Increased DNS Requests After Enabling Istio Egress Gateways #51455
-
Hello! We have the After migrating to Istio, everything worked fine for months. Three months ago, we decided to enable Egress Gateways to control egress traffic and set the
Our resolv.conf file still has
The increased load on CoreDNS is causing timeout errors in our environment. Please advise if it is possible to decrease the number of requests to CoreDNS to the level it was before enabling the Egress Gateways. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 12 replies
-
Maybe you can enable Istio Smart DNS proxy in Istio https://istio.io/latest/blog/2020/dns-proxy/#reduced-load-on-your-dns-servers-w-faster-resolution, https://istio.io/latest/docs/ops/configuration/traffic-management/dns-proxy/. |
Beta Was this translation helpful? Give feedback.
-
I cannot reproduce. Are you sure the queries this is coming from has ndots:1? Note it could be the ServiceEntry you created is applying to every proxy in the cluster (or at least, many proxies), and not all have ndots=1 set. You can find who the BTW, the DNS proxy does not help as you found; that only applies to your own application, not DNS requests send from Istio itself. |
Beta Was this translation helpful? Give feedback.
I cannot reproduce. Are you sure the queries this is coming from has ndots:1? Note it could be the ServiceEntry you created is applying to every proxy in the cluster (or at least, many proxies), and not all have ndots=1 set. You can find who the
10.x.x.55:39786
IP is in the query and double check?BTW, the DNS proxy does not help as you found; that only applies to your own application, not DNS requests send from Istio itself.