We're using Nginx as ingress controller in a Kubernetes environment. Nginx uses a DNS service inside k8s with 1 single service-IP and multiple DNS PODs behind that.
The translation from service-IP to any of the multiple DNS PODs is done via DNAT rules. The problem: - Nginx establishes an UDP 'connection' on for example localIP 1.1.1.1 source-port 12345 towards serviceIP 1.2.3.4 - DNAT translates this as sourceport 12345 towards any DNS-POD; for example 2.3.4.5:53 - If DNS-POD 2.3.4.5 terminates Nginx is not aware of this because of the 'connection' towards serviceIP 1.2.3.4 - Nginx will send all future DNS request using the same tuple of serviceIP:sourcePort, so 1.1.1.1:12345 -> 1.2.3.4:53 - This will result in a timeout because the destination POD isn't there anymore Is it possible to force Nginx to use different source UDP ports every X seconds, of after a timeout? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295794,295794#msg-295794 _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
