yahoo-eng-team team mailing list archive

["Dr. Jens Harbott" <1951074@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Using the default settings, i.e. without [ovn]dns_servers being
specified in ml2_conf.ini, OVN will send the nameserver addresses that
are specified in /etc/resolv.conf on the host in DHCP responses. This
may lead to unexpected leaks about the host infrastructure and thus
should at least be well documented. In most cases it will also lead to
broken DNS resolution for the instances, since when systemd-resolve is
being used, the host's nameserver address will be 127.0.0.53, and an
instance will not be able to resolve anything using that address.

Possibly a better approach would be to not send any nameserver
information via DHCP in this scenario.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: dns ovn

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1951074

Title:
  [OVN] default setting leak nameserver config from the host to
  instances

Status in neutron:
  New

Bug description:
  Using the default settings, i.e. without [ovn]dns_servers being
  specified in ml2_conf.ini, OVN will send the nameserver addresses that
  are specified in /etc/resolv.conf on the host in DHCP responses. This
  may lead to unexpected leaks about the host infrastructure and thus
  should at least be well documented. In most cases it will also lead to
  broken DNS resolution for the instances, since when systemd-resolve is
  being used, the host's nameserver address will be 127.0.0.53, and an
  instance will not be able to resolve anything using that address.

  Possibly a better approach would be to not send any nameserver
  information via DHCP in this scenario.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1951074/+subscriptions