On 4/7/26 5:15 AM, wlswo wrote:
> When the python unbound library is not installed, dns_resolve.resolve()
> returns None for hostnames, causing all hostname-based TCP connections
> to silently fail. This affects services like neutron-ovn-metadata-agent
> that use hostname-based connection strings (e.g. tcp:hostname:6642).
>
> Add a fallback to socket.getaddrinfo() which uses the system resolver
> (/etc/hosts, nsswitch.conf, system DNS) when unbound is unavailable
> or fails to resolve.
>
> Signed-off-by: wlswo <[email protected]>
>
> Signed-off-by: wlswo <[email protected]>
> ---
> python/ovs/socket_util.py | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
Hi, wlswo. Thanks for the patch!
> diff --git a/python/ovs/socket_util.py b/python/ovs/socket_util.py
> index a26298b75..93764568b 100644
> --- a/python/ovs/socket_util.py
> +++ b/python/ovs/socket_util.py
> @@ -235,6 +235,17 @@ def _inet_parse_active(target, default_port):
> host_name = str(ipaddress.ip_address(host_name))
> except ValueError:
> host_name = dns_resolve.resolve(host_name)
> + if not host_name:
> + # Fallback to the system resolver (e.g. /etc/hosts, system DNS)
> + # when the unbound library is not available.
> + try:
> + result = socket.getaddrinfo(
> + ":".join(address[0:-1]).lstrip('[').rstrip(']'),
> + None, 0, socket.SOCK_STREAM)
getaddrinfo() can block indefinitely if the DNS server is not available.
And even if it is available the resolution can take a lot of time not
allowing the process to attend to other things. That's the primary reason
to use unbound library, as it supports async resolution that we're utilizing.
While it may be fine for a command line tool, blocking resolution method is
not an acceptable solution for a daemon that needs to do other things as well.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
