Comment 4 for bug 2059405

Here is evidence that OVN is NOT actually catching the DNS traffic, even though it is reaching the DNS server (controller):

ON VM:
admin@vm1:~$ host vm2
Host vm2.aio.local not found: 5(REFUSED)

ON CONTROLLER, tcpdump -n port 53:

12:30:08.086208 IP 172.30.89.176.38733 > 172.30.89.61.53: 8954+ [1au] A? vm2.aio.local. (44)
12:30:08.086396 IP 172.30.89.61.53 > 172.30.89.176.38733: 8954 Refused- 0/0/1 (44)

The REFUSED response from the controller is expected, because there is no DNS entry in designate for vm2, but the question is why did OVN not reply since clearly the request left the VM. Here again the OVN config:

ubuntu@AIOTEST02:~$ ovn-sbctl list dns
_uuid : f18eeb3b-3319-4546-ad58-1549f8ed7f70
datapaths : [c36f655d-0364-45bf-a750-663ad676d607]
external_ids : {dns_id="db82ba60-c867-49eb-bb65-0de79745aafb"}
records : {"174.89.30.172.in-addr.arpa"=vm2.aio.local, "176.89.30.172.in-addr.arpa"=vm1.aio.local, vm1="172.30.89.176", vm1.aio.local="172.30.89.176", vm2="172.30.89.174", vm2.aio.local="172.30.89.174"}