Back to all scenarios
Scenario #170
Networking
K8s v1.19, Azure AKS

Pod Network Partition Due to Network Policy Blocking DNS Requests

Pods were unable to resolve DNS due to a network policy blocking DNS traffic, causing service failures.

Find this helpful?
What Happened

A network policy was accidentally configured to block DNS (UDP port 53) traffic between pods, preventing DNS resolution and causing services to fail.

Diagnosis Steps
  • 1Observed that pods were unable to reach external services, and kubectl exec into the pods showed DNS resolution failures.
  • 2Used kubectl describe networkpolicy and found the DNS traffic was blocked in the policy.
Root Cause

The network policy accidentally blocked DNS traffic due to misconfigured ingress and egress rules.

Fix/Workaround
• Updated the network policy to allow DNS traffic.
• Restarted affected pods to ensure they could access DNS again.
Lessons Learned

Always verify that network policies allow necessary traffic, especially for DNS.

How to Avoid
  • 1Regularly test and validate network policies in non-production environments.
  • 2Set up monitoring for blocked network traffic.
Previous ScenarioNext Scenario