diff --git a/neutron/agent/dhcp/config.py b/neutron/agent/dhcp/config.py index ab0d9b7263a..e028fb17d6b 100644 --- a/neutron/agent/dhcp/config.py +++ b/neutron/agent/dhcp/config.py @@ -85,7 +85,7 @@ DNSMASQ_OPTS = [ "The log contains DHCP and DNS log information and " "is useful for debugging issues with either DHCP or " "DNS. If this section is null, disable dnsmasq log.")), - cfg.BoolOpt('dnsmasq_local_resolv', default=True, + cfg.BoolOpt('dnsmasq_local_resolv', default=False, help=_("Enables the dnsmasq service to provide name " "resolution for instances via DNS resolvers on the " "host running the DHCP agent. Effectively removes the " diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py index 77b3c7de57b..ddad16727c8 100644 --- a/neutron/agent/linux/dhcp.py +++ b/neutron/agent/linux/dhcp.py @@ -304,9 +304,15 @@ class Dnsmasq(DhcpLocalProcess): return [] def _build_cmdline_callback(self, pid_file): + # We ignore local resolv.conf if dns servers are specified + # or if local resolution is explicitly disabled. + _no_resolv = ( + '--no-resolv' if self.conf.dnsmasq_dns_servers or + not self.conf.dnsmasq_local_resolv else '') cmd = [ 'dnsmasq', '--no-hosts', + _no_resolv, '--strict-order', '--except-interface=lo', '--pid-file=%s' % pid_file, @@ -383,11 +389,6 @@ class Dnsmasq(DhcpLocalProcess): cmd.extend( '--server=%s' % server for server in self.conf.dnsmasq_dns_servers) - else: - # We only look at 'dnsmasq_local_resolv' if 'dnsmasq_dns_servers' - # is not set, which explicitly overrides 'dnsmasq_local_resolv'. - if not self.conf.dnsmasq_local_resolv: - cmd.append('--no-resolv') if self.conf.dhcp_domain: cmd.append('--domain=%s' % self.conf.dhcp_domain) diff --git a/neutron/tests/unit/agent/linux/test_dhcp.py b/neutron/tests/unit/agent/linux/test_dhcp.py index 53ecd6033e4..b3461622f57 100644 --- a/neutron/tests/unit/agent/linux/test_dhcp.py +++ b/neutron/tests/unit/agent/linux/test_dhcp.py @@ -988,7 +988,7 @@ class TestDnsmasq(TestBase): def _test_spawn(self, extra_options, network=FakeDualNetwork(), max_leases=16777216, lease_duration=86400, - has_static=True): + has_static=True, no_resolv='--no-resolv'): def mock_get_conf_file_name(kind): return '/dhcp/%s/%s' % (network.id, kind) @@ -1000,6 +1000,7 @@ class TestDnsmasq(TestBase): expected = [ 'dnsmasq', '--no-hosts', + no_resolv, '--strict-order', '--except-interface=lo', '--pid-file=%s' % expected_pid_file, @@ -1130,10 +1131,18 @@ class TestDnsmasq(TestBase): ('--log-facility=%s' % dhcp_dns_log)], network) - def test_spawn_cfg_no_local_resolv(self): - self.conf.set_override('dnsmasq_local_resolv', False) + def test_spawn_cfg_with_local_resolv(self): + self.conf.set_override('dnsmasq_local_resolv', True) - self._test_spawn(['--conf-file=', '--no-resolv', + self._test_spawn(['--conf-file=', '--domain=openstacklocal'], + no_resolv='') + + def test_spawn_cfg_with_local_resolv_overriden(self): + self.conf.set_override('dnsmasq_local_resolv', True) + self.conf.set_override('dnsmasq_dns_servers', ['8.8.8.8']) + + self._test_spawn(['--conf-file=', + '--server=8.8.8.8', '--domain=openstacklocal']) def test_spawn_max_leases_is_smaller_than_cap(self): diff --git a/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml b/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml index 0c77e96a074..29f4a4e7235 100644 --- a/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml +++ b/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml @@ -1,14 +1,20 @@ --- fixes: - - Prior to Mitaka, neither specifying DNS resolvers via the - 'dnsmasq_dns_servers' option in the DHCP agent configuration file nor via - neutron subnet options causes the dnsmasq service to offer the IP address - on which it resides to instances for name resolution. However, the static - dnsmasq '--no-resolv' process argument prevents name resolution via dnsmasq - leaving instances without name resolution. In Mitaka+, the - 'dnsmasq_local_resolv' option in the DHCP agent configuration file enables - (by default) the dnsmasq service to provide name resolution for instances - via DNS resolvers on the host running the DHCP agent by effectively - removing the '--no-resolv' option from the dnsmasq process arguments. - Adding custom DNS resolvers to the 'dnsmasq_dns_servers' option in the DHCP - agent configuration file disables this feature. + - Prior to Mitaka, name resolution in instances requires specifying DNS + resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent + configuration file or via neutron subnet options. In this case, the + data plane must provide connectivity between instances and upstream DNS + resolvers. Omitting both of these methods causes the dnsmasq service + to offer the IP address on which it resides to instances for name + resolution. However, the static dnsmasq '--no-resolv' process argument + prevents name resolution via dnsmasq, leaving instances without name + resolution. + Mitaka introduces the 'dnsmasq_local_resolv' option, default value False + to preserve backward-compatibility, that enables the dnsmasq service to + provide name resolution for instances via DNS resolvers on the host + running the DHCP agent. In this case, the data plane must provide + connectivity between the host and upstream DNS resolvers rather than + between the instances and upstream DNS resolvers. Specifying DNS + resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent + configuration overrides the 'dnsmasq_local_resolv' option for all subnets + using the DHCP agent.