← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1059899] Re: nova fails to configure dnsmasq, resulting in DNS timeouts in instances

 

** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1059899

Title:
  nova fails to configure dnsmasq, resulting in DNS timeouts in
  instances

Status in OpenStack Compute (Nova):
  New
Status in “nova” package in Ubuntu:
  Confirmed

Bug description:
  Nova uses dnsmasq to answer questions about name <-> IP resolution for
  instances.  By default, it does nothing about things where there is no
  answer.

  This causes dnsmasq to forward the query (for which it should be
  authoritative) off to the nameserver found in resolv.conf.  If the
  zone is properly delegated to nova via a forward only zone declaration
  in the resolver, then we run into the situation where the instance
  asks dnsmasq which asks the resolver which asks dnsmasq which then
  times out.

  Combine this with linux' love for IPv6, and a single domain search
  list in resolv.conf, and anything that looks up a host name (e.g.,
  sudo) will take 10 seconds (5 seconds each for the lookup of
  $(hostname).$domain and $(hostname) AAAA RRs), before it fails back to
  looking up $(hostname).$domain A RR and gets an answer.

  The fix that worked for us was to add --dnsmasq_config_file=/etc/nova/dnsmasq.conf (not --dns_server, because we DO NOT WANT -h and -R passed to dnsmasq, and we need to specify multiple --server directives)  and then dnsmasq.conf gets
  "--server=/xxx.yyy.10.in-addr.arpa/  --server=/openstack.example.com/" which tells it to not forward queries for those zones off-machine.  (The lack of -h and -R means that we do not break our ability to resolute the rest of the DNS world.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1059899/+subscriptions