NETOBSERV-2485: DNS optimization, avoid searching for various suffixes

README.md

@@ -81,11 +81,11 @@ spec:
   loki:
     mode: Monolithic
     monolithic:
-      url: 'http://my-netobserv-loki.netobserv.svc:3100/'
+      url: 'http://my-netobserv-loki.netobserv.svc.cluster.local.:3100/'
   prometheus:
     querier:
       manual:
-        url: http://my-netobserv-prometheus-server.netobserv.svc/
+        url: http://my-netobserv-prometheus-server.netobserv.svc.cluster.local./
 EOF
 ```
 

RELEASE.md

@@ -63,11 +63,11 @@ spec:
   loki:
     mode: Monolithic
     monolithic:
-      url: 'http://my-netobserv-loki.netobserv.svc:3100/'
+      url: 'http://my-netobserv-loki.netobserv.svc.cluster.local.:3100/'
   prometheus:
     querier:
       manual:
-        url: http://my-netobserv-prometheus-server.netobserv.svc/
+        url: http://my-netobserv-prometheus-server.netobserv.svc.cluster.local./
 EOF
 
 # Check components image:

api/flowcollector/v1beta2/flowcollector_alert_types.go

@@ -22,6 +22,7 @@ const (
 	AlertNetpolDenied             AlertTemplate = "NetpolDenied"
 	AlertLatencyHighTrend         AlertTemplate = "LatencyHighTrend"
 	AlertDNSErrors                AlertTemplate = "DNSErrors"
+	AlertDNSNxDomain              AlertTemplate = "DNSNxDomain"
 	AlertExternalEgressHighTrend  AlertTemplate = "ExternalEgressHighTrend"
 	AlertExternalIngressHighTrend AlertTemplate = "ExternalIngressHighTrend"
 	AlertCrossAZ                  AlertTemplate = "CrossAZ"
@@ -33,9 +34,9 @@ const (
 type FLPAlert struct {
 	// Alert template name.
 	// Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-	// `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+	// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
 	// More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
-	// +kubebuilder:validation:Enum:="PacketDropsByKernel";"PacketDropsByDevice";"IPsecErrors";"NetpolDenied";"LatencyHighTrend";"DNSErrors";"ExternalEgressHighTrend";"ExternalIngressHighTrend";"CrossAZ"
+	// +kubebuilder:validation:Enum:="PacketDropsByKernel";"PacketDropsByDevice";"IPsecErrors";"NetpolDenied";"LatencyHighTrend";"DNSErrors";"DNSNxDomain";"ExternalEgressHighTrend";"ExternalIngressHighTrend";"CrossAZ"
 	// +required
 	Template AlertTemplate `json:"template,omitempty"`
 
@@ -166,7 +167,7 @@ func (g *FLPAlert) IsAllowed(spec *FlowCollectorSpec) (bool, string) {
 		if !spec.Agent.EBPF.IsIPSecEnabled() {
 			return false, fmt.Sprintf("Alert %s requires the %s agent feature to be enabled", g.Template, IPSec)
 		}
-	case AlertDNSErrors:
+	case AlertDNSErrors, AlertDNSNxDomain:
 		if !spec.Agent.EBPF.IsDNSTrackingEnabled() {
 			return false, fmt.Sprintf("Alert %s requires the %s agent feature to be enabled", g.Template, DNSTracking)
 		}

api/flowcollector/v1beta2/flowcollector_defaults.go

@@ -110,6 +110,18 @@ var (
 				},
 			},
 		},
+		{
+			Template: AlertDNSNxDomain,
+			Variants: []AlertVariant{
+				{
+					Thresholds: AlertThresholds{
+						Info:    "10",
+						Warning: "80",
+					},
+					GroupBy: GroupByNamespace,
+				},
+			},
+		},
 		{
 			Template: AlertNetpolDenied,
 			Variants: []AlertVariant{

api/flowcollector/v1beta2/flowcollector_types.go

@@ -582,7 +582,7 @@ type FLPMetrics struct {
 
 	// `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
 	// Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-	// `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+	// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
 	// More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
 	// +optional
 	DisableAlerts []AlertTemplate `json:"disableAlerts"`

api/flowcollector/v1beta2/flowcollector_validation_webhook.go

@@ -358,7 +358,7 @@ func (v *validator) isFLPAlertGroupBySupported(template AlertTemplate, variant *
 		return variant.GroupBy != GroupByWorkload
 	case AlertIPsecErrors:
 		return variant.GroupBy != GroupByWorkload && variant.GroupBy != GroupByNamespace
-	case AlertPacketDropsByKernel, AlertDNSErrors, AlertExternalEgressHighTrend, AlertExternalIngressHighTrend, AlertLatencyHighTrend, AlertNetpolDenied, AlertCrossAZ:
+	case AlertPacketDropsByKernel, AlertDNSErrors, AlertDNSNxDomain, AlertExternalEgressHighTrend, AlertExternalIngressHighTrend, AlertLatencyHighTrend, AlertNetpolDenied, AlertCrossAZ:
 		return true
 	case AlertLokiError, AlertNoFlows: // not applicable
 		return false
@@ -410,7 +410,7 @@ func GetElligibleMetricsForAlert(template AlertTemplate, alertDef *AlertVariant)
 		totalMetricPatterns = []string{"%s_ingress_packets_total", "%s_egress_packets_total"}
 	case AlertIPsecErrors:
 		return []string{"node_ipsec_flows_total"}, []string{"node_to_node_ingress_flows_total"}
-	case AlertDNSErrors:
+	case AlertDNSErrors, AlertDNSNxDomain:
 		metricPatterns = []string{`%s_dns_latency_seconds`}
 		totalMetricPatterns = []string{"%s_dns_latency_seconds"}
 	case AlertExternalEgressHighTrend: // TODO

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -5812,7 +5812,7 @@ spec:
                               description: |-
                                 Alert template name.
                                 Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                                `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                                `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                                 More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                               enum:
                               - PacketDropsByKernel
@@ -5821,6 +5821,7 @@ spec:
                               - NetpolDenied
                               - LatencyHighTrend
                               - DNSErrors
+                              - DNSNxDomain
                               - ExternalEgressHighTrend
                               - ExternalIngressHighTrend
                               - CrossAZ
@@ -5886,7 +5887,7 @@ spec:
                         description: |-
                           `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
                           Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                          `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                          `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                           More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                         items:
                           type: string

bundle/manifests/netobserv-operator.clusterserviceversion.yaml

@@ -203,7 +203,7 @@ metadata:
                   },
                   "enable": false
                 },
-                "url": "http://loki.netobserv.svc:3100/"
+                "url": "http://loki.netobserv.svc.cluster.local.:3100/"
               },
               "readTimeout": "30s",
               "writeBatchSize": 10485760,
@@ -253,7 +253,7 @@ metadata:
     categories: Monitoring, Networking, Observability
     console.openshift.io/plugins: '["netobserv-plugin"]'
     containerImage: quay.io/netobserv/network-observability-operator:1.10.0-community
-    createdAt: "2025-11-26T13:16:01Z"
+    createdAt: "2025-11-13T07:42:38Z"
     description: Network flows collector and monitoring solution
     operatorframework.io/initialization-resource: '{"apiVersion":"flows.netobserv.io/v1beta2",
       "kind":"FlowCollector","metadata":{"name":"cluster"},"spec": {}}'

config/crd/bases/flows.netobserv.io_flowcollectors.yaml

@@ -5373,7 +5373,7 @@ spec:
                                 description: |-
                                   Alert template name.
                                   Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                                  `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                                  `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                                   More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                                 enum:
                                   - PacketDropsByKernel
@@ -5382,6 +5382,7 @@ spec:
                                   - NetpolDenied
                                   - LatencyHighTrend
                                   - DNSErrors
+                                  - DNSNxDomain
                                   - ExternalEgressHighTrend
                                   - ExternalIngressHighTrend
                                   - CrossAZ
@@ -5438,7 +5439,7 @@ spec:
                           description: |-
                             `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
                             Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                            `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                            `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                             More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                           items:
                             type: string

config/samples/flows_v1beta2_flowcollector.yaml

@@ -151,7 +151,7 @@ spec:
     # Change mode to "LokiStack" to use with the loki operator
     mode: Monolithic
     monolithic:
-      url: 'http://loki.netobserv.svc:3100/'
+      url: 'http://loki.netobserv.svc.cluster.local.:3100/'
       tenantID: netobserv
       tls:
         enable: false

docs/Alerts.md

@@ -18,7 +18,8 @@ Here is the list of alerts installed by default:
 - `IPsecErrors`: triggered when NetObserv detects IPsec encyption errors; it requires the `IPSec` agent feature.
 - `NetpolDenied`: triggered when NetObserv detects traffic denied by network policies; it requires the `NetworkEvents` agent feature.
 - `LatencyHighTrend`: triggered when NetObserv detects an increase of TCP latency; it requires the `FlowRTT` agent feature.
-- `DNSErrors`: triggered when NetObserv detects DNS errors; it requires the `DNSTracking` agent feature.
+- `DNSErrors`: triggered when NetObserv detects DNS errors, other than NX_DOMAIN; it requires the `DNSTracking` agent feature.
+- `DNSNxDomain`: triggered when NetObserv detects DNS NX_DOMAIN errors; it requires the `DNSTracking` agent feature.
 - `ExternalEgressHighTrend`: TODO.
 - `ExternalIngressHighTrend`: TODO.
 

docs/FlowCollector.md

@@ -11512,7 +11512,7 @@ More information on alerts: https://github.com/netobserv/network-observability-o
         <td>
           `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
 Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-`LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
 More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md<br/>
         </td>
         <td>false</td>
@@ -11565,10 +11565,10 @@ More information, with full list of available metrics: https://github.com/netobs
         <td>
           Alert template name.
 Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-`LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
 More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md<br/>
           <br/>
-            <i>Enum</i>: PacketDropsByKernel, PacketDropsByDevice, IPsecErrors, NetpolDenied, LatencyHighTrend, DNSErrors, ExternalEgressHighTrend, ExternalIngressHighTrend, CrossAZ<br/>
+            <i>Enum</i>: PacketDropsByKernel, PacketDropsByDevice, IPsecErrors, NetpolDenied, LatencyHighTrend, DNSErrors, DNSNxDomain, ExternalEgressHighTrend, ExternalIngressHighTrend, CrossAZ<br/>
         </td>
         <td>true</td>
       </tr><tr>

helm/README.md

@@ -74,11 +74,11 @@ spec:
   loki:
     mode: Monolithic
     monolithic:
-      url: 'http://my-netobserv-loki.netobserv.svc:3100/'
+      url: 'http://my-netobserv-loki.netobserv.svc.cluster.local.:3100/'
   prometheus:
     querier:
       manual:
-        url: http://my-netobserv-prometheus-server.netobserv.svc/
+        url: http://my-netobserv-prometheus-server.netobserv.svc.cluster.local./
 EOF
 ```
 

helm/crds/flows.netobserv.io_flowcollectors.yaml

@@ -5377,7 +5377,7 @@ spec:
                                 description: |-
                                   Alert template name.
                                   Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                                  `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                                  `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                                   More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                                 enum:
                                   - PacketDropsByKernel
@@ -5386,6 +5386,7 @@ spec:
                                   - NetpolDenied
                                   - LatencyHighTrend
                                   - DNSErrors
+                                  - DNSNxDomain
                                   - ExternalEgressHighTrend
                                   - ExternalIngressHighTrend
                                   - CrossAZ
@@ -5442,7 +5443,7 @@ spec:
                           description: |-
                             `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
                             Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
-                            `LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+                            `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
                             More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
                           items:
                             type: string

internal/controller/consoleplugin/consoleplugin_objects.go

@@ -395,8 +395,8 @@ func (b *builder) getPromConfig(ctx context.Context) cfg.PrometheusConfig {
 	}
 	if b.desired.Prometheus.Querier.Mode == "" || b.desired.Prometheus.Querier.Mode == flowslatest.PromModeAuto {
 		if b.info.ClusterInfo.IsOpenShift() {
-			config.URL = "https://thanos-querier.openshift-monitoring.svc:9091/"    // requires cluster-monitoringv-view cluster role
-			config.DevURL = "https://thanos-querier.openshift-monitoring.svc:9092/" // restricted to a particular namespace
+			config.URL = "https://thanos-querier.openshift-monitoring.svc.cluster.local.:9091/"    // requires cluster-monitoringv-view cluster role
+			config.DevURL = "https://thanos-querier.openshift-monitoring.svc.cluster.local.:9092/" // restricted to a particular namespace
 			config.ForwardUserToken = true
 			tls = flowslatest.ClientTLS{
 				Enable: true,

internal/controller/consoleplugin/consoleplugin_test.go

@@ -341,8 +341,8 @@ func TestConfigMapContent(t *testing.T) {
 	assert.Nil(err)
 
 	// loki config
-	assert.Equal(config.Loki.URL, "https://lokistack-gateway-http.ls-namespace.svc:8080/api/logs/v1/network/")
-	assert.Equal(config.Loki.StatusURL, "https://lokistack-query-frontend-http.ls-namespace.svc:3100/")
+	assert.Equal(config.Loki.URL, "https://lokistack-gateway-http.ls-namespace.svc.cluster.local.:8080/api/logs/v1/network/")
+	assert.Equal(config.Loki.StatusURL, "https://lokistack-query-frontend-http.ls-namespace.svc.cluster.local.:3100/")
 
 	// frontend params
 	assert.Equal(config.Frontend.RecordTypes, []api.ConnTrackOutputRecordTypeEnum{api.ConnTrackFlowLog})

internal/controller/ebpf/agent_controller.go

@@ -484,7 +484,7 @@ func (c *AgentController) envConfig(ctx context.Context, coll *flowslatest.FlowC
 			// Send to FLP service
 			config = append(config, corev1.EnvVar{
 				Name:  envFlowsTargetHost,
-				Value: fmt.Sprintf("%s.%s.svc", constants.FLPName, c.Namespace),
+				Value: fmt.Sprintf("%s.%s.svc.cluster.local.", constants.FLPName, c.Namespace),
 			}, corev1.EnvVar{
 				Name:  envFlowsTargetPort,
 				Value: strconv.Itoa(int(*advancedConfig.Port)),

internal/controller/flp/flp_test.go

@@ -685,7 +685,7 @@ func TestConfigMapShouldDeserializeAsJSONWithLokiStack(t *testing.T) {
 	assert.Len(params, 5)
 
 	lokiCfg := params[3].Write.Loki
-	assert.Equal("https://lokistack-gateway-http.ls-namespace.svc:8080/api/logs/v1/network/", lokiCfg.URL)
+	assert.Equal("https://lokistack-gateway-http.ls-namespace.svc.cluster.local.:8080/api/logs/v1/network/", lokiCfg.URL)
 	assert.Equal("network", lokiCfg.TenantID)
 	assert.Equal("Bearer", lokiCfg.ClientConfig.Authorization.Type)
 	assert.Equal("/var/run/secrets/tokens/flowlogs-pipeline", lokiCfg.ClientConfig.Authorization.CredentialsFile)

internal/pkg/helper/loki_config.go

@@ -18,11 +18,11 @@ func NewLokiConfig(spec *flowslatest.FlowCollectorLoki, namespace string) LokiCo
 		if len(spec.LokiStack.Namespace) > 0 {
 			ns = spec.LokiStack.Namespace
 		}
-		gatewayURL := fmt.Sprintf("https://%s-gateway-http.%s.svc:8080/api/logs/v1/network/", spec.LokiStack.Name, ns)
+		gatewayURL := fmt.Sprintf("https://%s-gateway-http.%s.svc.cluster.local.:8080/api/logs/v1/network/", spec.LokiStack.Name, ns)
 		loki.LokiManualParams = flowslatest.LokiManualParams{
 			QuerierURL:  gatewayURL,
 			IngesterURL: gatewayURL,
-			StatusURL:   fmt.Sprintf("https://%s-query-frontend-http.%s.svc:3100/", spec.LokiStack.Name, ns),
+			StatusURL:   fmt.Sprintf("https://%s-query-frontend-http.%s.svc.cluster.local.:3100/", spec.LokiStack.Name, ns),
 			TenantID:    "network",
 			AuthToken:   flowslatest.LokiAuthForwardUserToken,
 			TLS: flowslatest.ClientTLS{