-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
1
-
False
-
-
False
-
rhel-sst-network-fastdatapath
-
-
-
ssg_networking
-
Important
Originally reported upstream at:
https://github.com/ovn-org/ovn/issues/228
Since 23.09.0, even if configured to serve DNS requests for a domain, ovn-controller will ignore all requests that contain additional requests. That was introduced by:
https://github.com/ovn-org/ovn/commit/4b10571aa89b226c13a8c5551ceb7208d782b580
We can't just revert this commit because before it ovn-controller was replying with invalid DNS replies, e.g.:
$ ip netns exec vm1 dig google.com ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.11.36-RedHat-9.11.36-11.el8_9 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28960 ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; WARNING: Message has 26 extra bytes at end ...
We can't support parsing all additional requests either.
What we might be able to is jump over EDNS OPT additional requests. For example, dig sets +bufsize=4096 by default which means that all dig requests will be ignored by default.
- clones
-
FDP-222 OVN DNS responder broken with EDNS/AR (additional records)
- Closed