Shulou(Shulou.com)05/31 Report--

This article shows you what the problem record of K8s pod dns is, which is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Suddenly received, feedback, a service SMS verification code, verification is very slow. The first reaction is the network problem.

The dns resolution configuration file generated by the default pod is as follows:

Because pod uses alpine:latest

Install with apk add-update tcpdump

Grab packets to view the dns parsing process, and grab all network packets: tcpdump-nnvXSs 0-I any

The following is an excerpt from the network:

There are four main keywords for / etc/resolv.conf, which are:

Nameserver # defines the IP address of the DNS server, in which nameserver is the final requirement. The others are optional and can be configured. When querying, proceed according to the order of nameserver in this article. When the first dns does not respond, query the second one.

Domain # define a local domain name

Declare the domain name of the host. It is used by many programs, such as the mail system, and when performing DNS queries for hosts that do not have a domain name. If there is no domain name, the hostname will be used, delete all at the first point (. ) the front content.

Search # defines a search list for domain names

Several of its parameters indicate the query order of the domain name. When you query a host that does not have a domain name, the host will separate the lookup in the domain declared by search. Domain and search cannot coexist; if they exist at the same time, the later ones will be used.

Sortlist # sorts the returned domain names

Allows you to sort the resulting domain names in a specific way. Its parameters are network / mask pairs, allowing arbitrary ordering.

Options

The following options allow you to modify some parsing variables with a syntax similar to options xxx..., where xxx can be the following option:

Debug sets RES_DEBUG in _ res.options.

Ndots:n

Sets a threshold for the number of dots which must appear in a name given to res_query (3) before an initial absolute query will be made. The default for n is 1, meaning that if there are any dots in a name, the name will be tried first as an absolute name before any search list elements are appended to it. The value for this option is silently capped to 15. The reading of this paragraph is stupid.

Timeout:n

The timeout for the parser when querying the remote name server defaults to 5 seconds.

Attempts:n

Set the parser to discard the name server after several failures, and the default upper limit is 5.

Rotate

This will cause the servers listed in nameserver to be looped when querying, thus load balancing all nameserver instead of having all clients try the first listed server

No-check-names

Prohibit modern BIND from checking entered hostnames and invalid characters in email messages

Edns0 (since glibc 2.6)

Enable support for dns extensions in RFC 2671Z

Single-request (since glibc 2.10)

Since version 2.9, glibc has performed parallel lookups for IPV4 and IPV6, but some DNS servers do not handle this situation well and show that the request timed out, and the secondary option prohibits parallel lookups of glibc, thus performing sequential lookups.

The domain and search keywords are mutually exclusive, and if both keywords are set, the final setting takes effect. The value of the search keyword in the resolv.conf file can be changed by the LOCALDOMAIN environment variable lock, and the options keyword can be changed by the environment variable RES_OPTIONS.

Phenomenon analysis:

The keyword `search' works with `domain name {n}'to instruct resolver whether to add domain name information after the name passed by the user and what information to add when resolving the domain name. The detailed rules are as follows:

1. If the domain name passed by the user is an 'absolute' domain name, that is, the domain name is `.' The end (as above)

Www.baidu

), only that domain name is queried.

two。 If the domain name passed in is a `relative 'domain name, and the domain name contains `.' Is greater than or equal to the number specified by the option ndots:$ {n} command, only that domain name is queried.

3. If it is not an absolute domain name, and the incoming domain name contains `.' If the number is less than the number specified by the option ndots:$ {n} command, resolver will append the suffixes in the search list to the passed domain names until the ip address is resolved, or until all suffixes in the list are resolved.

The pros and cons of searching lists?

As can be seen from the above analysis, if the search list is long and the domain names that do not exist are queried, the number of dns query messages on the network will increase sharply and may lead to dos attacks. But one of the advantages of searching lists is that for some commonly used domains, we only need to enter the host name, instead of typing the following domain name every time, which is very simple in some cases (for example, when you often have to access different machines in the intranet, the search list can save a lot of trouble)

The above is what the problem record of K8s pod dns is like. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.