Skip to content

[dnsmasq] Default local=/<namespace>.svc/ to resolve queries locally#578

Merged
openshift-merge-bot[bot] merged 1 commit into
openstack-k8s-operators:mainfrom
stuggi:OSPRH-29710
May 7, 2026
Merged

[dnsmasq] Default local=/<namespace>.svc/ to resolve queries locally#578
openshift-merge-bot[bot] merged 1 commit into
openstack-k8s-operators:mainfrom
stuggi:OSPRH-29710

Conversation

@stuggi

@stuggi stuggi commented May 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Set local=/.svc/ by default in DNSMasq webhook so that queries for the openstack.svc domain are resolved from hosts files rather than forwarded to upstream DNS servers. This prevents delays and SERVFAIL errors when upstream DNS is slow at resolving AAAA records for openstack.svc.

The namespace is passed dynamically through the Default() chain so the domain is correct for any deployment namespace.

Users can override the default by specifying their own local option. Existing CRs get the default on upgrade via controller-triggered webhook (EnsureWebhookTrigger pattern from lib-common).

Closes: OSPRH-29710

Depends-On: openstack-k8s-operators/openstack-operator#1917

@openshift-ci openshift-ci Bot requested review from abays and dciabrin May 6, 2026 12:57
@openshift-ci openshift-ci Bot added the approved label May 6, 2026
@centosinfra-prod-github-app

centosinfra-prod-github-app Bot commented May 6, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/9cf5106dffea4905811397cf2a358569

openstack-k8s-operators-content-provider FAILURE in 12m 47s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@stuggi

stuggi commented May 6, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@centosinfra-prod-github-app

centosinfra-prod-github-app Bot commented May 6, 2026

Copy link
Copy Markdown

This change depends on a change that failed to merge.

Change openstack-k8s-operators/lib-common#691 is needed.

@stuggi

stuggi commented May 6, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@stuggi @claude
[dnsmasq] Default local=/<namespace>.svc/ to resolve queries locally
0e7f95a 
Set local=/<namespace>.svc/ by default in DNSMasq webhook so that
queries for the openstack.svc domain are resolved from hosts files
rather than forwarded to upstream DNS servers. This prevents delays
and SERVFAIL errors when upstream DNS is slow at resolving AAAA
records for openstack.svc.

The namespace is passed dynamically through the Default() chain so the
domain is correct for any deployment namespace.

Users can override the default by specifying their own local option.
Existing CRs get the default on upgrade via controller-triggered
webhook (EnsureWebhookTrigger pattern from lib-common).

Closes: OSPRH-29710

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Martin Schuppert <mschuppert@redhat.com>
@centosinfra-prod-github-app

centosinfra-prod-github-app Bot commented May 6, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/2adb668a70704d4c86d01ec59db98dbe

openstack-k8s-operators-content-provider FAILURE in 10m 03s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@stuggi

stuggi commented May 6, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@centosinfra-prod-github-app

centosinfra-prod-github-app Bot commented May 6, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/4f3d872448544f2a8f76e30c579cf1f6

openstack-k8s-operators-content-provider FAILURE in 9m 40s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@stuggi

stuggi commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@stuggi

stuggi commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

for some reason the dns CM is not part of the rdo job must-gather, but from the pod log we see the following message that confirms that the change was added:
dnsmasq[1]: using only locally-known addresses for domain openstack.svc

one note:

  DNSMasq now defaults `local=/<namespace>.svc/` so that queries for the
  OpenStack namespace domain (e.g. `openstack.svc`) are resolved locally
  from hosts files instead of being forwarded to upstream DNS servers.
  This fixes delays and SERVFAIL errors caused by slow upstream DNS
  resolution of AAAA records (OSPRH-29689).

  **Possible Impact**: Any service in the OpenStack namespace that EDPM nodes need
  to resolve must have a corresponding `DNSData` hosts entry. Queries for                                                                                                                    
  `*.<namespace>.svc` are no longer forwarded to upstream DNS. All
  OpenStack service endpoints are already registered via `DNSData` CRs by
  the openstack-operator, so standard deployments are unaffected.  Services
  matching `*.<namespace>.svc` that are currently resolved via upstream
  DNS servers will now need a local `DNSData` entry instead.

abays
abays approved these changes May 7, 2026
View reviewed changes

@abays abays left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label May 7, 2026
@openshift-ci

openshift-ci Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abays, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit 9c12556 into openstack-k8s-operators:main May 7, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abays abays abays approved these changes

@dciabrin dciabrin Awaiting requested review from dciabrin

Assignees

@abays abays

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stuggi @abays