[ovs-discuss] OVN DNS support questions

Brendan Doyle brendan.doyle at oracle.com
Wed Jun 10 10:16:43 UTC 2020


So as I understand it OVN DNS is not operating as either an iterative or 
recursive DNS resolver.
It won't respond  with a referral to another DNS server nor will it do 
iterative requests to root, top
level and  authoritative servers to find the response.

It essentially intercepts the DNA request from the client on the switch 
port that the client is connected
to and if it knows the DNS query it will reply regardless of what DNS 
server the request was directed to.
So if the request was directed to an OVN router IP that is connected to 
the switch, the request will be
dropped if the logical switch port has no DNS records for the request. 
If the request is sent to a "real"
DNS server IP (say google) and there is a route from the logicl network 
to google, the request will be
forwarded to google's DNS server. So it is not acting like a DNS 
resolver per sey.

Brendan


On 09/06/2020 19:24, Numan Siddique wrote:
>
>
> On Tue, Jun 9, 2020 at 11:49 PM John Lang <john.x.lang at oracle.com 
> <mailto:john.x.lang at oracle.com>> wrote:
>
>     Numan,
>
>     Earlier I had send an e-mail with the following question that you
>     responded to.  I maybe should have asked if the pipeline would
>     redirect the DNS request to another DNS server to OVN.
>
>     1.If OVN can’t answer a DNS request, does the pipeline forward it
>     on the another DNS server?  How is that server address set? 
>     Though the DHCP options?
>
>     Yes. If OVN can't anwer it resumes the packet pipeline. So if
>     there are any other DNS servers, they should get the packet.
>
>     I was looking at the flows in my OVN setup configured for DNS, and
>     I don’t see how the DNS request is redirected to a server external
>     to OVN.
>
>     table=16(ls_in_dns_lookup   ), priority=100  , match=(udp.dst ==
>     53), action=(reg0[4] = dns_lookup(); next;)
>
>     table=16(ls_in_dns_lookup   ), priority=0    , match=(1),
>     action=(next;)
>
>     table=17(ls_in_dns_response ), priority=100  , match=(udp.dst ==
>     53 && reg0[4]), action=(eth.dst <-> eth.src; ip6.src <-> ip6.dst;
>     udp.dst = udp.src; udp.src = 53; outport = inport; flags.loopback
>     = 1; output;)
>
>     table=17(ls_in_dns_response ), priority=100  , match=(udp.dst ==
>     53 && reg0[4]), action=(eth.dst <-> eth.src; ip4.src <-> ip4.dst;
>     udp.dst = udp.src; udp.src = 53; outport = inport; flags.loopback
>     = 1; output;)
>
>     table=17(ls_in_dns_response ), priority=0    , match=(1),
>     action=(next;)
>
>     Based on these flows it looks like all udp.dst requests on port 53
>     are sent to dns_lookup.  If dns_lookup resolves the request it
>     send the reply (either IPV4 or IPV6).  If not, it proceeds to
>     table 18, and I think eventually the request gets dropped.  Is
>     there some later flow I should be looking for that would redirect
>     the request to another DNS server (or is there something I’m
>     missing in dns_lookup that does the redirect)?  If so, how does
>     OVN/OVS know the ip address of that server?
>
>
> OVN is not aware of any external DNS servers if any. So if OVN can't 
> resolve the DNS, the packet resumes the pipeline
> and is treated like any other packet. If the DNS server IP is to be 
> routed it will be routed. Let me know If I'm not clear.
>
>
> Thanks
> Numan
>
>     John Lang
>
>     w (303) 272-5457
>
>     c (970) 231-3724
>
>     _______________________________________________
>     discuss mailing list
>     discuss at openvswitch.org <mailto:discuss at openvswitch.org>
>     https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200610/11c3cbd1/attachment-0001.html>


More information about the discuss mailing list