[Bug 1826419] Re: dhcp agent configured with mismatching domain and host entries

Fri Apr 26 15:00:04 UTC 2019

Fairly; I was able to reproduce the mismatch even without designate;
specifically:

/etc/neutron/plugins/ml2/ml2_conf.ini

 [ml2]
 extension_drivers = port_security,dns_domain_ports

/etc/neutron/neutron.conf

 [DEFAULT]
 dns_domain = jamespage.example.

I then updated the dns_domain on the private network:

 openstack network set private --dns-domain designate.example.

and booted a couple of instances:

$ dnsmasq --no-hosts  --pid-file=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/host --addn-hosts=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-interfaces --dhcp-range=set:tag1,10.0.0.0,static,255.255.255.192,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=64 --conf-file= --domain=designate.example.

$ cat /opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/host
fa:16:3e:9f:cf:f8,host-10-0-0-1.jamespage.example.,10.0.0.1
fa:16:3e:c3:0e:f7,host-10-0-0-2.jamespage.example.,10.0.0.2
fa:16:3e:4d:fc:2f,testserver-1.jamespage.example.,10.0.0.10
fa:16:3e:41:f8:61,testserver-2.jamespage.example.,10.0.0.32

you can clearly see that the entries in the host file are based on the
configured jamespage.example. but that the domain is set to
designate.example. as configured on the network.

This generates the forward/reverse DNS lookup mismatch from an instance
perspective.

The dns_assignment of one of the servers ports looks like:

| dns_assignment          | fqdn='testserver-1.jamespage.example.',
hostname='testserver-1', ip_address='10.0.0.10'
|

this is used to populate the dnsmasq host file.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1826419

Title:
  dhcp agent configured with mismatching domain and host entries

Status in neutron:
  New
Status in neutron package in Ubuntu:
  New

Bug description:
  Related bug 1774710 and bug 1580588

  The neutron-dhcp-agent in OpenStack >= Queens makes use of the
  dns_domain value set on a network to configure the '--domain'
  parameter of the dnsmasq instance that supports it;  at the same time,
  neutron makes use of CONF.dns_domain when creating dns_assignments for
  ports - this results in a hosts file for the dnsmasq instance which
  uses CONF.dns_domain and a --domain parameter of network.dns_domain
  which do not match.

  This results in a search path on instances booted attached to the
  network which is inconsistent with the internal DNS entries that
  dnsmasq responds with:

    root at bionic-045546-2:~# host 192.168.21.222
    222.21.168.192.in-addr.arpa domain name pointer bionic-045546-2.jamespage.internal.
    root at bionic-045546-2:~# host bionic-045546-2
    bionic-045546-2.designate.local has address 192.168.21.222

  In the above example:

    CONF.dns_domain = jamespage.internal.
    network.dns_domain = designate.local.

  Based on previous discussion in bug 1580588 I think that the
  dns_domain value for a network was intented for use for external DNS
  integration such as that provided by Designate.

  The changed made under commit:

    https://opendev.org/openstack/neutron/commit/137a6d61053

  appear to break this assumption, producing somewhat inconsistent
  behaviour in the dnsmasq instance for the network.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1826419/+subscriptions