yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2059405] Re: OVN DNS not working as documented

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Martin Ananda Boeker <2059405@xxxxxxxxxxxxxxxxxx>
Date: Fri, 05 Apr 2024 08:19:03 -0000
Reply-to: Bug 2059405 <2059405@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Kayobe config seems correct, marking as Neutron.
OVN internal version is : [23.03.1-20.27.0-70.6]

** Project changed: kayobe => neutron

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2059405

Title:
  OVN DNS not working as documented

Status in neutron:
  New

Bug description:
  Env: 2023.1

  As far as I can tell, I have configured OVN and DNS as documented.

  In kolla.yml
  kolla_enable_ovn: true

  In kolla/globals.yml:
  neutron_plugin_agent: ovn
  neutron_enable_ovn_agent: true

  It seems that it does not matter what I put in dns.yml, and
  documentation confirms that because OVN should be doing dns responses
  by grabbing queries to port 53. The behavior however is very strange.
  I only have two instances, vm1 (172.30.89.175) and vm2 (172.30.89.177)

  Here is the output of `ovn-sbctl list dns`:

  _uuid               : cdc31ab2-a363-4585-a835-c8019d4b265d
  datapaths           : [ca41c1b4-f4b1-4606-99e5-dc47a383accf]
  external_ids        : {dns_id="4c6895d8-fad3-4591-acc4-6a4ed8710d2b"}
  records             : {"175.89.30.172.in-addr.arpa"=vm1.aio.local, "177.89.30.172.in-addr.arpa"=vm2.aio.local, vm1="172.30.89.175", vm1.aio.local="172.30.89.175", vm2="172.30.89.177", vm2.aio.local="172.30.89.177"}

  
  Here's the output of trying to communicate between VMs:

  admin@vm1:~$ resolvectl
  Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

  Link 2 (ens3)
      Current Scopes: DNS
           Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  Current DNS Server: 172.30.89.76
         DNS Servers: 172.30.89.46 172.30.89.61 172.30.89.76
          DNS Domain: aio.local

  admin@vm1:~$ ping vm2
  ping: vm2: Temporary failure in name resolution

  admin@vm1:~$ host vm2
  Host vm2.aio.local not found: 5(REFUSED)

  admin@vm1:~$ host vm2.aio.local
  Host vm2.aio.local not found: 5(REFUSED)

  admin@vm1:~$ host vm2 172.30.89.46
  Using domain server:
  Name: 172.30.89.46
  Address: 172.30.89.46#53
  Aliases:

  vm2.aio.local has address 172.30.89.177
  Host vm2.aio.local not found: 5(REFUSED)
  Host vm2.aio.local not found: 5(REFUSED)

  
  172.30.89.46 172.30.89.61 172.30.89.76 are the controllers, however during testing we went as far as to disable Designate, so they cannot answer. However we see that when we manually specify a dns server to query against, even if that dns server does not know the answer, OVN responds with the correct address (and then we get two additional REFUSED errors).

  This is very strange behavior.. Are we missing something here?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2059405/+subscriptions