Well not generating an answer and instead forwarding the query to the upstream resolver is what is already happening in this case, I don't see how your patch would change this. It will also turn the situation with UDP+EDNS into the case described here, so if it does what the patch description says, it will resolve the "broken responses" issue at the price of converting it into another instance of the issue described here. (Which is also why I'm only responding here for now. I'm not 100% sure that this is actually severe enough to warrant privacy, but I'd like to hear others' opinion on it before opening.)
To double check, can you be more explicit about what version of OVN I should test this with? I have a simple devstack setup as reproducer, no special configuration needed.
Arguably both issues still are Neutron bugs, since it is a Neutron feature that instances are able to resolve addresses for other instances in the same tenant (or same network or same subnet at least, not sure about the exact scope), so forwarding requests to an upstream nameserver, which won't have the requested information (unless maybe when using external DNS integration), will solve neither of these two issues.
Well not generating an answer and instead forwarding the query to the upstream resolver is what is already happening in this case, I don't see how your patch would change this. It will also turn the situation with UDP+EDNS into the case described here, so if it does what the patch description says, it will resolve the "broken responses" issue at the price of converting it into another instance of the issue described here. (Which is also why I'm only responding here for now. I'm not 100% sure that this is actually severe enough to warrant privacy, but I'd like to hear others' opinion on it before opening.)
To double check, can you be more explicit about what version of OVN I should test this with? I have a simple devstack setup as reproducer, no special configuration needed.
Arguably both issues still are Neutron bugs, since it is a Neutron feature that instances are able to resolve addresses for other instances in the same tenant (or same network or same subnet at least, not sure about the exact scope), so forwarding requests to an upstream nameserver, which won't have the requested information (unless maybe when using external DNS integration), will solve neither of these two issues.