k3s: CoreDNS resolves AAAA when dualstack is not enabled

  • Cluster was created without Dual-stack support
  • Dual-stack support cannot be added after setting up the cluster according to this
  • The host-nodes have IPv6 enabled
  • The hosts-nodes DNS – Cloudflare in my case – returns AAAA records
  • Therefore DNS lookups within the cluster also return AAAA records
  • AAAA targets cannot be reached from pods within in the cluster
  • CoreDNS’s config-map cannot be persistently overridden like this:
 template ANY AAAA {
  rcode NOERROR
}

How can this be solved?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 18 (7 by maintainers)

Most upvoted comments

It kinda sounds like the legacy wireguard setup was dropping some portion of udp DNS traffic.

+1
brandond on Jul 19, 2022

That’s not an error that dig would throw. That is an error from kubectl when trying to run the exec command. Rather than running a bunch of exec commands in a loop (and overloading the apiserver with exec requests), you might run the actual dig command in a loop within the exec command: kubectl exec -i -t dnsutils -- sh -c 'while true; do dig +all a google.com aaaa google.com; sleep 1; done'

+1
brandond on Jul 14, 2022
Read more comments on GitHub
← k3s: Container networking is broken on hosts with default-deny iptables rules after upgrading to v1.26.3
k3s: Crash loop due to apiserver healthcheck error with poststarthook/rbac/bootstrap-roles →