yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2112446] Re: [RFE] Internal DNS resolution with OVS Agent

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2112446@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Jul 2025 22:15:25 -0000
Reply-to: Bug 2112446 <2112446@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron-specs/+/952737
Committed: https://opendev.org/openstack/neutron-specs/commit/efc332acf71051350935c16acf3c5999b08e1b6c
Submitter: "Zuul (22348)"
Branch:    master

commit efc332acf71051350935c16acf3c5999b08e1b6c
Author: Dai Dang Van <daikk115@xxxxxxxxx>
Date:   Tue Jun 17 14:41:28 2025 +0700

    Add spec for Distributed DNS Forwarder
    
    Closes-Bug: #2112446
    Change-Id: I4284cc3a9dd8c724e49c4caa64f4a2b8ff3af37b
    Signed-off-by: Dai, Dang Van <daikk115@xxxxxxxxx>


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2112446

Title:
  [RFE] Internal DNS resolution with OVS Agent

Status in neutron:
  Fix Released

Bug description:
  * Summary: Distributed DHCP for Openvswitch not support DNS lookup

  * Description:
    - DHCP Agent with dnsmasq can provide both DHCP and DNS features
    - With Distributed DHCP for Openvswitch, we must setup connectivity from VM to DNS Server
    - AWS are using 169.254.169.253 and fd00:ec2::253 as DNS Server, and provide DNS without internet connection: https://docs.aws.amazon.com/vpc/latest/userguide/AmazonDNS-concepts.html and https://www.youtube.com/watch?v=_Z5jAs2gvPA&t=277s
    - GCP is same with 169.254.169.254: https://cloud.google.com/compute/docs/internal-dns
    - OVN also provide some similar thing as a DNS Proxy: https://docs.openstack.org/charm-guide/latest/admin/networking/ovn/internal-dns.html

  * Why we need this:
    - Provide internal DNS resolution for VM with OVS agent even when VM dont have internet/external connectivity
    - For example, VM connect to DBaaS domain endpoint and keep connect incase of DB instance failover (Master IP can be change)

  * Proposal:
    - Create a dns proxy l2 extension like we did with Distributed DHCP for OVS - https://specs.openstack.org/openstack/neutron-specs/specs/wallaby/distributed_dhcp.html#solution-proposed
    - Capture packet sent to 169.254.169.253:53 and sent it CONTROLLER

  * PoC: [WIP] Add dns proxy l2 extension:
  https://review.opendev.org/c/openstack/neutron/+/951390

  * How to test PoC code manually:
    1. File the neutron source code of "neutron openvswitch agent"
    2. Update neutron code following patch: https://review.opendev.org/c/openstack/neutron/+/951390, including setup.cfg (make sure you can connect to 1.1.1.1 or change it to another DNS Server)
    3. Run "python setup.py develop" inside folder contain setup.cfg
    5. Update neutron config file openvswitch_agent.ini to enable extension, like this: extensions = dhcp, dns_forwarder
    5. Restart "neutron openvswitch agent"
    6. Create a VXLAN network >> Create an Router without External Gateway >> Attach subnet into Router (Network gateway IP must be exist for ARP first, so that why we need router here)
    7. Create a VM on above VXLAN network, then try to resolve a public domain like: dig @169.254.169.253 bugs.launchpad.net

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2112446/+subscriptions

References

[Bug 2112446] [NEW] [RFE] Internal DNS resolution with OVS Agent
From: Dai Dang Van, 2025-06-04