Hello Jens: This is the expected behaviour for OVN, as documented here [1]. When building the DHCP options, the DNS servers option is populated first with the subnet "dns_nameservers". If empty, the "OVN.dns_servers" option will be used. If empty, the OVN mech driver will use the local DNS resolver (reading from "/etc/resolv.conf") [2].
Admin/user can always provide a valid DNS nameserver if needed. Regards. [1]https://github.com/openstack/neutron/blob/90b5456b8c11011c41f2fcd53a8943cb45fb6479/neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py#L158-L164 [2]https://github.com/openstack/neutron/blob/90b5456b8c11011c41f2fcd53a8943cb45fb6479/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py#L1916-L1918 ** Changed in: neutron Status: New => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1951074 Title: [OVN] default setting leak nameserver config from the host to instances Status in neutron: Opinion Bug description: Using the default settings, i.e. without [ovn]dns_servers being specified in ml2_conf.ini, OVN will send the nameserver addresses that are specified in /etc/resolv.conf on the host in DHCP responses. This may lead to unexpected leaks about the host infrastructure and thus should at least be well documented. In most cases it will also lead to broken DNS resolution for the instances, since when systemd-resolve is being used, the host's nameserver address will be 127.0.0.53, and an instance will not be able to resolve anything using that address. Possibly a better approach would be to not send any nameserver information via DHCP in this scenario. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1951074/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
