IBM Cloud Docs
Why does the Ingress status show an ERRDRISS error?

Why does the Ingress status show an ERRDRISS error?

Virtual Private Cloud Classic infrastructure Satellite

You can use the ibmcloud oc ingress status-report ignored-errors add command to add an error to the ignored-errors list. Ignored errors still appear in the output of the ibmcloud oc ingress status-report get command, but are ignored when calculating the overall Ingress Status.

When you check the status of your cluster's Ingress components by running the ibmcloud oc ingress status-report get command, you see an error similar to the following example.

The subdomain has DNS resolution issues (ERRDRISS).

One or more managed subdomains that belong to your cluster are not resolving correctly. Your subdomain configuration might be incorrect or the backend IPs have health issues.

Review and update your managed subdomains.

  1. Get the list of the managed domains using the ibmcloud oc nlb-dns ls command.

  2. Use dig to resolve your domains and verify that they resolve to the configured addresses.

    dig <subdomain>

  3. If you get NXDOMAIN or you see missing addresses, verify that your domain has correct configuration.

    • Make sure that the domain does not have mixed IP address types. For example, make sure the domain contains only public or only private IP addresses.
    • Make sure that the domain does not have malformed IP addresses or load balancer hostnames registered.

  4. Check if the domain has health monitoring.

    • Get the list of the subdomain that have health monitoring enabled using the ibmcloud oc nlb-dns monitor ls command.
    • If the domain is included in the list, get the health monitor details using the ibmcloud oc nlb-dns monitor get command command.
    • Verify that the health monitor configuration is correct, and that your backend applications are healthy.
    • Ensure that you allow incoming network traffic from Akamai's source IP addresses.
    • Fix any backend, NLB-DNS health monitor configuration of firewall issues.

  5. Wait 10-15 minutes, then check if the warning is resolved.

  6. If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.