neutron

OVN: garbled DNS responses when edns is being used

Bug #2030294 reported by Dr. Jens Harbott
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
New
Undecided
Unassigned

Bug Description

Steps to reproduce:

1. Have an instance in a tenant network served by ML2/OVN backend
2. Use a dns client that sends queries with edns enabled, e.g. dig from bind9-dnsutils, a common debugging tool.
3. Get garbled responses like:

debian@vm1:~$ dig vm1
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> vm1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29669
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; WARNING: Message has 19 extra bytes at end

;; QUESTION SECTION:
;vm1. IN A

;; ANSWER SECTION:
. 0 CLASS1232 OPT 10 8 ngfvumqOLZU=

;; Query time: 0 msec
;; SERVER: 9.9.9.9#53(9.9.9.9) (UDP)
;; WHEN: Sat Aug 05 19:03:45 UTC 2023
;; MSG SIZE rcvd: 63

Expected result:

Get a valid response like when edns is disabled:

debian@vm1:~$ dig +noedns vm1

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> +noedns vm1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31163
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;vm1. IN A

;; ANSWER SECTION:
vm1. 3600 IN A 10.128.0.77

;; Query time: 0 msec
;; SERVER: 9.9.9.9#53(9.9.9.9) (UDP)
;; WHEN: Sat Aug 05 19:04:10 UTC 2023
;; MSG SIZE rcvd: 40

Tags: dns ovn
Dr. Jens Harbott (j-harbott)
tags: added: dns ovn
Revision history for this message
Brian Haley (brian-haley) wrote :

I don't think this is a bug in neutron but is a bug in OVN, and was fixed with this patch:

https://patchwork<email address hidden>/

That was merged to a number of different branches.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/892578

Revision history for this message
Dr. Jens Harbott (j-harbott) wrote (last edit ):

O.k., I confirmed that with OVN v23.06.0, instead of sending a broken response, OVN forwards the query untouched.

I'm not sure I agree that that is a bugfix, though, since the client expects to get consistent responses, not different ones depending on whether the edns option is being set or not.

See also https://bugs.launchpad.net/neutron/+bug/2030295 for another case where DNS queries are not getting responded to as expected.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/892578
Committed: https://opendev.org/openstack/neutron/commit/0e5c91c4996418147cc329f60ce8b0d0eb539f72
Submitter: "Zuul (22348)"
Branch: master

commit 0e5c91c4996418147cc329f60ce8b0d0eb539f72
Author: Dr. Jens Harbott <email address hidden>
Date: Wed Aug 23 20:48:36 2023 +0200

    Add some more known issues to the OVN gap document

    See the related bugs.

    Related-Bug: #2030294
    Related-Bug: #2030295
    Change-Id: If90e4233c599b0ab4363d7eea6b00436bf7ab92c

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.