kb/dns_failure.md

# DNS Resolution Failure

## Symptoms
- `getaddrinfo ENOTFOUND` or `NameResolutionFailure`
- Transient errors resolving service hostnames
- Works from one namespace/host but not another

## Checks
- Resolve target host from pod/host (`nslookup`, `dig`)
- Inspect `/etc/resolv.conf` search domains and ndots
- Verify CoreDNS logs for SERVFAIL/REFUSED
- Check recent DNS changes or missing A/CNAME records
- Validate network policies allowing DNS traffic

## Fix
- Correct service/record names and search domains
- Restart CoreDNS or propagate zone updates
- Add caching and lower ndots if needed
- Update network policies to allow UDP/TCP 53