Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-387

CLONE - OVN DNS responder broken with EDNS/AR (additional records)

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Important
    • +

      Originally reported upstream at:
      https://github.com/ovn-org/ovn/issues/228

      Since 23.09.0, even if configured to serve DNS requests for a domain, ovn-controller will ignore all requests that contain additional requests. That was introduced by:
      https://github.com/ovn-org/ovn/commit/4b10571aa89b226c13a8c5551ceb7208d782b580

      We can't just revert this commit because before it ovn-controller was replying with invalid DNS replies, e.g.:

      $ ip netns exec vm1 dig google.com
      ;; Warning: Message parser reports malformed message packet.
      
      ; <<>> DiG 9.11.36-RedHat-9.11.36-11.el8_9 <<>> google.com
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28960
      ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
      ;; WARNING: recursion requested but not available
      ;; WARNING: Message has 26 extra bytes at end
      ...
      

      We can't support parsing all additional requests either.

      What we might be able to is jump over EDNS OPT additional requests. For example, dig sets +bufsize=4096 by default which means that all dig requests will be ignored by default.

              dceara@redhat.com Dumitru Ceara
              ovnteam@redhat.com OVN Team
              Ying Xu Ying Xu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: