Re: DNS resolution issue in cloudstack tenant VM

Fri, 06 Oct 2017 02:03:15 -0700 

Hi Tejas,

“DNS server is currently hosted in public network subnet which is being used by 
all the tenants”.

Is this DNS server hosted directly on the public network and externally to 
CloudStack, or is it hosted on a CloudStack isolated/VPC network with DNS 
services port forwarded to the public network?

If the latter then we have seen a few issues around “hairpin NATing” – where 
VMs on one isolated network isn’t able to access services on another isolated 
network over the common public network. This has been found to be down to order 
of Iptables rules on the VR. There were a few PRs to fix this issue earlier in 
the summer – and I believe those fixes have been included in 4.9.3. 

If the former – i.e. you are simply hosting a DNS server directly on the public 
network then I haven’t seen this before, I would suggest doing some packet 
sniffing to see what is going on on the network. 

A couple of obvious ones which you have probably checked:
- Is the VR actually handing out the correct DNS settings to the clients? If 
not it could be the DNSmasq DHCP service is unhappy about something.
- Any reason why you aren’t just letting the clients use the VR for DNS 
forwarding, rather than going direct? 

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 06/10/2017, 09:37, "Tejas Sheth" <tshet...@gmail.com> wrote:

    Hello,
    
       We started facing strange issue with cloudstack VM. where all the VMs in
    one particular tenant are not able to resolve DNS. since we are using
    advanced networking we have tried to reboot virtual router and other DNS
    services. still that particular tenant is not able to resolve the DNS.
    
      following troubleshooting steps completed.
       1) From the tenant (with issue) we are able reach DNS server with ICMP
    (ping)
       2) from other tenant we are able to reach DNS server on ICMP. also DNS
    resolution working from other tenant.
       3) We have checked ingress and egress traffic settings where we have
    allowed all inbound and outbound but still DNS resolution is not working.
    
    
    NOTE: DNS server is currently hosted in public network subnet which is
    being used by all the tenants
    


dag.sonst...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Reply via email to