yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #08066
[Bug 1059899] Re: nova fails to configure dnsmasq, resulting in DNS timeouts in instances
** Also affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1059899
Title:
nova fails to configure dnsmasq, resulting in DNS timeouts in
instances
Status in OpenStack Compute (Nova):
New
Status in “nova” package in Ubuntu:
Confirmed
Bug description:
Nova uses dnsmasq to answer questions about name <-> IP resolution for
instances. By default, it does nothing about things where there is no
answer.
This causes dnsmasq to forward the query (for which it should be
authoritative) off to the nameserver found in resolv.conf. If the
zone is properly delegated to nova via a forward only zone declaration
in the resolver, then we run into the situation where the instance
asks dnsmasq which asks the resolver which asks dnsmasq which then
times out.
Combine this with linux' love for IPv6, and a single domain search
list in resolv.conf, and anything that looks up a host name (e.g.,
sudo) will take 10 seconds (5 seconds each for the lookup of
$(hostname).$domain and $(hostname) AAAA RRs), before it fails back to
looking up $(hostname).$domain A RR and gets an answer.
The fix that worked for us was to add --dnsmasq_config_file=/etc/nova/dnsmasq.conf (not --dns_server, because we DO NOT WANT -h and -R passed to dnsmasq, and we need to specify multiple --server directives) and then dnsmasq.conf gets
"--server=/xxx.yyy.10.in-addr.arpa/ --server=/openstack.example.com/" which tells it to not forward queries for those zones off-machine. (The lack of -h and -R means that we do not break our ability to resolute the rest of the DNS world.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1059899/+subscriptions