Все происходит в рамках одной машины.
На ней Fedora 27, libirtd, 3 вм с CentOS 7 в KVM. Dnsmasq в дефолтной конфигурации для libvirt.
На хосте устновлен и настроен unbound на 127.0.0.1. В resolv.conf он прописан, весь резолв работает через него.
Конфа:
server:
access-control: 192.168.122.0/24 allow_snoop
access-control: 127.0.0.0/8 allow_snoop
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 4
interface-automatic: no
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
so-reuseport: yes
ip-transparent: yes
max-udp-size: 3072
chroot: ""
username: "unbound"
directory: "/etc/unbound"
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
minimal-responses: yes
serve-expired: yes
include: "/etc/unbound/local.d/custom-zones.conf"
remote-control:
control-enable: yes
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
include: "/etc/unbound/local.d/custom-forward.conf"
В custom-forward.conf сразу скажу ничего интересного нет - форварды на внутренние днсы офиса для определенных зон.
Суть такова. В custom-zones.conf описана вот такая зона:
local-zone: "z.zz." static
local-data: "k8s-master1.z.zz. IN A 192.168.122.11"
local-data: "k8s-master2.z.zz. IN A 192.168.122.12"
local-data: "k8s-master3.z.zz. IN A 192.168.122.13"
local-data: "k8s-master.z.zz. IN CNAME k8s-master1.z.zz"
local-data: "k8s-master.z.zz. IN CNAME k8s-master2.z.zz"
local-data: "k8s-master.z.zz. IN CNAME k8s-master3.z.zz"
При обращении к ней с Fedora все выглядит как и нужно:
~ $ nslookup k8s-master.z.zz; nslookup k8s-master1.z.zz
Server: 127.0.0.1
Address: 127.0.0.1#53
k8s-master.z.zz canonical name = k8s-master1.z.zz.
k8s-master.z.zz canonical name = k8s-master2.z.zz.
k8s-master.z.zz canonical name = k8s-master3.z.zz.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: k8s-master1.z.zz
Address: 192.168.122.11
Но при обращении из centosных виртуалок получаю вот такое:
$ nslookup k8s-master.z.zz; nslookup k8s-master1.z.zz
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
k8s-master.z.zz canonical name = k8s-master1.z.zz.
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
*** Can't find k8s-master1.z.zz: No answer
$ nslookup k8s-master.z.zz; nslookup k8s-master2.z.zz
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
k8s-master.z.zz canonical name = k8s-master1.z.zz.
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
Name: k8s-master2.z.zz
Address: 192.168.122.12
$ nslookup k8s-master.z.zz; nslookup k8s-master3.z.zz
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
k8s-master.z.zz canonical name = k8s-master1.z.zz.
Server: 192.168.122.1
Address: 192.168.122.1#53
Non-authoritative answer:
Name: k8s-master3.z.zz
Address: 192.168.122.13
Те в запрос на CNAME прилетает только одна запись на master1, и на нее по какой-то причине прилетает no answer. Но master2 и master3 корректно резолвятся.
Справедливо для всех 3х вм. Пробовал их перегружать. Чистил кеш dnsmasq путем его перезапуска и отправки HUP. Не помогло.
Any ideas?
