diff --git a/assets/components/openshift-dns/dns/configmap.yaml b/assets/components/openshift-dns/dns/configmap.yaml
index 2b4194e991..8e7cdc3ae0 100644
--- a/assets/components/openshift-dns/dns/configmap.yaml
+++ b/assets/components/openshift-dns/dns/configmap.yaml
@@ -1,6 +1,7 @@
 apiVersion: v1
 data:
   Corefile: |
+    {{- .C2CCDNSBlocks }}
     .:5353 {
         bufsize 1232
         errors
diff --git a/cmd/generate-config/config/config-openapi-spec.json b/cmd/generate-config/config/config-openapi-spec.json
index 4d5d03a2db..c2d98d1471 100755
--- a/cmd/generate-config/config/config-openapi-spec.json
+++ b/cmd/generate-config/config/config-openapi-spec.json
@@ -181,7 +181,28 @@
     },
     "clusterToCluster": {
       "type": "object",
+      "required": [
+        "dns"
+      ],
       "properties": {
+        "dns": {
+          "description": "DNS cache settings for CoreDNS server blocks generated for remote clusters.",
+          "type": "object",
+          "properties": {
+            "cacheNegativeTTL": {
+              "description": "Maximum TTL (seconds) for denial (NXDOMAIN/NODATA) DNS cache entries in CoreDNS\nserver blocks generated for remote clusters. Must be \u003e= 0. Setting to 0 disables denial caching.",
+              "type": "integer",
+              "default": 10,
+              "minimum": 0
+            },
+            "cacheTTL": {
+              "description": "Maximum TTL (seconds) for positive DNS cache entries in CoreDNS server blocks\ngenerated for remote clusters. Must be \u003e= 0. Setting to 0 disables positive caching.",
+              "type": "integer",
+              "default": 10,
+              "minimum": 0
+            }
+          }
+        },
         "remoteClusters": {
           "description": "List of remote clusters to establish connectivity with.\nC2CC is disabled when this list is empty.",
           "type": "array",
diff --git a/docs/user/howto_config.md b/docs/user/howto_config.md
index 72cd84df6e..636acf1ae7 100644
--- a/docs/user/howto_config.md
+++ b/docs/user/howto_config.md
@@ -31,6 +31,9 @@ apiServer:
         cipherSuites: []
         minVersion: ""
 clusterToCluster:
+    dns:
+        cacheNegativeTTL: 0
+        cacheTTL: 0
     remoteClusters:
         - clusterNetwork: []
           domain: ""
@@ -190,6 +193,9 @@ apiServer:
         cipherSuites: []
         minVersion: VersionTLS12
 clusterToCluster:
+    dns:
+        cacheNegativeTTL: 10
+        cacheTTL: 10
     remoteClusters:
         - clusterNetwork: []
           domain: ""
diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml
index 7d54331024..69ab22e68c 100644
--- a/packaging/microshift/config.yaml
+++ b/packaging/microshift/config.yaml
@@ -42,6 +42,14 @@ apiServer:
         # Defaults to VersionTLS12.
         minVersion: VersionTLS12
 clusterToCluster:
+    # DNS cache settings for CoreDNS server blocks generated for remote clusters.
+    dns:
+        # Maximum TTL (seconds) for denial (NXDOMAIN/NODATA) DNS cache entries in CoreDNS
+        # server blocks generated for remote clusters. Must be >= 0. Setting to 0 disables denial caching.
+        cacheNegativeTTL: 10
+        # Maximum TTL (seconds) for positive DNS cache entries in CoreDNS server blocks
+        # generated for remote clusters. Must be >= 0. Setting to 0 disables positive caching.
+        cacheTTL: 10
     # List of remote clusters to establish connectivity with.
     # C2CC is disabled when this list is empty.
     remoteClusters:
diff --git a/pkg/components/controllers.go b/pkg/components/controllers.go
index ded367dfca..2f995fc060 100644
--- a/pkg/components/controllers.go
+++ b/pkg/components/controllers.go
@@ -304,8 +304,12 @@ func startDNSController(ctx context.Context, cfg *config.Config, kubeconfigPath
 
 	hostsEnabled := cfg.DNS.Hosts.Status == config.HostsStatusEnabled
 	extraParams := assets.RenderParams{
-		"ClusterIP":    cfg.Network.DNS,
-		"HostsEnabled": hostsEnabled,
+		"ClusterIP":     cfg.Network.DNS,
+		"HostsEnabled":  hostsEnabled,
+		"C2CCDNSBlocks": "",
+	}
+	if cfg.C2CC.IsEnabled() {
+		extraParams["C2CCDNSBlocks"] = config.RenderC2CCDNSBlocks(cfg.C2CC.Resolved, *cfg.C2CC.DNS.CacheTTL, *cfg.C2CC.DNS.CacheNegativeTTL)
 	}
 
 	if err := assets.ApplyServices(ctx, svc, renderTemplate, renderParamsFromConfig(cfg, extraParams), kubeconfigPath); err != nil {
diff --git a/pkg/config/c2cc.go b/pkg/config/c2cc.go
index ff77458eb0..d82eb5aa59 100644
--- a/pkg/config/c2cc.go
+++ b/pkg/config/c2cc.go
@@ -11,7 +11,22 @@ import (
 	netutils "k8s.io/utils/net"
 )
 
+type C2CCDNS struct {
+	// Maximum TTL (seconds) for positive DNS cache entries in CoreDNS server blocks
+	// generated for remote clusters. Must be >= 0. Setting to 0 disables positive caching.
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default=10
+	CacheTTL *int `json:"cacheTTL,omitempty"`
+	// Maximum TTL (seconds) for denial (NXDOMAIN/NODATA) DNS cache entries in CoreDNS
+	// server blocks generated for remote clusters. Must be >= 0. Setting to 0 disables denial caching.
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default=10
+	CacheNegativeTTL *int `json:"cacheNegativeTTL,omitempty"`
+}
+
 type C2CC struct {
+	// DNS cache settings for CoreDNS server blocks generated for remote clusters.
+	DNS C2CCDNS `json:"dns"`
 	// List of remote clusters to establish connectivity with.
 	// C2CC is disabled when this list is empty.
 	RemoteClusters []RemoteCluster `json:"remoteClusters,omitempty"`
@@ -39,6 +54,7 @@ type ResolvedRemoteCluster struct {
 	ClusterNetwork []*net.IPNet
 	ServiceNetwork []*net.IPNet
 	Domain         string
+	DNSIP          string // 10th IP of ServiceNetwork[0], computed during validation when Domain is set
 }
 
 func (rc *ResolvedRemoteCluster) AllCIDRs() []*net.IPNet {
@@ -164,6 +180,13 @@ func (c *C2CC) validate(cfg *Config) error {
 		return fmt.Errorf("cluster to cluster requires OVN-Kubernetes CNI (network.cniPlugin must be \"\" or \"ovnk\", got %q)", cfg.Network.CNIPlugin)
 	}
 
+	if c.DNS.CacheTTL != nil && *c.DNS.CacheTTL < 0 {
+		return fmt.Errorf("dns.cacheTTL must be >= 0, got %d", *c.DNS.CacheTTL)
+	}
+	if c.DNS.CacheNegativeTTL != nil && *c.DNS.CacheNegativeTTL < 0 {
+		return fmt.Errorf("dns.cacheNegativeTTL must be >= 0, got %d", *c.DNS.CacheNegativeTTL)
+	}
+
 	resolved, parseErrs := c.parseRemoteClusters()
 	if len(parseErrs) > 0 {
 		return errors.Join(parseErrs...)
@@ -259,6 +282,9 @@ func validateRemoteCluster(
 		if domainErrs := validation.IsDNS1123Subdomain(rc.Domain); len(domainErrs) > 0 {
 			errs = append(errs, fmt.Errorf("%s.domain %q is not a valid DNS name: %s", label, rc.Domain, strings.Join(domainErrs, ", ")))
 		}
+		if rc.Domain == "cluster.local" {
+			errs = append(errs, fmt.Errorf("%s.domain cannot be cluster.local", label))
+		}
 		if prev, ok := seenRemoteDomains[rc.Domain]; ok {
 			errs = append(errs, fmt.Errorf("%s.domain %q duplicates remoteClusters[%d]", label, rc.Domain, prev))
 		} else {
@@ -266,6 +292,15 @@ func validateRemoteCluster(
 		}
 	}
 
+	if rc.Domain != "" && len(rc.ServiceNetwork) > 0 {
+		dnsIP, err := getClusterDNS(rc.ServiceNetwork[0])
+		if err != nil {
+			errs = append(errs, fmt.Errorf("%s: failed to compute DNS IP from serviceNetwork[0] %q: %w", label, rc.ServiceNetwork[0], err))
+		} else {
+			res.DNSIP = dnsIP
+		}
+	}
+
 	errs = append(errs, validateIPFamilyConsistencyNets(res.ClusterNetwork, label+".clusterNetwork")...)
 	errs = append(errs, validateIPFamilyConsistencyNets(res.ServiceNetwork, label+".serviceNetwork")...)
 	errs = append(errs, validateNetworkShapeNets(res.ClusterNetwork, res.ServiceNetwork, label)...)
@@ -345,3 +380,33 @@ func checkCIDRConflicts(cidr *net.IPNet, cidrStr, label string, seenCIDRs []labe
 func cidrsOverlap(a, b *net.IPNet) bool {
 	return a.Contains(b.IP) || b.Contains(a.IP)
 }
+
+// RenderC2CCDNSBlocks generates CoreDNS server blocks for cross-cluster DNS.
+func RenderC2CCDNSBlocks(resolved []ResolvedRemoteCluster, cacheTTL, cacheNegativeTTL int) string {
+	var blocks []string
+	for _, rc := range resolved {
+		if rc.Domain == "" {
+			continue
+		}
+		blocks = append(blocks, formatDNSBlock(rc.Domain, rc.DNSIP, cacheTTL, cacheNegativeTTL))
+	}
+	if len(blocks) == 0 {
+		return ""
+	}
+	return "\n" + strings.Join(blocks, "\n")
+}
+
+func formatDNSBlock(domain, dnsIP string, cacheTTL, cacheNegativeTTL int) string {
+	return fmt.Sprintf(`    %s:5353 {
+        bufsize 1232
+        errors
+        log . {
+            class error
+        }
+        rewrite stop name suffix .%s .cluster.local answer auto
+        forward . %s
+        cache %d {
+            denial 9984 %d
+        }
+    }`, domain, domain, dnsIP, cacheTTL, cacheNegativeTTL)
+}
diff --git a/pkg/config/c2cc_test.go b/pkg/config/c2cc_test.go
index b215027e96..50a28984cf 100644
--- a/pkg/config/c2cc_test.go
+++ b/pkg/config/c2cc_test.go
@@ -2,9 +2,12 @@ package config
 
 import (
 	"net"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/utils/ptr"
 )
 
 func TestC2CC_IsEnabled(t *testing.T) {
@@ -55,6 +58,16 @@ func TestC2CC_StripEmptyRemoteClusters(t *testing.T) {
 	})
 }
 
+func withDNSDefaults(c2cc C2CC) C2CC {
+	if c2cc.DNS.CacheTTL == nil {
+		c2cc.DNS.CacheTTL = ptr.To(10)
+	}
+	if c2cc.DNS.CacheNegativeTTL == nil {
+		c2cc.DNS.CacheNegativeTTL = ptr.To(10)
+	}
+	return c2cc
+}
+
 func mkC2CCConfig(c2cc C2CC) *Config {
 	return &Config{
 		Network: Network{
@@ -65,7 +78,7 @@ func mkC2CCConfig(c2cc C2CC) *Config {
 		Node: Node{
 			NodeIP: "10.100.0.1",
 		},
-		C2CC: c2cc,
+		C2CC: withDNSDefaults(c2cc),
 	}
 }
 
@@ -80,7 +93,7 @@ func mkDualStackC2CCConfig(c2cc C2CC) *Config {
 			NodeIP:   "10.100.0.1",
 			NodeIPV6: "fd00::1",
 		},
-		C2CC: c2cc,
+		C2CC: withDNSDefaults(c2cc),
 	}
 }
 
@@ -94,7 +107,7 @@ func mkIPv6OnlyC2CCConfig(c2cc C2CC) *Config {
 		Node: Node{
 			NodeIP: "fd00::1",
 		},
-		C2CC: c2cc,
+		C2CC: withDNSDefaults(c2cc),
 	}
 }
 
@@ -486,6 +499,43 @@ func TestC2CC_Validate(t *testing.T) {
 			expectErr: true,
 			errMsg:    "mismatched IP families",
 		},
+		{
+			name: "negative cacheTTL",
+			cfg: mkC2CCConfig(C2CC{
+				DNS: C2CCDNS{CacheTTL: ptr.To(-1), CacheNegativeTTL: ptr.To(10)},
+				RemoteClusters: []RemoteCluster{{
+					NextHop:        "10.100.0.2",
+					ClusterNetwork: []string{"10.45.0.0/16"},
+					ServiceNetwork: []string{"10.46.0.0/16"},
+				}},
+			}),
+			expectErr: true,
+			errMsg:    "dns.cacheTTL must be >= 0",
+		},
+		{
+			name: "negative cacheNegativeTTL",
+			cfg: mkC2CCConfig(C2CC{
+				DNS: C2CCDNS{CacheTTL: ptr.To(10), CacheNegativeTTL: ptr.To(-5)},
+				RemoteClusters: []RemoteCluster{{
+					NextHop:        "10.100.0.2",
+					ClusterNetwork: []string{"10.45.0.0/16"},
+					ServiceNetwork: []string{"10.46.0.0/16"},
+				}},
+			}),
+			expectErr: true,
+			errMsg:    "dns.cacheNegativeTTL must be >= 0",
+		},
+		{
+			name: "zero cacheTTL is valid",
+			cfg: mkC2CCConfig(C2CC{
+				DNS: C2CCDNS{CacheTTL: ptr.To(0), CacheNegativeTTL: ptr.To(0)},
+				RemoteClusters: []RemoteCluster{{
+					NextHop:        "10.100.0.2",
+					ClusterNetwork: []string{"10.45.0.0/16"},
+					ServiceNetwork: []string{"10.46.0.0/16"},
+				}},
+			}),
+		},
 	}
 
 	for _, tt := range ttests {
@@ -541,3 +591,134 @@ func TestC2CC_ValidateDualStack(t *testing.T) {
 		assert.NoError(t, cfg.C2CC.validate(cfg))
 	})
 }
+
+func TestC2CC_DNSIP(t *testing.T) {
+	stubHostIPs(t, nil)
+
+	t.Run("DNSIP populated when domain is set", func(t *testing.T) {
+		cfg := mkC2CCConfig(C2CC{
+			RemoteClusters: []RemoteCluster{{
+				NextHop:        "10.100.0.2",
+				ClusterNetwork: []string{"10.45.0.0/16"},
+				ServiceNetwork: []string{"10.46.0.0/16"},
+				Domain:         "cluster-b.remote",
+			}},
+		})
+		require.NoError(t, cfg.C2CC.validate(cfg))
+		assert.Equal(t, "10.46.0.10", cfg.C2CC.Resolved[0].DNSIP)
+	})
+
+	t.Run("DNSIP empty when domain is not set", func(t *testing.T) {
+		cfg := mkC2CCConfig(C2CC{
+			RemoteClusters: []RemoteCluster{{
+				NextHop:        "10.100.0.2",
+				ClusterNetwork: []string{"10.45.0.0/16"},
+				ServiceNetwork: []string{"10.46.0.0/16"},
+			}},
+		})
+		require.NoError(t, cfg.C2CC.validate(cfg))
+		assert.Empty(t, cfg.C2CC.Resolved[0].DNSIP)
+	})
+
+	t.Run("DNSIP for IPv6 service network", func(t *testing.T) {
+		cfg := mkIPv6OnlyC2CCConfig(C2CC{
+			RemoteClusters: []RemoteCluster{{
+				NextHop:        "fd00::2",
+				ClusterNetwork: []string{"fd03::/48"},
+				ServiceNetwork: []string{"fd04::/112"},
+				Domain:         "cluster-b.remote",
+			}},
+		})
+		require.NoError(t, cfg.C2CC.validate(cfg))
+		assert.Equal(t, "fd04::a", cfg.C2CC.Resolved[0].DNSIP)
+	})
+}
+
+func parseCIDR(t *testing.T, s string) *net.IPNet {
+	t.Helper()
+	_, ipNet, err := net.ParseCIDR(s)
+	require.NoError(t, err)
+	return ipNet
+}
+
+func TestRenderC2CCDNSBlocks(t *testing.T) {
+	t.Run("no domains configured", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{{
+			NextHop:        net.ParseIP("10.100.0.2"),
+			ClusterNetwork: []*net.IPNet{parseCIDR(t, "10.45.0.0/16")},
+			ServiceNetwork: []*net.IPNet{parseCIDR(t, "10.46.0.0/16")},
+		}}
+		result := RenderC2CCDNSBlocks(resolved, 10, 10)
+		assert.Empty(t, result)
+	})
+
+	t.Run("single domain with default TTLs", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{{
+			NextHop:        net.ParseIP("10.100.0.2"),
+			ClusterNetwork: []*net.IPNet{parseCIDR(t, "10.45.0.0/16")},
+			ServiceNetwork: []*net.IPNet{parseCIDR(t, "10.46.0.0/16")},
+			Domain:         "cluster-b.remote",
+			DNSIP:          "10.46.0.10",
+		}}
+		result := RenderC2CCDNSBlocks(resolved, 10, 10)
+		assert.True(t, strings.HasPrefix(result, "\n"), "result should start with newline for YAML block scalar")
+		assert.Contains(t, result, "cluster-b.remote:5353")
+		assert.Contains(t, result, "rewrite stop name suffix .cluster-b.remote .cluster.local answer auto")
+		assert.Contains(t, result, "forward . 10.46.0.10")
+		assert.Contains(t, result, "cache 10 {")
+		assert.Contains(t, result, "denial 9984 10")
+	})
+
+	t.Run("custom TTLs", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{{
+			Domain: "cluster-b.remote",
+			DNSIP:  "10.46.0.10",
+		}}
+		result := RenderC2CCDNSBlocks(resolved, 30, 60)
+		assert.Contains(t, result, "cache 30 {")
+		assert.Contains(t, result, "denial 9984 60")
+	})
+
+	t.Run("zero TTLs", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{{
+			Domain: "cluster-b.remote",
+			DNSIP:  "10.46.0.10",
+		}}
+		result := RenderC2CCDNSBlocks(resolved, 0, 0)
+		assert.Contains(t, result, "cache 0 {")
+		assert.Contains(t, result, "denial 9984 0")
+	})
+
+	t.Run("multiple domains", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{
+			{
+				Domain: "cluster-b.remote",
+				DNSIP:  "10.46.0.10",
+			},
+			{
+				Domain: "cluster-c.remote",
+				DNSIP:  "10.56.0.10",
+			},
+		}
+		result := RenderC2CCDNSBlocks(resolved, 10, 10)
+		assert.Contains(t, result, "cluster-b.remote:5353")
+		assert.Contains(t, result, "forward . 10.46.0.10")
+		assert.Contains(t, result, "cluster-c.remote:5353")
+		assert.Contains(t, result, "forward . 10.56.0.10")
+	})
+
+	t.Run("mixed domain and no-domain", func(t *testing.T) {
+		resolved := []ResolvedRemoteCluster{
+			{
+				Domain: "cluster-b.remote",
+				DNSIP:  "10.46.0.10",
+			},
+			{
+				Domain: "",
+			},
+		}
+		result := RenderC2CCDNSBlocks(resolved, 10, 10)
+		assert.Contains(t, result, "cluster-b.remote:5353")
+		assert.NotContains(t, result, "cluster-c")
+	})
+}
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 192ee26d73..bac66b96b7 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -199,7 +199,9 @@ func (c *Config) fillDefaults() error {
 	c.GenericDevicePlugin = genericDevicePluginDefaults()
 	c.Telemetry = telemetryDefaults()
 	c.DNS = dnsDefaults()
-	c.C2CC = C2CC{}
+	c.C2CC = C2CC{
+		DNS: C2CCDNS{CacheTTL: ptr.To(10), CacheNegativeTTL: ptr.To(10)},
+	}
 	return nil
 }
 
@@ -459,7 +461,13 @@ func (c *Config) incorporateUserSettings(u *Config) {
 	}
 
 	if u.C2CC.RemoteClusters != nil {
-		c.C2CC = u.C2CC
+		c.C2CC.RemoteClusters = u.C2CC.RemoteClusters
+	}
+	if u.C2CC.DNS.CacheTTL != nil {
+		c.C2CC.DNS.CacheTTL = u.C2CC.DNS.CacheTTL
+	}
+	if u.C2CC.DNS.CacheNegativeTTL != nil {
+		c.C2CC.DNS.CacheNegativeTTL = u.C2CC.DNS.CacheNegativeTTL
 	}
 }
 
diff --git a/pkg/controllers/c2cc/controller.go b/pkg/controllers/c2cc/controller.go
index ec352ba334..8091817cec 100644
--- a/pkg/controllers/c2cc/controller.go
+++ b/pkg/controllers/c2cc/controller.go
@@ -13,7 +13,7 @@ import (
 )
 
 const (
-	reconcileInterval = 10 * time.Second
+	reconcileInterval = 2 * time.Second
 )
 
 type C2CCRouteManager struct {
@@ -72,7 +72,7 @@ func (c *C2CCRouteManager) Run(ctx context.Context, ready chan<- struct{}, stopp
 		return fmt.Errorf("failed to init subsystems: %w", err)
 	}
 
-	reconcileCh := make(chan string, 10)
+	reconcileCh := make(chan string, 50)
 
 	c.ovn.subscribe(ctx, reconcileCh)
 
diff --git a/pkg/controllers/c2cc/helpers_test.go b/pkg/controllers/c2cc/helpers_test.go
index 605c6251e0..474840488c 100644
--- a/pkg/controllers/c2cc/helpers_test.go
+++ b/pkg/controllers/c2cc/helpers_test.go
@@ -12,6 +12,7 @@ type testRemoteConfig struct {
 	nextHop        string
 	clusterNetwork []string
 	serviceNetwork []string
+	domain         string
 }
 
 func testRemote(nextHop string, clusterNetwork, serviceNetwork []string) testRemoteConfig {
@@ -22,6 +23,15 @@ func testRemote(nextHop string, clusterNetwork, serviceNetwork []string) testRem
 	}
 }
 
+func testRemoteWithDomain(nextHop string, clusterNetwork, serviceNetwork []string, domain string) testRemoteConfig {
+	return testRemoteConfig{
+		nextHop:        nextHop,
+		clusterNetwork: clusterNetwork,
+		serviceNetwork: serviceNetwork,
+		domain:         domain,
+	}
+}
+
 func testConfigWithRemotes(t *testing.T, remotes ...testRemoteConfig) *config.Config {
 	t.Helper()
 
@@ -32,6 +42,7 @@ func testConfigWithRemotes(t *testing.T, remotes ...testRemoteConfig) *config.Co
 	for _, r := range remotes {
 		resolved := config.ResolvedRemoteCluster{
 			NextHop: net.ParseIP(r.nextHop),
+			Domain:  r.domain,
 		}
 		require.NotNil(t, resolved.NextHop, "invalid nextHop: %s", r.nextHop)
 
diff --git a/pkg/controllers/c2cc/policy_routes.go b/pkg/controllers/c2cc/policy_routes.go
index 11507dea1b..0181bd8868 100644
--- a/pkg/controllers/c2cc/policy_routes.go
+++ b/pkg/controllers/c2cc/policy_routes.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"syscall"
 
 	"github.com/vishvananda/netlink"
 	"k8s.io/klog/v2"
@@ -110,9 +111,13 @@ func (t *policyRouteTable) subscribe(reconcileCh chan<- string, reason string) (
 			if update.Table != t.table {
 				continue
 			}
+			if update.Type == syscall.RTM_DELROUTE {
+				klog.V(2).Infof("Detected external deletion of route in table %d: %v", t.table, update.Route)
+			}
 			select {
 			case reconcileCh <- reason:
 			default:
+				klog.V(4).Infof("Reconcile channel full, dropping %s event for table %d", reason, t.table)
 			}
 		}
 	}()
diff --git a/test/assets/c2cc/hello-microshift.yaml b/test/assets/c2cc/hello-microshift.yaml
index 6169449b78..34ffcb717f 100644
--- a/test/assets/c2cc/hello-microshift.yaml
+++ b/test/assets/c2cc/hello-microshift.yaml
@@ -10,10 +10,27 @@ spec:
   - name: hello-microshift
     image: quay.io/microshift/busybox:1.36
     command: ["/bin/sh"]
-    args: ["-c", "while true; do echo -ne \"HTTP/1.0 200 OK\r\nContent-Length: 16\r\n\r\nHello MicroShift\" | nc -l -p 8080 ; done"]
+    args:
+    - -c
+    - |
+      mkdir -p /tmp/www/cgi-bin
+      cat > /tmp/www/cgi-bin/hello <<SCRIPT
+      #!/bin/sh
+      echo "Content-Type: text/plain"
+      echo ""
+      SRC=\$(echo "\${REMOTE_ADDR}" | sed 's/\[//;s/\]//;s/^::ffff://')
+      echo "Hello from ${MY_POD_IP}, source: \${SRC}"
+      SCRIPT
+      chmod +x /tmp/www/cgi-bin/hello
+      httpd -f -p 8080 -h /tmp/www
     ports:
     - containerPort: 8080
       protocol: TCP
+    env:
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
     securityContext:
       allowPrivilegeEscalation: false
       capabilities:
diff --git a/test/resources/c2cc.resource b/test/resources/c2cc.resource
index ac8d139e84..badd015f7e 100644
--- a/test/resources/c2cc.resource
+++ b/test/resources/c2cc.resource
@@ -222,3 +222,69 @@ Remove Foreign Subnet From SNAT Annotation
     ...    Triggers a reconcile by briefly corrupting the annotation.
     [Arguments]    ${alias}
     Corrupt Node SNAT Annotation On Cluster    ${alias}
+
+Create Unique Namespace On Cluster
+    [Documentation]    Creates a namespace with a unique suffix on the given cluster.
+    ...    Returns the namespace name.
+    [Arguments]    ${alias}
+    ${rand}=    Generate Random String
+    ${rand}=    Convert To Lower Case    ${rand}
+    ${ns}=    Catenate    SEPARATOR=-    test    ${rand}
+    Oc On Cluster    ${alias}    oc create namespace ${ns}
+    RETURN    ${ns}
+
+Verify Corefile Contains C2CC Server Block
+    [Documentation]    Check that the CoreDNS Corefile configmap contains a server block for the given domain.
+    [Arguments]    ${alias}    ${domain}
+    ${stdout}=    Oc On Cluster    ${alias}
+    ...    oc get configmap dns-default -n openshift-dns -o jsonpath='{.data.Corefile}'
+    Should Contain    ${stdout}    ${domain}:5353
+    Should Contain    ${stdout}    rewrite stop name suffix .${domain} .cluster.local answer auto
+
+Verify Corefile Does Not Contain C2CC Server Block
+    [Documentation]    Check that the CoreDNS Corefile does NOT contain a server block for the given domain.
+    [Arguments]    ${alias}    ${domain}
+    ${stdout}=    Oc On Cluster    ${alias}
+    ...    oc get configmap dns-default -n openshift-dns -o jsonpath='{.data.Corefile}'
+    Should Not Contain    ${stdout}    ${domain}:5353
+
+Deploy Test Workloads
+    [Documentation]    Create namespace and deploy hello-microshift + curl-pod on both clusters.
+    VAR    ${assets}=    ${EXECDIR}/assets/c2cc
+    FOR    ${alias}    IN    cluster-a    cluster-b
+        ${ns}=    Create Unique Namespace On Cluster    ${alias}
+        Set To Dictionary    ${NAMESPACES}    ${alias}    ${ns}
+        Oc On Cluster    ${alias}    oc apply -n ${ns} -f ${assets}/hello-microshift.yaml
+        Oc On Cluster    ${alias}    oc apply -n ${ns} -f ${assets}/curl-pod.yaml
+    END
+    Wait For Test Pods
+    Wait For Service Endpoints
+
+Wait For Test Pods
+    [Documentation]    Wait for all test pods to be Ready on both clusters.
+    FOR    ${alias}    IN    cluster-a    cluster-b
+        Oc On Cluster
+        ...    ${alias}
+        ...    oc wait pod/hello-microshift pod/curl-pod -n ${NAMESPACES}[${alias}] --for=condition=Ready --timeout=120s
+    END
+
+Wait For Service Endpoints
+    [Documentation]    Wait for hello-microshift service to have endpoints on both clusters.
+    ...    Ensures OVN-K has synced the EndpointSlice and programmed the OVN load balancer.
+    FOR    ${alias}    IN    cluster-a    cluster-b
+        Wait Until Keyword Succeeds    120s    5s
+        ...    Service Endpoints Should Exist    ${alias}    ${NAMESPACES}[${alias}]
+    END
+
+Service Endpoints Should Exist
+    [Documentation]    Verify the hello-microshift endpoint has at least one address.
+    [Arguments]    ${alias}    ${ns}
+    ${stdout}=    Oc On Cluster    ${alias}
+    ...    oc get endpoints hello-microshift -n ${ns} -o jsonpath='{.subsets[0].addresses[0].ip}'
+    Should Not Be Empty    ${stdout}
+
+Cleanup Test Workloads
+    [Documentation]    Delete test namespace on both clusters. Ignores errors.
+    FOR    ${alias}    IN    cluster-a    cluster-b
+        Oc On Cluster    ${alias}    oc delete namespace ${NAMESPACES}[${alias}] --timeout=60s
+    END
diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
index fd984d6bbf..19705d8ce7 100644
--- a/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
+++ b/test/scenarios-bootc/el10/presubmits/el102-src@c2cc.sh
@@ -112,9 +112,5 @@ scenario_run_tests() {
         --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
         --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
         --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        suites/c2cc/sanity.robot \
-        suites/c2cc/infrastructure.robot \
-        suites/c2cc/connectivity.robot \
-        suites/c2cc/reconciliation.robot \
-        suites/c2cc/cleanup.robot
+        suites/c2cc/
 }
diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
index a5486d688f..ea6bcf0115 100644
--- a/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
+++ b/test/scenarios-bootc/el9/presubmits/el98-src@c2cc.sh
@@ -112,9 +112,5 @@ scenario_run_tests() {
         --variable "CLUSTER_B_SVC_CIDR:${CLUSTER_B_SVC_CIDR}" \
         --variable "CLUSTER_B_DOMAIN:${CLUSTER_B_DOMAIN}" \
         --variable "KUBECONFIG_B:${kubeconfig_b}" \
-        suites/c2cc/sanity.robot \
-        suites/c2cc/infrastructure.robot \
-        suites/c2cc/connectivity.robot \
-        suites/c2cc/reconciliation.robot \
-        suites/c2cc/cleanup.robot
+        suites/c2cc/
 }
diff --git a/test/suites/c2cc/cleanup.robot b/test/suites/c2cc/cleanup.robot
index adacdd54a8..dfd8e25fe1 100644
--- a/test/suites/c2cc/cleanup.robot
+++ b/test/suites/c2cc/cleanup.robot
@@ -15,8 +15,8 @@ Test Tags           c2cc
 
 
 *** Variables ***
-${CLEANUP_TIMEOUT}      60s
-${CLEANUP_RETRY}        5s
+${CLEANUP_TIMEOUT}      360s
+${CLEANUP_RETRY}        30s
 ${C2CC_CONFIG_PATH}     /etc/microshift/config.d/50-c2cc.yaml
 
 
@@ -112,7 +112,6 @@ Enable C2CC On Cluster
     ...    Verify Cluster Is Healthy    ${alias}
 
 Verify Cluster Is Healthy
-    [Documentation]    Check the /readyz endpoint on the given cluster.
+    [Documentation]    Verify MicroShift and all core workloads (including OVN-K) are ready.
     [Arguments]    ${alias}
-    ${stdout}=    Oc On Cluster    ${alias}    oc get --raw='/readyz'
-    Should Be Equal As Strings    ${stdout}    ok    strip_spaces=True
+    Command On Cluster    ${alias}    microshift healthcheck --timeout=300s
diff --git a/test/suites/c2cc/connectivity.robot b/test/suites/c2cc/connectivity.robot
index fe78060959..5c5a8d01f3 100644
--- a/test/suites/c2cc/connectivity.robot
+++ b/test/suites/c2cc/connectivity.robot
@@ -15,7 +15,7 @@ Test Tags           c2cc
 
 
 *** Variables ***
-${NAMESPACE}    c2cc-test
+&{NAMESPACES}       cluster-a=${EMPTY}    cluster-b=${EMPTY}
 
 
 *** Test Cases ***
@@ -23,25 +23,53 @@ Pod To Pod From Cluster A To Cluster B
     [Documentation]    Verify pod on Cluster A can reach pod IP on Cluster B.
     ${pod_ip_b}=    Get Hello Pod IP    cluster-b
     ${stdout}=    Curl From Cluster    cluster-a    ${pod_ip_b}    8080
-    Should Contain    ${stdout}    Hello MicroShift
+    Should Contain    ${stdout}    Hello from
 
 Pod To Pod From Cluster B To Cluster A
     [Documentation]    Verify pod on Cluster B can reach pod IP on Cluster A.
     ${pod_ip_a}=    Get Hello Pod IP    cluster-a
     ${stdout}=    Curl From Cluster    cluster-b    ${pod_ip_a}    8080
-    Should Contain    ${stdout}    Hello MicroShift
+    Should Contain    ${stdout}    Hello from
 
 Pod To Service From Cluster A To Cluster B
     [Documentation]    Verify pod on Cluster A can reach service ClusterIP on Cluster B.
     ${svc_ip_b}=    Get Hello Service IP    cluster-b
     ${stdout}=    Curl From Cluster    cluster-a    ${svc_ip_b}    8080
-    Should Contain    ${stdout}    Hello MicroShift
+    Should Contain    ${stdout}    Hello from
 
 Pod To Service From Cluster B To Cluster A
     [Documentation]    Verify pod on Cluster B can reach service ClusterIP on Cluster A.
     ${svc_ip_a}=    Get Hello Service IP    cluster-a
     ${stdout}=    Curl From Cluster    cluster-b    ${svc_ip_a}    8080
-    Should Contain    ${stdout}    Hello MicroShift
+    Should Contain    ${stdout}    Hello from
+
+Source IP Preserved Pod To Pod From Cluster A To Cluster B
+    [Documentation]    Verify cross-cluster pod-to-pod traffic preserves the source pod IP (no SNAT).
+    ${curl_pod_ip}=    Get Curl Pod IP    cluster-a
+    ${pod_ip_b}=    Get Hello Pod IP    cluster-b
+    ${stdout}=    Curl From Cluster    cluster-a    ${pod_ip_b}    8080
+    Should Contain    ${stdout}    source: ${curl_pod_ip}
+
+Source IP Preserved Pod To Pod From Cluster B To Cluster A
+    [Documentation]    Verify cross-cluster pod-to-pod traffic preserves the source pod IP (no SNAT).
+    ${curl_pod_ip}=    Get Curl Pod IP    cluster-b
+    ${pod_ip_a}=    Get Hello Pod IP    cluster-a
+    ${stdout}=    Curl From Cluster    cluster-b    ${pod_ip_a}    8080
+    Should Contain    ${stdout}    source: ${curl_pod_ip}
+
+Source IP Preserved Pod To Service From Cluster A To Cluster B
+    [Documentation]    Verify cross-cluster pod-to-service traffic preserves the source pod IP (no SNAT).
+    ${curl_pod_ip}=    Get Curl Pod IP    cluster-a
+    ${svc_ip_b}=    Get Hello Service IP    cluster-b
+    ${stdout}=    Curl From Cluster    cluster-a    ${svc_ip_b}    8080
+    Should Contain    ${stdout}    source: ${curl_pod_ip}
+
+Source IP Preserved Pod To Service From Cluster B To Cluster A
+    [Documentation]    Verify cross-cluster pod-to-service traffic preserves the source pod IP (no SNAT).
+    ${curl_pod_ip}=    Get Curl Pod IP    cluster-b
+    ${svc_ip_a}=    Get Hello Service IP    cluster-a
+    ${stdout}=    Curl From Cluster    cluster-b    ${svc_ip_a}    8080
+    Should Contain    ${stdout}    source: ${curl_pod_ip}
 
 
 *** Keywords ***
@@ -61,47 +89,30 @@ Teardown
     Remove Kubeconfig
     Logout MicroShift Host
 
-Deploy Test Workloads
-    [Documentation]    Create namespace and deploy hello-microshift + curl-pod on both clusters.
-    VAR    ${assets}=    ${EXECDIR}/assets/c2cc
-    FOR    ${alias}    IN    cluster-a    cluster-b
-        Oc On Cluster    ${alias}    oc create namespace ${NAMESPACE}
-        Oc On Cluster    ${alias}    oc apply -n ${NAMESPACE} -f ${assets}/hello-microshift.yaml
-        Oc On Cluster    ${alias}    oc apply -n ${NAMESPACE} -f ${assets}/curl-pod.yaml
-    END
-    Wait For Test Pods
-
-Wait For Test Pods
-    [Documentation]    Wait for all test pods to be Ready on both clusters.
-    FOR    ${alias}    IN    cluster-a    cluster-b
-        Oc On Cluster    ${alias}
-        ...    oc wait pod/hello-microshift pod/curl-pod -n ${NAMESPACE} --for=condition=Ready --timeout=120s
-    END
-
-Cleanup Test Workloads
-    [Documentation]    Delete test namespace on both clusters. Ignores errors.
-    FOR    ${alias}    IN    cluster-a    cluster-b
-        Run Keyword And Ignore Error
-        ...    Oc On Cluster    ${alias}    oc delete namespace ${NAMESPACE} --timeout=60s
-    END
-
 Get Hello Pod IP
     [Documentation]    Get the pod IP of hello-microshift on the given cluster.
     [Arguments]    ${alias}
     ${ip}=    Oc On Cluster    ${alias}
-    ...    oc get pod hello-microshift -n ${NAMESPACE} -o jsonpath='{.status.podIP}'
+    ...    oc get pod hello-microshift -n ${NAMESPACES}[${alias}] -o jsonpath='{.status.podIP}'
     RETURN    ${ip}
 
 Get Hello Service IP
     [Documentation]    Get the ClusterIP of the hello-microshift service on the given cluster.
     [Arguments]    ${alias}
     ${ip}=    Oc On Cluster    ${alias}
-    ...    oc get svc hello-microshift -n ${NAMESPACE} -o jsonpath='{.spec.clusterIP}'
+    ...    oc get svc hello-microshift -n ${NAMESPACES}[${alias}] -o jsonpath='{.spec.clusterIP}'
+    RETURN    ${ip}
+
+Get Curl Pod IP
+    [Documentation]    Get the pod IP of curl-pod on the given cluster.
+    [Arguments]    ${alias}
+    ${ip}=    Oc On Cluster    ${alias}
+    ...    oc get pod curl-pod -n ${NAMESPACES}[${alias}] -o jsonpath='{.status.podIP}'
     RETURN    ${ip}
 
 Curl From Cluster
     [Documentation]    Exec curl from curl-pod on the given cluster to the target IP and port.
     [Arguments]    ${alias}    ${ip}    ${port}
     ${stdout}=    Oc On Cluster    ${alias}
-    ...    oc exec curl-pod -n ${NAMESPACE} -- curl -sS --max-time 10 http://${ip}:${port}
+    ...    oc exec curl-pod -n ${NAMESPACES}[${alias}] -- curl -sS --max-time 10 http://${ip}:${port}/cgi-bin/hello
     RETURN    ${stdout}
diff --git a/test/suites/c2cc/dns.robot b/test/suites/c2cc/dns.robot
new file mode 100644
index 0000000000..a9a2733c4a
--- /dev/null
+++ b/test/suites/c2cc/dns.robot
@@ -0,0 +1,97 @@
+*** Settings ***
+Documentation       Cross-cluster DNS tests for C2CC.
+...                 Verifies CoreDNS server blocks are injected for remote domains,
+...                 DNS resolution works across clusters, and service access via
+...                 DNS names works end-to-end.
+
+Resource            ../../resources/microshift-process.resource
+Resource            ../../resources/kubeconfig.resource
+Resource            ../../resources/oc.resource
+Resource            ../../resources/c2cc.resource
+
+Suite Setup         Setup
+Suite Teardown      Teardown
+
+Test Tags           c2cc
+
+
+*** Variables ***
+&{NAMESPACES}       cluster-a=${EMPTY}    cluster-b=${EMPTY}
+
+
+*** Test Cases ***
+Corefile Contains C2CC Server Block On Cluster A
+    [Documentation]    Verify Cluster A's Corefile has a server block for Cluster B's domain.
+    Verify Corefile Contains C2CC Server Block    cluster-a    ${CLUSTER_B_DOMAIN}
+
+Corefile Contains C2CC Server Block On Cluster B
+    [Documentation]    Verify Cluster B's Corefile has a server block for Cluster A's domain.
+    Verify Corefile Contains C2CC Server Block    cluster-b    ${CLUSTER_A_DOMAIN}
+
+Resolve Remote Service DNS From Cluster A
+    [Documentation]    Verify pod on Cluster A can resolve a service on Cluster B via DNS.
+    DNS Resolve From Cluster    cluster-a
+    ...    hello-microshift.${NAMESPACES}[cluster-b].svc.${CLUSTER_B_DOMAIN}
+
+Resolve Remote Service DNS From Cluster B
+    [Documentation]    Verify pod on Cluster B can resolve a service on Cluster A via DNS.
+    DNS Resolve From Cluster    cluster-b
+    ...    hello-microshift.${NAMESPACES}[cluster-a].svc.${CLUSTER_A_DOMAIN}
+
+Curl Remote Service Via DNS From Cluster A
+    [Documentation]    Verify pod on Cluster A can reach a service on Cluster B using the remote DNS name.
+    ${stdout}=    Curl DNS From Cluster    cluster-a
+    ...    hello-microshift.${NAMESPACES}[cluster-b].svc.${CLUSTER_B_DOMAIN}    8080
+    Should Contain    ${stdout}    Hello from
+
+Curl Remote Service Via DNS From Cluster B
+    [Documentation]    Verify pod on Cluster B can reach a service on Cluster A using the remote DNS name.
+    ${stdout}=    Curl DNS From Cluster    cluster-b
+    ...    hello-microshift.${NAMESPACES}[cluster-a].svc.${CLUSTER_A_DOMAIN}    8080
+    Should Contain    ${stdout}    Hello from
+
+
+*** Keywords ***
+Setup
+    [Documentation]    Set up clusters and deploy test workloads on both.
+    Check Required Env Variables
+    Login MicroShift Host
+    Setup Kubeconfig
+    Register Local Cluster    cluster-a
+    Register Remote Cluster    cluster-b    ${HOST2_IP}    ${HOST2_SSH_PORT}    ${KUBECONFIG_B}
+    Deploy Test Workloads
+
+Teardown
+    [Documentation]    Remove test workloads and close connections.
+    Cleanup Test Workloads
+    Teardown All Remote Clusters
+    Remove Kubeconfig
+    Logout MicroShift Host
+
+DNS Resolve From Cluster
+    [Documentation]    Resolve a DNS name from curl-pod on the given cluster. Retries for up to 60s.
+    [Arguments]    ${alias}    ${fqdn}
+    Wait Until Keyword Succeeds    12x    5s
+    ...    DNS Lookup Should Succeed    ${alias}    ${fqdn}
+
+DNS Lookup Should Succeed
+    [Documentation]    Resolve a DNS name from curl-pod using getent hosts.
+    [Arguments]    ${alias}    ${fqdn}
+    ${stdout}=    Oc On Cluster    ${alias}
+    ...    oc exec curl-pod -n ${NAMESPACES}[${alias}] -- getent hosts ${fqdn}
+    Should Not Be Empty    ${stdout}
+
+Curl DNS From Cluster
+    [Documentation]    Curl a service by DNS name from curl-pod on the given cluster.
+    [Arguments]    ${alias}    ${fqdn}    ${port}
+    ${stdout}=    Wait Until Keyword Succeeds    12x    5s
+    ...    Curl DNS Should Succeed    ${alias}    ${fqdn}    ${port}
+    RETURN    ${stdout}
+
+Curl DNS Should Succeed
+    [Documentation]    Single attempt to curl a DNS name from curl-pod.
+    [Arguments]    ${alias}    ${fqdn}    ${port}
+    ${stdout}=    Oc On Cluster    ${alias}
+    ...    oc exec curl-pod -n ${NAMESPACES}[${alias}] -- curl -sS --max-time 10 http://${fqdn}:${port}/cgi-bin/hello
+    Should Contain    ${stdout}    Hello from
+    RETURN    ${stdout}