DNS Query Packet Loss at ENI Level

critical

Resource ContentionUpdated Feb 20, 2023

AWS ENI hard limit of 1024 packets per second causes DNS throttling when exceeded, leading to intermittent resolution failures that are difficult to diagnose without monitoring ENI-level metrics.

Sources

Monitoring CoreDNS for DNS throttling issues using AWS Open ...aws.amazon.com

Technologies:

CoreDNSSymptoms of this issue are visible in CoreDNS metrics and logs

Amazon DynamoDBAmazon DynamoDB metrics correlate with this issue and help confirm diagnosis

How to detect:

Monitor linklocal_allowance_exceeded metric from Elastic Network Adapter driver. Alert when packet drops occur, indicating PPS exceeded 1024 at the ENI level, causing DNS throttling affecting all pods on that worker node.

Recommended action:

Distribute CoreDNS pods across multiple worker nodes using pod anti-affinity. Scale CoreDNS horizontally to reduce per-node query load. Consider implementing NodeLocal DNSCache to reduce traffic through node ENI. Monitor network performance metrics via ethtool exporter.