MAAS

Add ability to overwrite DNS search list or defined which domains to be in search list

Bug #1719473 reported by Jeff Hillman on 2017-09-25

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Invalid	Undecided	Unassigned

Bug Description

MAAS 2.2.2

We have added domains to MAAS and domain resources to MAAS (for this, the purpose was to "hijack" domains so that we could just an on premise mirror, basically make deployments going to us.archive.ubuntu.com go to our own server), and with this deployment as far as software installation and pulling of ephimeral images and whatnot works just fine.

However, MAAS is adding all of these domains to /etc/network/interfaces under dns-search, and is thus adding them to /etc/resolve.conf

the bare-metal nodes do not need to search these domains, it is in itself a DNS nameserver with these entries.

Even in a non on-premise world, I can't imagine how these domains would need to be added to dns search. MAAS has the ability to add single entries with IP addresses for resolution already.

See original description

Tags:

Andres Rodriguez (andreserl) on 2017-10-05

tags:

added: internal

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2017-10-10:

Hi Jeff,

Can you provide a couple things:

1. which domain the machine has been configured with
2. what is the /etc/resolv.conf of the deployed machine.

Furthermore, a few other questions. Where you poisoning DNS to resolve ubuntu.com and etc ?

Lastly, we also have this issue: https://bugs.launchpad.net/maas/+bug/1696485 which is with the intention of making it match what the machine is deployed with (currently machines get search domain on deploy but not on dhcp).

Changed in maas:
status:	New → Incomplete
milestone:	none → 2.3.0beta3

Revision history for this message

Jeff Hillman (jhillman) wrote on 2017-10-10:

What we are doing is "spoofing" DNS for an offline deployment.

Basically adding domains and DNS resources to MAAS for ...

us.archive.ubuntu.com
archive.ubuntu.com
archive.canonical.com
maas.io
elasticsearch.co

etc...

on the deployed baremetal nodes, resolv.conf look like ...

nameserver <ip-address>
search maas archive.ubuntu.com archive.canonical.com elasticsearch.co maas.io etc

If we change the domains to "non authoritate" via maas clie, then they don't get added to resolv.conf, but DNS for those domain breaks.

I hope this adds some clarifications.

Andres Rodriguez (andreserl) on 2017-10-12

Changed in maas:
milestone:	2.3.0beta3 → 2.3.0beta4

Andres Rodriguez (andreserl) on 2017-10-31

Changed in maas:
milestone:	2.3.0beta4 → 2.3.0rc1

Andres Rodriguez (andreserl) on 2017-11-02

Changed in maas:
milestone:	2.3.0rc1 → 2.3.0rc2

Andres Rodriguez (andreserl) on 2017-11-03

Changed in maas:
milestone:	2.3.0rc2 → 2.4.x
importance:	Undecided → Wishlist

Andres Rodriguez (andreserl) on 2018-04-06

summary:	- MAAS adding domains to dns-search field that are unnecessary + [enhancement] MAAS adding domains to dns-search field that are + unnecessary
tags:	added: wishlist
Changed in maas:
importance:	Wishlist → Undecided
status:	Incomplete → Triaged
summary:	- [enhancement] MAAS adding domains to dns-search field that are - unnecessary + [enhancement] Add ability to overwrite DNS search list
summary:	- [enhancement] Add ability to overwrite DNS search list + [enhancement] Add ability to overwrite DNS search list or defined which + domains to be in search list

Andres Rodriguez (andreserl) on 2018-07-12

Changed in maas:
milestone:	2.4.x → 2.5.0

Andres Rodriguez (andreserl) on 2018-10-16

Changed in maas:
milestone:	2.5.0 → 2.5.x

Andres Rodriguez (andreserl) on 2018-10-16

Changed in maas:
milestone:	2.5.x → next

Andres Rodriguez (andreserl) on 2019-02-11

Changed in maas:
milestone:	next → 2.6.0

Revision history for this message

Adam Collard (adam-collard) wrote on 2019-09-19: Re: [enhancement] Add ability to overwrite DNS search list or defined which domains to be in search list

This bug has not seen any activity in the last 6 months, so it is being automatically closed.

If you are still experiencing this issue, please feel free to re-open.

MAAS Team

Changed in maas:
status:	Triaged → Invalid

Revision history for this message

Chris Privitere (cprivite) wrote on 2020-02-07:

So I would say the current status of this is that currently there is no way to modify the domain search list of a MaaS deployed machine, with one exception. If you add a domain to the DNS tab in MaaS and then mark it as authoritative, MaaS will add that domain to the search list.

The bug (feature request?) hasn't seen activity in the last year months and was autoclosed, but it's still a shortcoming that I know I would like to see fixed (and there's at least one discourse thread asking for it as well). So I'm attempting to re-open.

So can we have a way to tell MaaS to add a domain to the search list even if it's not an authoritative domain that MaaS manages?

Alternately, a way to tell update the cloud-init settings for a machine in a way that the machine will actually pick them up on reboot would work too.

Revision history for this message

Stéphane Graber (stgraber) wrote on 2020-06-02:

Re-opening as this is certainly still a problem and the only reason fro the lack of activity is because it hasn't been worked on.

Changed in maas:
status:	Invalid → New

Adam Collard (adam-collard) on 2020-06-02

summary:

- [enhancement] Add ability to overwrite DNS search list or defined which
- domains to be in search list
+ Add ability to overwrite DNS search list or defined which domains to be
+ in search list

Revision history for this message

Alvaro Uria (aluria) wrote on 2020-06-17:

maas subnets section capture Edit (51.4 KiB, image/png)

In MaaS 2.4.2 (7034-g2f5deb8b8-0ubuntu1), I ran into a somewhat similar issue. I configured a DNS server (see attachment) in the "Subnets" section.

However, netplan does not configure the authoritative "maas" zone in dns-search:
"""
root@juju-566b35-0-lxd-4:~# cat /etc/netplan/99-juju.yaml
network:
  version: 2
  ethernets:
    eth0:
      match:
        macaddress: 00:16:3e:57:ad:97
      addresses:
      - 10.67.218.176/24
      gateway4: 10.67.218.1
      nameservers:
        addresses: [10.67.218.164]

"""

That becomes an issue for ie. charm-nova-cloud-controller, that fails because:
"""
2020-06-17 08:58:14 DEBUG cloud-compute-relation-changed dns.resolver.NoNameservers: All nameservers failed to answer the query vm4. IN A: Server 127.0.0.53 UDP port 53 answered SERVFAIL
"""

However,
"""
root@juju-566b35-0-lxd-4:~# host vm4
Host vm4 not found: 2(SERVFAIL)
root@juju-566b35-0-lxd-4:~# host vm4.maas
vm4.maas has address 10.67.218.163
"""

I think an option should exist to be able to modify, remove or add dns-search values.

Thank you.

Revision history for this message

Alvaro Uria (aluria) wrote on 2020-06-17:

Comment #6 happens when the MaaS DNS IP is configured on the subnet section of the PXE network. As mentioned in [1], if the DNS IP is removed from the subnet section - hence, the default is used - then "search <authoritative-zone>" is configured in resolv.conf.

1. https://bugs.launchpad.net/maas/+bug/1771885/comments/22

Alberto Donato (ack) on 2020-10-30

Changed in maas:
milestone:	2.6.0 → next
status:	New → Triaged

Björn Tillenius (bjornt) on 2021-08-24

Changed in maas:
milestone:	next → none

Adam Collard (adam-collard) on 2022-05-26

description:

updated

Revision history for this message

Adam Collard (adam-collard) wrote on 2022-05-26:

Great idea. Can you repost this to https://discourse.maas.io/c/features/15? That's where we capture our feature requests. I'm going to invalidate this one, since it isn't an actual bug.