<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 10, 2020 at 3:47 PM Brendan Doyle <<a href="mailto:brendan.doyle@oracle.com">brendan.doyle@oracle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<br>
So as I understand it OVN DNS is not operating as either an
iterative or recursive DNS resolver.<br>
It won't respond with a referral to another DNS server nor will it
do iterative requests to root, top <br>
level and authoritative servers to find the response.<br>
<br>
It essentially intercepts the DNA request from the client on the
switch port that the client is connected<br>
to and if it knows the DNS query it will reply regardless of what
DNS server the request was directed to.<br>
So if the request was directed to an OVN router IP that is connected
to the switch, the request will be<br>
dropped if the logical switch port has no DNS records for the
request. If the request is sent to a "real" <br>
DNS server IP (say google) and there is a route from the logicl
network to google, the request will be <br>
forwarded to google's DNS server. So it is not acting like a DNS
resolver per sey.<br>
<br></div></blockquote><div><br></div><div>That's correct.</div><div><br></div><div>Numan</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
Brendan<br>
<br>
<br>
<div>On 09/06/2020 19:24, Numan Siddique
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Jun 9, 2020 at 11:49
PM John Lang <<a href="mailto:john.x.lang@oracle.com" target="_blank">john.x.lang@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal">Numan,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Earlier I had send an e-mail with
the following question that you responded to. I maybe
should have asked if the pipeline would redirect the
DNS request to another DNS server to OVN.</p>
<p class="MsoNormal"> </p>
<p style="margin-left:0.75in"><span>1.<span style="font:7pt "Times New Roman"">
</span></span>If OVN can’t answer a DNS request,
does the pipeline forward it on the another DNS
server? How is that server address set? Though the
DHCP options?</p>
<p class="MsoNormal" style="margin-left:0.25in"> </p>
<p class="MsoNormal" style="margin-left:0.25in">Yes. If
OVN can't anwer it resumes the packet pipeline. So if
there are any other DNS servers, they should get the
packet.</p>
<p class="MsoNormal">I was looking at the flows in my
OVN setup configured for DNS, and I don’t see how the
DNS request is redirected to a server external to OVN.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-left:0.5in">
table=16(ls_in_dns_lookup ), priority=100 ,
match=(udp.dst == 53), action=(reg0[4] = dns_lookup();
next;)</p>
<p class="MsoNormal" style="margin-left:0.5in">
table=16(ls_in_dns_lookup ), priority=0 ,
match=(1), action=(next;)</p>
<p class="MsoNormal" style="margin-left:0.5in">
table=17(ls_in_dns_response ), priority=100 ,
match=(udp.dst == 53 && reg0[4]),
action=(eth.dst <-> eth.src; ip6.src <->
ip6.dst; udp.dst = udp.src; udp.src = 53; outport =
inport; flags.loopback = 1; output;)</p>
<p class="MsoNormal" style="margin-left:0.5in">
table=17(ls_in_dns_response ), priority=100 ,
match=(udp.dst == 53 && reg0[4]),
action=(eth.dst <-> eth.src; ip4.src <->
ip4.dst; udp.dst = udp.src; udp.src = 53; outport =
inport; flags.loopback = 1; output;)</p>
<p class="MsoNormal" style="margin-left:0.5in">
table=17(ls_in_dns_response ), priority=0 ,
match=(1), action=(next;)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Based on these flows it looks like
all udp.dst requests on port 53 are sent to
dns_lookup. If dns_lookup resolves the request it
send the reply (either IPV4 or IPV6). If not, it
proceeds to table 18, and I think eventually the
request gets dropped. Is there some later flow I
should be looking for that would redirect the request
to another DNS server (or is there something I’m
missing in dns_lookup that does the redirect)? If so,
how does OVN/OVS know the ip address of that server?</p>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>OVN is not aware of any external DNS servers if any. So
if OVN can't resolve the DNS, the packet resumes the
pipeline</div>
<div>and is treated like any other packet. If the DNS server
IP is to be routed it will be routed. Let me know If I'm not
clear.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Numan</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">John Lang</p>
<p class="MsoNormal">w (303) 272-5457</p>
<p class="MsoNormal">c (970) 231-3724</p>
<p class="MsoNormal"> </p>
</div>
</div>
_______________________________________________<br>
discuss mailing list<br>
<a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a><br>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a><br>
</blockquote>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
discuss mailing list
<a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
discuss mailing list<br>
<a href="mailto:discuss@openvswitch.org" target="_blank">discuss@openvswitch.org</a><br>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/mailman/listinfo/ovs-discuss</a><br>
</blockquote></div></div>