DNS Resolution on Service Engine
Overview
Avi Vantage supports DNS resolution on the Controller by default. In cases where the Controller does not have reachability to the DNS resolver and the configuration objects need FQDN resolution, the DNS resolution on SE enables FQDN resolution via Service Engine.
Notes:
-
Starting with Avi Vantage version 20.1.5, this feature is introduced. This feature supports FQDN resolution of pool member objects only via Service Engine.
-
It is currently supported on VMware and No access clouds.
To enable the DNS Resolution on Service Engine, dns_resolution_on_se
should be set in cloud configuration.
The Service Engine needs DNS resolver configuration for resolving the FQDNs from the Service Engine. For this a DNSResolver
object needs to be configured in the cloud configuration. Only one DNSResolver
object is supported per cloud.
By default, the refresh of the records is based on TTL.
Configuring DNS Resolution on SE
The following is the CLI command for enabling the DNS resolution on SE:
[admin:Avi-Controller]: > configure cloud Default-Cloud
[admin:Avi-Controller]: cloud > dns_resolution_on_se
[admin:Avi-Controller]: cloud > save
The following is the CLI command for configuring the DNS resolver in cloud:
[admin:Avi-Controller]: > configure cloud Default-Cloud
[admin:Avi-Controller]: cloud> dns_resolvers
[admin:Avi-Controller]: cloud:dns_resolvers> resolver_name resolver1
[admin:Avi-Controller]: cloud:dns_resolvers> nameserver_ips 100.64.88.201
[admin:Avi-Controller]: cloud:dns_resolvers> nameserver_ips 100.64.89.202
[admin:Avi-Controller]: cloud:dns_resolvers> save
[admin:Avi-Controller]: cloud> save
The following are the configurable attributes in the DNS Resolver:
-
resolver_name
— Name of the resolver -
nameserver_ips
— The IPv4 addresses of DNS servers to be used for resolution -
fixed_ttl
— If configured, this value is used for refreshing the DNS entries. This will override bothreceived_ttl
andmin_ttl
. The entries are refreshed only onfixed_ttleven
whenreceived_ttl
is less thanfixed_ttl
. -
min_ttl
— If configured, this TTL overrides the TTL from responses if TTL is less thanmin_ttl.effectively
and if TTL is equal tomax(received_ttl
,min_ttl
) -
use_mgmt
— If this is enabled, DNS resolution is performed via management network.
The output is as follows:
[admin:demo-cntrlr]: > show serviceengine demo-se2 resolverdb
+----------------------+-------------------------------------------+
| Field | Value |
+----------------------+-------------------------------------------+
| se_ref | demo-se2 |
| dns_resolution_on_se | True |
| fqdns[1] | |
| fqdn | ntest17.foo.avi.com |
| obj_uuids[1] | pool-da9e76ad-9bf3-4a8b-9dce-13bf7d36b96d |
| ips[1] | 1.1.1.17 |
| ttl | 300 |
| last_resolved_time | Mon Apr 12 06:54:12 2021 |
| | |
| last_updated_time | Mon Apr 12 05:03:35 2021 |
| | |
| fqdns[2] | |
| fqdn | ntest15.foo.avi.com |
| obj_uuids[1] | pool-f4e9743c-0585-4d67-897e-38328702813c |
| ttl | 0 |
| last_resolved_time | Mon Apr 12 06:53:53 2021 |
| | |
| last_updated_time | Thu Jan 1 00:00:00 1970 |
| | |
| err_response | ERROR |
| resolvers[1] | |
| resolver_name | resolver6 |
| nameserver_ips[1] | 100.64.88.201 |
| nameserver_ips[2] | 100.64.92.40 |
| total_fqdns | 2 |
| resolvers[2] | |
| resolver_name | Default-ResolvConf |
| total_fqdns | 0 |
+----------------------+-------------------------------------------+
- If the resolution needs to be done via Service Engine but the DNS resolvers are updated via DHCP then you can enable only
dns_resolution_on_se
code and need not configuredns_resolver
code in the cloud. - If a
dns_resolver
object is configured then it will always be used for FQDN resolution.
Limitations
The following are the limitations of DNS resolution on Service Engine:
-
Only IPv4 transport is supported for FQDN resolution.
-
DNS resolution is done over UDP only.
-
Only A records are queried.
-
Only pool members FQDN resolution is supported.
Configuring DNS Nameservers on Service Engine for Client Log Streaming and for External Health Monitor
If DNS resolver in cloud is configured as per aforementioned Configuring DNS Resolution on SE section, /etc/systemd/resolved.conf
for management network and /etc/netns/{namespace-name}/resolv.conf
for all VRF on SE virtual machine are written.
Domain names configured in external_server
under Analytics Profile, client_log_streaming_config
to Stream Avi Vantage Client Logs and domain names present in the Script Code for External Health Monitor will be resolved via the configured nameservers.
Document Revision History
Date | Change Summary |
---|---|
April 15, 2021 | Published DNS Resolution on Service Engine Guide |
December 20, 2021 | Edited 'Configuring DNS Nameservers on Service Engine for Client Log Streaming and for External Health Monitor' section for 21.1.3 |