Skip to content

Network ‐ Bond DNS Servers Comparison

Jump to bottom Edit New page
hoberger-rh edited this page Apr 15, 2026 · 6 revisions

Description

This rule compares DNS configuration across all nodes to detect mismatches that could cause inconsistent network behavior. The rule collects DNS data from each node's bond interfaces and verifies that all nodes have identical IPv4 and IPv6 DNS server configurations for each bond.

Prerequisites

  • OpenShift cluster with network connectivity
  • Bond network interfaces configured on cluster nodes
  • NetworkManager managing bond interfaces
  • nmcli command available on nodes

Impact

DNS configuration mismatches across nodes can cause:

  • Node NotReady state - If caused by MachineConfig with nmcli con up on OVS VLANs, nodes can go NotReady
  • OVS VLAN detachment - MachineConfig attempting to fix DNS can detach bond VLANs from OVS bridge, breaking cluster networking
  • Inconsistent name resolution - Different nodes may resolve hostnames to different IP addresses
  • Application connectivity issues - Pods on different nodes may experience different DNS behavior
  • Debugging complexity - Intermittent failures that depend on which node a pod is scheduled on
  • Service discovery problems - Kubernetes service DNS may behave inconsistently
  • External dependency access - Different nodes may use different upstream DNS servers

Critical Note: While DNS mismatches themselves are Medium severity, attempts to fix them using MachineConfig with nmcli commands can escalate to Critical severity by detaching OVS VLANs and causing node failures.

Root Cause

DNS configuration mismatches occur when bond interface DNS settings differ across nodes:

  • Manual Configuration via nmcli Commands
  • MachineConfig File Differences
  • MachineConfig with nmcli Commands

Diagnostics

List all bond interfaces and check their DNS configuration on each node:

# List all bond interfaces
nmcli -t -f TYPE,DEVICE connection show --active | grep bond

# Check DNS servers for a specific bond interface
nmcli connection show <bond-interface> | grep dns

# Compare DNS across all bond interfaces on this node
for bond in $(nmcli -t -f DEVICE con show --active | grep bond); do
    echo "=== $bond ==="
    nmcli conn show "$bond" | grep -E "ipv[46].dns"
done

Run the above commands on all nodes and compare the DNS server values to identify mismatches.

Resources

Add a custom footer
Add a custom sidebar

Clone this wiki locally