nova fails to configure dnsmasq, resulting in DNS timeouts in instances
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Unassigned | ||
nova (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Nova uses dnsmasq to answer questions about name <-> IP resolution for instances. By default, it does nothing about things where there is no answer.
This causes dnsmasq to forward the query (for which it should be authoritative) off to the nameserver found in resolv.conf. If the zone is properly delegated to nova via a forward only zone declaration in the resolver, then we run into the situation where the instance asks dnsmasq which asks the resolver which asks dnsmasq which then times out.
Combine this with linux' love for IPv6, and a single domain search list in resolv.conf, and anything that looks up a host name (e.g., sudo) will take 10 seconds (5 seconds each for the lookup of $(hostname).$domain and $(hostname) AAAA RRs), before it fails back to looking up $(hostname).$domain A RR and gets an answer.
The fix that worked for us was to add --dnsmasq_
"--server=
So there needs an option to have multiple dns servers correct?