[18.05] recursion is disabled which prevents instance queries from being forwarded to upstream servers

Bug #1776952 reported by Dmitrii Shcherbakov on 2018-06-14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Designate-Bind Charm
Nobuto Murata

Bug Description

In order to provide external name resolution for instances using dnsmasq provided by neutron as a resolver designate-bind charm needs to configure recursion in bind9 config (currently recursion is disabled) and allow queries from IP addresses of compute nodes hosting dnsmasq daemons.

See also https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1773377

James Page (james-page) on 2018-06-18
Changed in charm-designate-bind:
status: New → Triaged
importance: Undecided → Medium
milestone: none → 18.08
Nobuto Murata (nobuto) on 2018-07-23
Changed in charm-designate-bind:
assignee: nobody → Nobuto Murata (nobuto)

Fix proposed to branch: master
Review: https://review.openstack.org/584691

Changed in charm-designate-bind:
status: Triaged → In Progress
Pedro Guimarães (pguimaraes) wrote :

I was doing some work on https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1773377 and part of that was to enable BIND9 for recursion. I just submitted the code I developed for the recursion functionality (can be found on: https://review.openstack.org/#/c/586360/)

Still wonder if we do not need a OVS-designate relation (as suggested on Bug #1773377). Enabling recursion on BIND9 allows OVS's dnsmasq to be manually configured to point out to a set of BIND9s. However, if these BIND9s either fail or change for some reason their address, then compute nodes will fail to reach their DNS server(s). OVS-designate relation would allow to reconfigure these compute nodes on the fly.

Reviewed: https://review.openstack.org/584691
Committed: https://git.openstack.org/cgit/openstack/charm-designate-bind/commit/?id=4132f05db4b7bc3a64980a6adb10028c36604203
Submitter: Zuul
Branch: master

commit 4132f05db4b7bc3a64980a6adb10028c36604203
Author: Nobuto Murata <email address hidden>
Date: Mon Jul 23 11:24:54 2018 +0900

    Enable recursion when requested by forwarders or users

    Forwarders do not work unless recursion is enabled. Also, allow users to
    set recursion explicitly when they want BIND9 set up by the charm to act
    as a full-service resolver.

    Documentation has been updated to warn users to set ACLs when enabling
    forwarders or recursion to avoid it from being a open resolver.

    Change-Id: I53d53decbbae12e0b743aa34421d63a5a5c892f1
    Closes-Bug: #1776952
    Co-Authored-By: Pedro <email address hidden>

Changed in charm-designate-bind:
status: In Progress → Fix Committed

Change abandoned by Dmitrii Shcherbakov (<email address hidden>) on branch: master
Review: https://review.openstack.org/586360
Reason: Superseded by https://review.openstack.org/#/c/584691/

David Ames (thedac) on 2018-09-06
Changed in charm-designate-bind:
status: Fix Committed → Fix Released

Change abandoned by Dmitrii Shcherbakov (<email address hidden>) on branch: stable/18.05
Review: https://review.openstack.org/591057

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers