Comment 25 for bug 1821026

coredns is by default configured to use the proxy plugin with resolv.conf as the proxy target. Since resolv.conf has both dnsmasq (floating mgmt IP) and the public DNS servers. The default policy for selecting a server for name resolution is "random" [1], therefore it is possible that occasionally the request will fail (and be cached) when resolving DNS entries that are only resolvable via dnsmasq (host names). Furthermore, in a multi-node system, there are multiple instances of coredns that are used, each with the above random behavior.

The bug report indicates that this issue is not always reproducible and that is because of the above behavior. With the recommended setup of removing resolv.conf and using the floating mgmt IP for the proxy configuration it will ensure all requests go through dnsmasq.

[1] https://coredns.io/plugins/proxy/