vr_dns

DNS

This feature implements a DNS recursor, the main use case of it would be to provide DNS to VMs running inside an isolated (no Internet access), private VNET.

Virtual Router Configuration

The following attributes control the basic DNS configuration:

ONEAPP_VNF_DNS_ENABLED to enable the DNS server
ONEAPP_VNF_DNS_INTERFACES list of interface names to listen for DNS requests.

For example to enable the recursor on a private network connected to the eth1 NIC:

CONTEXT = [
  ...
  ONEAPP_VNF_DNS_ENABLED    = "YES",
  ONEAPP_VNF_DNS_INTERFACES = "eth1",
  ...
]

You should use the Virtual Router IP (or FLOATING_IP) as the Virtual Network DNS. So for example if your Virtual Router includes:

CONTEXT = [
  ...
  ONEAPP_VROUTER_ETH1_VIP0 = "172.20.0.123",
  ...
]

Then your private Virtual Network should have DNS parameter set to 172.20.0.123 (VIP).

$ onevnet show private -j | jq -r .VNET.TEMPLATE.DNS
172.20.0.123

Context Configuration Attributes

Parameter	Default	Description
`ONEAPP_VNF_DNS_ENABLED`	`NO`	Enable/Disable DNS feature (`YES/NO`)
`ONEAPP_VNF_DNS_INTERFACES`	all NICs	List of NICs to listen on (`<[!]ethX> ...`)
`ONEAPP_VNF_DNS_MAX_CACHE_TTL`	`3600`	Maximum caching time (`seconds`)
`ONEAPP_VNF_DNS_USE_ROOTSERVERS`	`YES`	Use root name servers directly (`YES/NO`)
`ONEAPP_VNF_DNS_NAMESERVERS`	none	List of upstream NSs to forward queries to (`<IP>[@<PORT>] ...`)
`ONEAPP_VNF_DNS_UPSTREAM_TIMEOUT`	`1128`	Upstream NS connection timeout (`milliseconds`)
`ONEAPP_VNF_DNS_ALLOWED_NETWORKS`	all SNs	Client networks from which is allowed to make queries (`<network>/<prefix> ...`)
`ONEAPP_VNF_DNS_TCP_DISABLED`	`NO`	Enable/Disable service over TCP (`YES/NO`)
`ONEAPP_VNF_DNS_UDP_DISABLED`	`NO`	Enable/Disable service over UDP (`YES/NO`)
`ONEAPP_VNF_DNS_CLUSTER_DOMAIN`	`vr`	Expose `ipX.ethY.vr`, `vipX.ethY.vr` and `epX.ethY.vr` DNS local-zone names

IP / VIP / EP Local-Zone Domain Names

Similarly to IP / VIP / EP Placeholders same logic is reused by the DNS feature. When ONEAPP_VNF_DNS_CLUSTER_DOMAIN context variable is non-empty, then the recursor (unbound) exposes ipX.ethY.<ONEAPP_VNF_DNS_CLUSTER_DOMAIN>, vipX.ethY.<ONEAPP_VNF_DNS_CLUSTER_DOMAIN>, epX.ethY.<ONEAPP_VNF_DNS_CLUSTER_DOMAIN> domain names, so they can be accessed from VNETs attached to the VR.

The primary use case for these domain names would be to always have identical endpoints regardless of the underlying VNETs / subnets / IP addresses. So for example an internal VM could access a service behind TCP LB via https://ep0.eth0.vr. This especially makes a lot of sense for OneFlow services which can be instantiated multiple times requiring minimal configuration.

CONTEXT VARIABLES		LOCAL-ZONE DOMAINS
ETH0_IP	ONEAPP_VROUTER_ETH0_VIP0	ip0.eth0.vr	vip0.eth0.vr	ep0.eth0.vr
`10.11.12.13/24`	`10.11.12.254/24`	`10.11.12.13`	`10.11.12.254`	`10.11.12.254`
`10.11.12.13/24`	undefined	`10.11.12.13`	undefined	`10.11.12.13`
undefined	`10.11.12.254/24`	undefined	`10.11.12.254`	`10.11.12.254`
undefined	undefined	undefined	undefined	undefined

Home

OpenNebula Apps Overview
OS Appliances Update Policy
OneApps Quick Intro
Build Instructions
Linux Contextualization Packages
Windows Contextualization Packages
OneKE (OpenNebula Kubernetes Edition)
Virtual Router
- Release Notes
- Overview
- Quick Start
- OpenRC Services
- Virtual Router Modules
  - Router4
  - NAT4
  - SDNAT4
  - Load Balancing
  - DNS
  - DHCP4
  - Keepalived: Failover
  - Wireguard VPN
- Glossary
WordPress
Harbor Container Registry
MinIO
Development
- Virtual Router

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vr_dns

DNS

Virtual Router Configuration

Context Configuration Attributes

IP / VIP / EP Local-Zone Domain Names

Clone this wiki locally