Problem phenomenon
On the node7 node of Alibaba OCP cluster, a domain name cannot be resolved when it is resolved. Error message: name or service not known
Troubleshooting
After testing, it is found that this problem does not only occur in node7 nodes. In all servers in Alibaba cloud East China 2 (Shanghai) zone F, the domain name cannot be resolved (other zones are normal).
Conclusion
After confirming with ALI engineers, the problem is caused by the fact that the self built DNS authoritative server that resolves the domain name does not support EDNS. The DNS community requires that the authoritative server must support EDNS, otherwise the localdns does not have a work around mechanism. However, due to different versions of alicloud’s localdns, it has not been completely upgraded. Therefore, some regions (availability zone f) comply with this Convention and cannot be parsed, while some regions are compatible with this workaround and can be parsed
Solution
(1) The other side creates its own authoritative DNS and turns on EDNS
(2) modify the resolver of ECs to 223.5.5.5 and 223.6.6. The two DNS have not removed the workaround of ends