pod-dns-error
Injects DNS resolution failures for specified domains inside the pod's network namespace.
Target kind: Pod
Implementation: Daemon (ExecDNSChaos with action: error)
Rollback: Yes — sends CancelChaos to remove DNS intercept rules
Parameters
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
domains | string | No | "" (all) | Comma-separated list of domains to fail |
errorType | string | No | "NXDOMAIN" | DNS error type: NXDOMAIN or SERVFAIL |
Example
apiVersion: chaos.chaosplane.io/v1alpha1
kind: ChaosExperiment
metadata:
name: pod-dns-error-example
namespace: default
spec:
target:
kind: Pod
namespace: default
labelSelector:
matchLabels:
app: frontend
action:
type: pod-dns-error
parameters:
domains: "api.internal,db.internal"
errorType: "NXDOMAIN"
duration: 30s
rollback:
enabled: true
Rollback behavior
Sends CancelChaos RPC to the daemon, which removes the DNS intercept rules (typically iptables rules redirecting DNS traffic to a local resolver that returns errors).
Implementation notes
The daemon intercepts DNS traffic from the pod's network namespace and returns the specified error for matching domains. If domains is empty, all DNS queries fail. NXDOMAIN simulates a non-existent domain; SERVFAIL simulates a DNS server failure.