-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
None
-
False
-
-
False
-
rhel-sst-network-fastdatapath
-
-
-
ssg_networking
-
Important
Originally reported upstream at:
https://github.com/ovn-org/ovn/issues/228
Since 23.09.0, even if configured to serve DNS requests for a domain, ovn-controller will ignore all requests that contain additional requests. That was introduced by:
https://github.com/ovn-org/ovn/commit/4b10571aa89b226c13a8c5551ceb7208d782b580
We can't just revert this commit because before it ovn-controller was replying with invalid DNS replies, e.g.:
$ ip netns exec vm1 dig google.com ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.11.36-RedHat-9.11.36-11.el8_9 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28960 ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; WARNING: Message has 26 extra bytes at end ...
We can't support parsing all additional requests either.
What we might be able to is jump over EDNS OPT additional requests. For example, dig sets +bufsize=4096 by default which means that all dig requests will be ignored by default.
- is cloned by
-
FDP-386 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Dev Complete
-
FDP-402 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Dev Complete
-
FDP-403 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Dev Complete
-
FDP-404 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Dev Complete
-
FDP-409 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Dev Complete
-
FDP-392 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Testing
-
FDP-384 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-385 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-387 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-388 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-389 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-390 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-412 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-419 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-425 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
-
FDP-428 CLONE - OVN DNS responder broken with EDNS/AR (additional records)
- Closed
- links to
-
RHBA-2024:140396 ovn23.09 bug fix and enhancement update