[ovs-discuss] OVN DNS support questions

Numan Siddique numans at ovn.org
Wed Jun 10 10:35:03 UTC 2020


On Wed, Jun 10, 2020 at 3:47 PM Brendan Doyle <brendan.doyle at oracle.com>
wrote:

>
> So as I understand it OVN DNS is not operating as either an iterative or
> recursive DNS resolver.
> It won't respond  with a referral to another DNS server nor will it do
> iterative requests to root, top
> level and  authoritative servers to find the response.
>
> It essentially intercepts the DNA request from the client on the switch
> port that the client is connected
> to and if it knows the DNS query it will reply regardless of what DNS
> server the request was directed to.
> So if the request was directed to an OVN router IP that is connected to
> the switch, the request will be
> dropped if the logical switch port has no DNS records for the request. If
> the request is sent to a "real"
> DNS server IP (say google) and there is a route from the logicl network to
> google, the request will be
> forwarded to google's DNS server. So it is not acting like a DNS resolver
> per sey.
>
>
That's correct.

Numan

Brendan
>
>
> On 09/06/2020 19:24, Numan Siddique wrote:
>
>
>
> On Tue, Jun 9, 2020 at 11:49 PM John Lang <john.x.lang at oracle.com> wrote:
>
>> Numan,
>>
>>
>>
>> Earlier I had send an e-mail with the following question that you
>> responded to.  I maybe should have asked if the pipeline would redirect the
>> DNS request to another DNS server to OVN.
>>
>>
>>
>> 1.       If OVN can’t answer a DNS request, does the pipeline forward it
>> on the another DNS server?  How is that server address set?  Though the
>> DHCP options?
>>
>>
>>
>> Yes. If OVN can't anwer it resumes the packet pipeline. So if there are
>> any other DNS servers, they should get the packet.
>>
>> I was looking at the flows in my OVN setup configured for DNS, and I
>> don’t see how the DNS request is redirected to a server external to OVN.
>>
>>
>>
>>   table=16(ls_in_dns_lookup   ), priority=100  , match=(udp.dst == 53),
>> action=(reg0[4] = dns_lookup(); next;)
>>
>>   table=16(ls_in_dns_lookup   ), priority=0    , match=(1), action=(next;)
>>
>>   table=17(ls_in_dns_response ), priority=100  , match=(udp.dst == 53 &&
>> reg0[4]), action=(eth.dst <-> eth.src; ip6.src <-> ip6.dst; udp.dst =
>> udp.src; udp.src = 53; outport = inport; flags.loopback = 1; output;)
>>
>>   table=17(ls_in_dns_response ), priority=100  , match=(udp.dst == 53 &&
>> reg0[4]), action=(eth.dst <-> eth.src; ip4.src <-> ip4.dst; udp.dst =
>> udp.src; udp.src = 53; outport = inport; flags.loopback = 1; output;)
>>
>>   table=17(ls_in_dns_response ), priority=0    , match=(1), action=(next;)
>>
>>
>>
>> Based on these flows it looks like all udp.dst requests on port 53 are
>> sent to dns_lookup.  If dns_lookup resolves the request it send the reply
>> (either IPV4 or IPV6).  If not, it proceeds to table 18, and I think
>> eventually the request gets dropped.  Is there some later flow I should be
>> looking for that would redirect the request to another DNS server (or is
>> there something I’m missing in dns_lookup that does the redirect)?  If so,
>> how does OVN/OVS know the ip address of that server?
>>
>
> OVN is not aware of any external DNS servers if any. So if OVN can't
> resolve the DNS, the packet resumes the pipeline
> and is treated like any other packet. If the DNS server IP is to be routed
> it will be routed. Let me know If I'm not clear.
>
>
> Thanks
> Numan
>
>
>>
>> John Lang
>>
>> w (303) 272-5457
>>
>> c (970) 231-3724
>>
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>
> _______________________________________________
> discuss mailing listdiscuss at openvswitch.orghttps://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200610/c4a5d101/attachment.html>


More information about the discuss mailing list