<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 10, 2020 at 3:47 PM Brendan Doyle <<a href="mailto:brendan.doyle@oracle.com">brendan.doyle@oracle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <br>
    So as I understand it OVN DNS is not operating as either an
    iterative or recursive DNS resolver.<br>
    It won't respond  with a referral to another DNS server nor will it
    do iterative requests to root, top <br>
    level and  authoritative servers to find the response.<br>
    <br>
    It essentially intercepts the DNA request from the client on the
    switch port that the client is connected<br>
    to and if it knows the DNS query it will reply regardless of what
    DNS server the request was directed to.<br>
    So if the request was directed to an OVN router IP that is connected
    to the switch, the request will be<br>
    dropped if the logical switch port has no DNS records for the
    request. If the request is sent to a "real" <br>
    DNS server IP (say google) and there is a route from the logicl
    network to google, the request will be <br>
    forwarded to google's DNS server. So it is not acting like a DNS
    resolver per sey.<br>
    <br></div></blockquote><div><br></div><div>That's correct.</div><div><br></div><div>Numan</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
    Brendan<br>
    <br>
    <br>
    <div>On 09/06/2020 19:24, Numan Siddique
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div dir="ltr"><br>
        </div>
        <br>
        <div class="gmail_quote">
          <div dir="ltr" class="gmail_attr">On Tue, Jun 9, 2020 at 11:49
            PM John Lang <<a href="mailto:john.x.lang@oracle.com" target="_blank">john.x.lang@oracle.com</a>>
            wrote:<br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div lang="EN-US">
              <div>
                <p class="MsoNormal">Numan,</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">Earlier I had send an e-mail with
                  the following question that you responded to.  I maybe
                  should have asked if the pipeline would redirect the
                  DNS request to another DNS server to OVN.</p>
                <p class="MsoNormal"> </p>
                <p style="margin-left:0.75in"><span>1.<span style="font:7pt "Times New Roman"">      
                    </span></span>If OVN can’t answer a DNS request,
                  does the pipeline forward it on the another DNS
                  server?  How is that server address set?  Though the
                  DHCP options?</p>
                <p class="MsoNormal" style="margin-left:0.25in"> </p>
                <p class="MsoNormal" style="margin-left:0.25in">Yes. If
                  OVN can't anwer it resumes the packet pipeline. So if
                  there are any other DNS servers, they should get the
                  packet.</p>
                <p class="MsoNormal">I was looking at the flows in my
                  OVN setup configured for DNS, and I don’t see how the
                  DNS request is redirected to a server external to OVN.</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal" style="margin-left:0.5in"> 
                  table=16(ls_in_dns_lookup   ), priority=100  ,
                  match=(udp.dst == 53), action=(reg0[4] = dns_lookup();
                  next;)</p>
                <p class="MsoNormal" style="margin-left:0.5in"> 
                  table=16(ls_in_dns_lookup   ), priority=0    ,
                  match=(1), action=(next;)</p>
                <p class="MsoNormal" style="margin-left:0.5in"> 
                  table=17(ls_in_dns_response ), priority=100  ,
                  match=(udp.dst == 53 && reg0[4]),
                  action=(eth.dst <-> eth.src; ip6.src <->
                  ip6.dst; udp.dst = udp.src; udp.src = 53; outport =
                  inport; flags.loopback = 1; output;)</p>
                <p class="MsoNormal" style="margin-left:0.5in"> 
                  table=17(ls_in_dns_response ), priority=100  ,
                  match=(udp.dst == 53 && reg0[4]),
                  action=(eth.dst <-> eth.src; ip4.src <->
                  ip4.dst; udp.dst = udp.src; udp.src = 53; outport =
                  inport; flags.loopback = 1; output;)</p>
                <p class="MsoNormal" style="margin-left:0.5in"> 
                  table=17(ls_in_dns_response ), priority=0    ,
                  match=(1), action=(next;)</p>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">Based on these flows it looks like
                  all udp.dst requests on port 53 are sent to
                  dns_lookup.  If dns_lookup resolves the request it
                  send the reply (either IPV4 or IPV6).  If not, it
                  proceeds to table 18, and I think eventually the
                  request gets dropped.  Is there some later flow I
                  should be looking for that would redirect the request
                  to another DNS server (or is there something I’m
                  missing in dns_lookup that does the redirect)?  If so,
                  how does OVN/OVS know the ip address of that server?</p>
              </div>
            </div>
          </blockquote>
          <div><br>
          </div>
          <div>OVN is not aware of any external DNS servers if any. So
            if OVN can't resolve the DNS, the packet resumes the
            pipeline</div>
          <div>and is treated like any other packet. If the DNS server
            IP is to be routed it will be routed. Let me know If I'm not
            clear.</div>
          <div><br>
          </div>
          <div><br>
          </div>
          <div>Thanks</div>
          <div>Numan</div>
          <div><br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div lang="EN-US">
              <div>
                <p class="MsoNormal"> </p>
                <p class="MsoNormal">John Lang</p>
                <p class="MsoNormal">w (303) 272-5457</p>
                <p class="MsoNormal">c (970) 231-3724</p>
                <p class="MsoNormal"> </p>
              </div>
            </div>
            _______________________________________________<br>
            discuss mailing list<br>
            <a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a><br>
            <a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a><br>
          </blockquote>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
discuss mailing list
<a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a>
</pre>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>
discuss mailing list<br>
<a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a><br>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a><br>
</blockquote></div></div>