DNS not stored when PIF configured in IPv6

[benjamreis]

Hi all,

I'm still working on IPv6 support and I've noticed that when i call PIF.reconfigure_ipv6, the DNS i provide to the method is not set in the PIF params.

I can't find the root cause of the issue so I'm seeking some guidance. :)

Thanks

[lippirk]

This is surprising - in the code I see the following:

(* xapi_pif.ml *)
let reconfigure_ipv6 =
....
  if dNS <> "" then Db.PIF.set_DNS ~__context ~self ~value:dNS ;
....

Maybe you could add some debugging around this area to see exactly what's going on

[benjamreis]

Yes I suspect the issue comes after in NM.bring_pif_ip but didn't found for now. ^^ I'll add logs indeed.

[robhoes]

Yes, bring_pif_up constructs dns only if there is a static IPv4 config (see let ipv4_conf, ipv4_gateway, dns =).

[benjamreis]

Yeah I saw that, but didn't know why. It seems there's nothing IPv4 specific for DNS.

[robhoes]

You're right, it's not specific to IPv4. And this code is definitely not correct for IPv6-only use cases :)

The main thing to note is how the DNS field – as well as IP/netmask/gateway – is an input field (i.e. set by the client) for static configurations, but an output field (i.e. set by xapi) for DHCP (or autoconf for IPv6). And only input parameters should be sent to xcp-network in bring_pif_up. So you need to work out potential conflicts if IP_configuration_mode is DHCP but IPv6_configuration_mode is static, etc.

[benjamreis]

I see, what about the primary_address_type choses if we look for ip or ipv6 configuration mode?

[benjamreis]

Actually, if a pif as many ip configuration, it might have several DNSs configured no?

[robhoes]

It is probably a very unusual situation – we just need a deterministic way of handling it. Using primary_address_type to choose in case of conflict could be a good option.

I'd also point you at https://github.com/xapi-project/xcp-networkd/blob/master/networkd/network_server.ml#L305-L311, which controls whether DNS servers requested from the DHCP server in DHCP mode (only if the interface is "the DNS interface"). There is no such code for the IPv6 case now, so it probably never requests DNS servers there.

[robhoes]

Actually, if a pif as many ip configuration, it might have several DNSs configured no?

The PIF.DNS field does support multiple servers (comma separated).

[benjamreis]

I'd also point you at https://github.com/xapi-project/xcp-networkd/blob/master/networkd/network_server.ml#L305-L311, which controls whether DNS servers requested from the DHCP server in DHCP mode (only if the interface is "the DNS interface"). There is no such code for the IPv6 case now, so it probably never requests DNS servers there.

I'm already on it, PR coming soon. ;)

[benjamreis]

Using primary_address_type to choose it is then. :)

[benjamreis]

Okay so when a PIF has an IPv4 configured and an IPv6 configured. Does it make sense to have, at least, 2 DNS server one for each ip?

[benjamreis]

And when we re-set a DNS the method would remove all DNs in the same family but not in the other family?

[robhoes]

Not sure. A DNS server can have records for both IPv4 and IPv6, so you don't need more than one.

[benjamreis]

It seems the DHCP response override anything writtent in /etc/resolv.conf. If a static DNS is written for IPv6 and DHCP is configured for IPv4, the IPv6 one disappear at reboot.

xcp-networkd doesn't control that right?

[robhoes]

Indeed, that's the problem. We can only control it by whether or not we tell dhclient to request name-servers. If we don't ask for it in the DHCP request, then the DHCP server shouldn't put nameservers in its response, and dhclient-script won't override resolv.conf.

[benjamreis]

Hmm but when configured in DHCp we do need to request DNS servers even if its not the primary_address_type...

[benjamreis]

maybe we need to check when DHCP client write an address, if we have a static dns configured and put them both?

[benjamreis]

https://github.com/xapi-project/xen-api/pull/4303#issuecomment-765373335

Would that be a good idea?

[benjamreis]

okay, so I must admit, I'm kinda stuck here.

I'm trying to filter IPv4 and 6 everytime a DNS is set to only remove/add the DNS of the same family, but I'm not sure this is the most efficient way.

So what do you think about having a DNS and IPv6_DNS field? Or do you think my approach is better? But it means when getting the DNs that someone will need to look for the 1st in the correct family.

In both cases, the writing in the resolver file is complicated :/

[benjamreis]

After further investigations: A DNS can resolv both IPv4 and IPv6 so if the pif has a IPV4 DNS or an IPV6 DNS it will still resolv everything. Therefore this issue can be closed.