles
Rollout is showing error - :111: attempt to index a non-table object(nil) with key 'stableRS' stack traceback: :111: in main chunk [G]: ?
This can occur if you are using or recently upgraded to Kubernetes version 1.22 or above and you are using rollout controller version 0.13.0 from chart devtron-charts/rollout or devtron/rollout. The issue can be because of CRDs which were updated in ...
[Resolved] Workaround for resolving npm warn tar TAR_BAD_ARCHIVE: Unrecognized archive format
Overview Recently, users have encountered issues in their Node.js builds, reporting errors such as: npm WARN tar TAR_BAD_ARCHIVE: Unrecognized archive format Request failed "304 Not Modified" (if using Yarn as the package manager). This issue has ...
Unable to login with admin password or reset devtron admin password
Debug: Run the command for admin credentials and use it for login in dashboard: kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d If you are getting an error message of "invalid username or password" or ...
How to resolve if Deployment Status shows Failed or Degraded when you pull images from private container registry
If the deployment status shows Failed or Degraded, then the cluster is not able to pull container image from the private registry. In that case, the status of pod shows ImagePullBackOff. The failure of deployment can be one of the following reasons: ...
Devtron Enterprise DT-32 Release Note
The latest release of Devtron is here, with new features and enhancements. Here's a summary of the DT-32 release and related updates. Highlights: Application Templates Devtron is introducing Application Templates, a feature that allows users to ...

Resolving DNS resolution issues with Coredns

Resolving DNS resolution issues with Coredns

Problem statement

Suspected Problem

Solutions Implemented

Related Articles

Rollout is showing error - :111: attempt to index a non-table object(nil) with key 'stableRS' stack traceback: :111: in main chunk [G]: ?

[Resolved] Workaround for resolving npm warn tar TAR_BAD_ARCHIVE: Unrecognized archive format

Unable to login with admin password or reset devtron admin password

How to resolve if Deployment Status shows Failed or Degraded when you pull images from private container registry

Devtron Enterprise DT-32 Release Note