You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some learnings from the webinar I attended yesterday:
FQDN, PQDN, hostnames and root zones
---
You can tell the DNS resolver to not traverse the search path if you explicitly put a full stop "." at the end of a FQDN. That tells the resolver the FQDN is specified up until the root zone. Not traversing the search path, for a standard EKS setup, means generating 4-5 times less DNS traffic. That has a big impact, especially on services that connect to external endpoints with low DNS TTLs.
musl libc and glibc resolvers are different
---
musl libc, in use in Alpine images, ignored ndots and search paths for a long time. Now they use it, but the behaviour is not the same as glibc, especially around NXDOMAIN codes (returned when a domain does not exist).
Multiple CoreDNS deployments
---
You can have more than one CoreDNS deployment per cluster, and configure them differently if you want them to.
`cilium fqdn cache` commands
---
Those commands can be used on the Cilium agent to check the state of Cilium DNS proxy, and to reset it if needed.
Hubble Enterprise policy suggestions
---
This version of Hubble has the ability to suggest policy changes on dropped traffic, in case we would like to change it to allow. The suggestion will not auto-apply, but rather can be used to create a Github PR.
