Reviewed: https://review.opendev.org/c/openstack/neutron-specs/+/952737 Committed: https://opendev.org/openstack/neutron-specs/commit/efc332acf71051350935c16acf3c5999b08e1b6c Submitter: "Zuul (22348)" Branch: master
commit efc332acf71051350935c16acf3c5999b08e1b6c Author: Dai Dang Van <[email protected]> Date: Tue Jun 17 14:41:28 2025 +0700 Add spec for Distributed DNS Forwarder Closes-Bug: #2112446 Change-Id: I4284cc3a9dd8c724e49c4caa64f4a2b8ff3af37b Signed-off-by: Dai, Dang Van <[email protected]> ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2112446 Title: [RFE] Internal DNS resolution with OVS Agent Status in neutron: Fix Released Bug description: * Summary: Distributed DHCP for Openvswitch not support DNS lookup * Description: - DHCP Agent with dnsmasq can provide both DHCP and DNS features - With Distributed DHCP for Openvswitch, we must setup connectivity from VM to DNS Server - AWS are using 169.254.169.253 and fd00:ec2::253 as DNS Server, and provide DNS without internet connection: https://docs.aws.amazon.com/vpc/latest/userguide/AmazonDNS-concepts.html and https://www.youtube.com/watch?v=_Z5jAs2gvPA&t=277s - GCP is same with 169.254.169.254: https://cloud.google.com/compute/docs/internal-dns - OVN also provide some similar thing as a DNS Proxy: https://docs.openstack.org/charm-guide/latest/admin/networking/ovn/internal-dns.html * Why we need this: - Provide internal DNS resolution for VM with OVS agent even when VM dont have internet/external connectivity - For example, VM connect to DBaaS domain endpoint and keep connect incase of DB instance failover (Master IP can be change) * Proposal: - Create a dns proxy l2 extension like we did with Distributed DHCP for OVS - https://specs.openstack.org/openstack/neutron-specs/specs/wallaby/distributed_dhcp.html#solution-proposed - Capture packet sent to 169.254.169.253:53 and sent it CONTROLLER * PoC: [WIP] Add dns proxy l2 extension: https://review.opendev.org/c/openstack/neutron/+/951390 * How to test PoC code manually: 1. File the neutron source code of "neutron openvswitch agent" 2. Update neutron code following patch: https://review.opendev.org/c/openstack/neutron/+/951390, including setup.cfg (make sure you can connect to 1.1.1.1 or change it to another DNS Server) 3. Run "python setup.py develop" inside folder contain setup.cfg 5. Update neutron config file openvswitch_agent.ini to enable extension, like this: extensions = dhcp, dns_forwarder 5. Restart "neutron openvswitch agent" 6. Create a VXLAN network >> Create an Router without External Gateway >> Attach subnet into Router (Network gateway IP must be exist for ARP first, so that why we need router here) 7. Create a VM on above VXLAN network, then try to resolve a public domain like: dig @169.254.169.253 bugs.launchpad.net To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2112446/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
