Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FQDN controller should cache TTLs for individual IP addresses in DNS responses #6722

Open
Dyanngg opened this issue Oct 8, 2024 · 0 comments
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@Dyanngg
Copy link
Contributor

Dyanngg commented Oct 8, 2024

Describe the bug

In the current implementation of FQDN controller (which maintains a mapping from domain names specified in FQDN rules to IPs returned by DNS server), Antrea does not refresh the TTL for any IPs that are already present in the cache and have not expired. Furthermore, all IPs that back a FQDN are set with a single lowest applicable TTL: the time that any of the IPs for that FQDN expires. The is problematic for a couple of reasons:

  1. The TTL for certain IPs in the DNS response might not be respected. Since all IPs are set with a lowest applicable expiration time, some records can get evicted before their original TTL if they are not present in the latest DNS query response.
  2. When implementing Make NetworkPolicy FQDN rule work with applications that cache DNS resolutions with hard-coded TTL #6229, we need to make sure that every IP received from DNS responses are at least kept for minTTL, which can be different for all the IPs under that particular FQDN.

Expected
In the DNS cache Antrea should keep track of the TTL of individual IPs for a FQDN. When any of these IPs expire, it should send a new DNS query, and upon receiving the latest DNS responses, only evict IPs that no longer exist in the response and has passed its original TTL.

@Dyanngg Dyanngg added the kind/bug Categorizes issue or PR as related to a bug. label Oct 8, 2024
hkiiita added a commit to hkiiita/antrea that referenced this issue Oct 10, 2024
hkiiita added a commit to hkiiita/antrea that referenced this issue Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

2 participants