neutron

dnsmasq does not fallback on SERVFAIL

Bug #1746000 reported by Bernhard M. Wiedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Dirk Mueller

Bug Description

In our cloud deployment, we configured neutron-dhcp-agent
to have multiple external DNS servers

However, the last server on the list happened to be misconfigured (by others). So it returned SERVFAIL instead of correct responses and strace showed that dnsmasq only ever asked the last server for a name.
My testing shows that dropping the --strict-order parameter helped this problem.
It was introduced in commit 43960ee448 without reason given.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/538929

Changed in neutron:
assignee: nobody → Dirk Mueller (dmllr)
status: New → In Progress
Armando Migliaccio (armando-migliaccio)
tags: added: l3-ipam-dhcp
Changed in neutron:
importance: Undecided → Medium
Revision history for this message
Akihiro Motoki (amotoki) wrote :

It depends on dns server setup in deployments. I think strict-order is not required if all DNS servers are equivalent.
I am not sure how many deployments depends on the order of dns servers, but we need to take into account such deployments for backward compatibility.

This seems FAQ on strict-servers. http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2009q3/003295.html

Revision history for this message
Bernhard M. Wiedemann (ubuntubmw) wrote :

There someone thought
> If the first server doesn't reply, or can't answer,
> then it goes and tries the next one and so on.

but that was not what happened in the SERVFAIL case
and actually that is part of the FAQ:

> It is also worth pointing out that your first statement about
> "strict-order" is not quite true. Dnsmasq can't keep trying servers in
> order, since, after it has sent the query to the first server,
> it throws it away.

It also says:
> That's one reason why "strict-order" is broken and not recommended.

At the very least, if we dont drop it, it should become a config option.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/538929
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d3c69dc4f22ef96ad3fb66430ce703d9c2199d2e
Submitter: Zuul
Branch: master

commit d3c69dc4f22ef96ad3fb66430ce703d9c2199d2e
Author: Dirk Mueller <email address hidden>
Date: Mon Jan 29 15:11:04 2018 +0100

    Drop strict-order flag from dnsmasq invocation

    Without this flag, dnsmasq prefers to ask the servers that
    are known to be up, rather than hitting servers that are either
    down or known to be broken. This greatly reduces responsivity
    impact of broken upstream servers.

    Closes-Bug: #1746000
    Change-Id: Ieee4dafc578c3bda0935fcdb80faad6c342a10e9

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.0.0b1

This issue was fixed in the openstack/neutron 13.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/594557

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/594558

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/594559

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/594558
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=de6051ae93b49b44f40b8e7245f4e5a4010537cc
Submitter: Zuul
Branch: stable/queens

commit de6051ae93b49b44f40b8e7245f4e5a4010537cc
Author: Dirk Mueller <email address hidden>
Date: Mon Jan 29 15:11:04 2018 +0100

    Drop strict-order flag from dnsmasq invocation

    Without this flag, dnsmasq prefers to ask the servers that
    are known to be up, rather than hitting servers that are either
    down or known to be broken. This greatly reduces responsivity
    impact of broken upstream servers.

    Closes-Bug: #1746000
    Change-Id: Ieee4dafc578c3bda0935fcdb80faad6c342a10e9
    (cherry picked from commit d3c69dc4f22ef96ad3fb66430ce703d9c2199d2e)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.5

This issue was fixed in the openstack/neutron 12.0.5 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ocata)

Reviewed: https://review.openstack.org/594559
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c7676b3031760b815c118622fb6b0ea6578eb03d
Submitter: Zuul
Branch: stable/ocata

commit c7676b3031760b815c118622fb6b0ea6578eb03d
Author: Dirk Mueller <email address hidden>
Date: Mon Jan 29 15:11:04 2018 +0100

    Drop strict-order flag from dnsmasq invocation

    Without this flag, dnsmasq prefers to ask the servers that
    are known to be up, rather than hitting servers that are either
    down or known to be broken. This greatly reduces responsivity
    impact of broken upstream servers.

    Closes-Bug: #1746000
    Change-Id: Ieee4dafc578c3bda0935fcdb80faad6c342a10e9
    (cherry picked from commit d3c69dc4f22ef96ad3fb66430ce703d9c2199d2e)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/594557
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=aa4cbc9cde98aabe32d4ee0fd82195e5ec94d133
Submitter: Zuul
Branch: stable/pike

commit aa4cbc9cde98aabe32d4ee0fd82195e5ec94d133
Author: Dirk Mueller <email address hidden>
Date: Mon Jan 29 15:11:04 2018 +0100

    Drop strict-order flag from dnsmasq invocation

    Without this flag, dnsmasq prefers to ask the servers that
    are known to be up, rather than hitting servers that are either
    down or known to be broken. This greatly reduces responsivity
    impact of broken upstream servers.

    Closes-Bug: #1746000
    Change-Id: Ieee4dafc578c3bda0935fcdb80faad6c342a10e9
    (cherry picked from commit d3c69dc4f22ef96ad3fb66430ce703d9c2199d2e)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.7

This issue was fixed in the openstack/neutron 11.0.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron ocata-eol

This issue was fixed in the openstack/neutron ocata-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.