[Bug 1896684] [NEW] all rack addresses in vlan are included in list of nameservers sent to deployed server

Tue, 22 Sep 2020 14:36:12 -0700 

Public bug reported:

maas forces all rack addresses for all subnets in a single vlan to any
system deployed into any of those subnets. If the deployed systems are
isolated, with no gateway configured, they may end up with broken DNS
due to having nameservers configured which are not reachable.

[test case]

configure maas with a single Fabric 'maas', with a single vlan
'untagged'. In that untagged vlan, create 4 separate subnets,
10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24, and 10.4.0.0/24. Configure all
the subnets with 'allow_dns' set to False, and each of them should be
configured with 10.X.0.1 as their only dns nameserver, and no gateway.
Of course, also configure the corresponding 10.X.0.1 addresses on the
maas machine.

Configure a machine in maas to set its interface to use Fabric 'maas'
and vlan 'untagged', and subnet 10.1.0.0/24.

Deploy that system, and even though the subnet is configured with
"dns_servers": [ "10.1.0.1" ] and "allow_dns": False, the deployed
system is configured with 10.1.0.1 as well as 10.2.0.1, 10.3.0.1, and
10.4.0.1.


When deploying a system using systemd-resolved, this is not necessarily a 
problem, since systemd-resolved has no limit on the number of upstream 
nameservers it can handle, so the 'correct' (on-subnet) nameserver will be one 
of the configured ones, and systemd-resolved will use it for DNS.

However, when deploying a system that does not use systemd-resolved,
when cloud-init manually edits the /etc/resolv.conf file, there is a
hardcoded limit of 3 nameservers that can be listed in the file, so if
the list of nameservers is larger, the 'correct' nameserver may not be
included. In this example, if the deployed system's resolv.conf file is
created with only the 10.2.0.1, 10.3.0.1, and 10.4.0.1 nameservers, the
system will have no working DNS since it can only reach 10.1.0.0/24
systems.

** Affects: maas (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1896684

Title:
  all rack addresses in vlan are included in list of nameservers sent to
  deployed server

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1896684/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to