openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #04594
Re: dns issue?
-
To:
openstack@xxxxxxxxxxxxxxxxxxx
-
From:
Sharif Islam <islamsh@xxxxxxxxxxx>
-
Date:
Fri, 07 Oct 2011 15:43:54 -0400
-
In-reply-to:
<CAE2bT_0wsiP4TXMybss123rgPyER+=fo7o+xsznRC0z84tsbog@mail.gmail.com>
-
User-agent:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
Thanks Jorge.
On 10/07/2011 02:30 PM, Jorge Luiz Correa wrote:
> It seems that configs are OK.
Yes, that's what baffling me. I am pretty sure it was working before. I
applied some redhat update and rebooted the cluster couple weeks ago.
>
> If you use dig from the controller, could resolv names? I'm asking
> because can be case that packets arrive from VMs to controller but
> couldn't go to Internet.
>From the controller, it is fine:
# dig @10.0.1.1 google.com
; <<>> DiG 9.7.3-P1-RedHat-9.7.3-2.el6_1.P1.1 <<>> @10.0.1.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18002
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 263 IN A 72.14.204.99
google.com. 263 IN A 72.14.204.103
google.com. 263 IN A 72.14.204.104
google.com. 263 IN A 72.14.204.105
google.com. 263 IN A 72.14.204.147
;; AUTHORITY SECTION:
google.com. 84809 IN NS ns2.google.com.
google.com. 84809 IN NS ns3.google.com.
google.com. 84809 IN NS ns4.google.com.
google.com. 84809 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 160584 IN A 216.239.32.10
ns2.google.com. 159501 IN A 216.239.34.10
ns3.google.com. 159500 IN A 216.239.36.10
ns4.google.com. 159497 IN A 216.239.38.10
;; Query time: 1 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Fri Oct 7 14:44:10 2011
;; MSG SIZE rcvd: 244
>
> Another thing you can check. Although the resolv.conf of VMs are set
> with 10.0.1.1, there are a lot of iptables rules. I was using Cactus and
> I noticed that. If you type nova-manage network list you will see the
> networks and you can see a DNS collumn. The default was 8.8.4.4 but when
> I started instances this values changed to 10.0.2.1 or something like
> that! My concern is about what address nova uses to create rules!! Maybe
> all services are OK but a wrong iptables rule is dropping packets!
>
> iptables -n -L
http://paste.openstack.org/show/2646/
> iptables -n -L -t nat
http://paste.openstack.org/show/2647/
>
> Check if you have some rule permitting udp 53 to be forward/accepted
> (ie, not dropped).
Looks ok to me:
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
>
> As a debug option, you can run tcpdump on the controller interface and
> see what are happening with the packets.
>
> tcpdump -n -i <interface> port 53
# tcpdump -n -i eth0 port 53
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:42:41.459072 IP 10.0.1.4.46200 > 10.0.1.1.domain: 46894+ A?
google.com. (28)
15:42:41.459423 IP 10.0.1.4.49593 > 10.0.1.1.domain: 46894+ A?
google.com. (28)
15:42:41.459748 IP 10.0.1.4.32779 > 10.0.1.1.domain: 28545+ A?
google.com.novalocal. (38)
15:42:41.460029 IP 10.0.1.4.52463 > 10.0.1.1.domain: 28545+ A?
google.com.novalocal. (38)
This is when I pinged google.com from the vm. So iptables blocking
something?
--sharif
Follow ups
References
