Public bug reported:
Nova uses dnsmasq to answer questions about name <-> IP resolution for
instances. By default, it does nothing about things where there is no
answer.
This causes dnsmasq to forward the query (for which it should be
authoritative) off to the nameserver found in resolv.conf. If the zone
is properly delegated to nova via a forward only zone declaration in the
resolver, then we run into the situation where the instance asks dnsmasq
which asks the resolver which asks dnsmasq which then times out.
Combine this with linux' love for IPv6, and a single domain search list
in resolv.conf, and anything that looks up a host name (e.g., sudo) will
take 10 seconds (5 seconds each for the lookup of $(hostname).$domain
and $(hostname) AAAA RRs), before it fails back to looking up
$(hostname).$domain A RR and gets an answer.
The fix that worked for us was to add
--dnsmasq_config_file=/etc/nova/dnsmasq.conf (not --dns_server, because we DO
NOT WANT -h and -R passed to dnsmasq, and we need to specify multiple --server
directives) and then dnsmasq.conf gets
"--server=/xxx.yyy.10.in-addr.arpa/ --server=/openstack.example.com/" which
tells it to not forward queries for those zones off-machine. (The lack of -h
and -R means that we do not break our ability to resolute the rest of the DNS
world.)
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1059899
Title:
nova fails to configure dnsmasq, resulting in DNS timeouts in
instances
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1059899/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
