diff options
| author |  Chris O'Haver <cohaver@infoblox.com>
| 2020-03-26 03:42:32 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-03-26 08:42:32 +0100 |
| commit | eb23cce1a766ee37cbfc884928f668dac4d0ddff (patch) | |
| tree | 5bb9693bb375c71ac0079d380f1ddf7d5eb0138c /plugin | |
| parent | 4eeaef29eae0c42695d2f6b17ccb6d0362fcb798 (diff) | |
| download | coredns-eb23cce1a766ee37cbfc884928f668dac4d0ddff.tar.gz coredns-eb23cce1a766ee37cbfc884928f668dac4d0ddff.tar.zst coredns-eb23cce1a766ee37cbfc884928f668dac4d0ddff.zip | |
add known issue (#3770)
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/autopath/README.md | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/plugin/autopath/README.md b/plugin/autopath/README.md index 86266c5fa..52156ba5c 100644 --- a/plugin/autopath/README.md +++ b/plugin/autopath/README.md @@ -12,6 +12,8 @@ failures, the original reply is returned. Because *autopath* returns a reply for the original question it will add a CNAME that points from the original name (with the search path element in it) to the name of this answer. +**Note**: There are several known issues. See section below. + ## Syntax ~~~ @@ -50,6 +52,16 @@ Use the search path dynamically retrieved from the *kubernetes* plugin. ## Known Issues -In Kubernetes, *autopath* is not compatible with pods running from Windows nodes. +In Kubernetes, *autopath* can derive the wrong namespace of a client Pod (and therefore wrong search path) +in the following case. To properly build the search path of a client *autopath* needs to +know the namespace of the a Pod making a DNS request. To do this, it relies on the +*kubernetes* plugin's Pod cache to resolve the client's IP address to a Pod. The Pod cache is maintained by +an API watch on Pods. When Pod IP assignments change, the Kubernetes API notifies CoreDNS via the API watch. +However, that notification is not instantaneous. In the case that a Pod is deleted, and it's IP is +immediately provisioned to a Pod in another namespace, and that new Pod make a DNS lookup *before* the API watch +can notify CoreDNS of the change, *autopath* will resolve the IP to the previous Pod's namespace. + +In Kubernetes, *autopath* is not compatible with Pods running from Windows nodes. -If the server side search ultimately results in a negative answer (e.g. `NXDOMAIN`), then the client will fruitlessly search all paths manually, thus negating the *autopath* optimization. +If the server side search ultimately results in a negative answer (e.g. `NXDOMAIN`), then the client will +fruitlessly search all paths manually, thus negating the *autopath* optimization. |