Setting up external DNS for single frond end Eucalyptus deployment

In single frond end setup, Eucalyptus requires a somewhat tricky DNS configuration in order to:

  • have resolvable domain names for internal IP addresses of VMs
  • have resolvable domain names for external IP addresses of VMs
  • have reverse resolvable IP address for internal domain names of VMs
  • have reverse resolvable IP address for external domain names of VMs
  • VMs receive their unique hostnames instead of “localhost” (which is actually done by using a reverse DNS for the internal IP address)

Eucalyptus has a built-in DNS server for its managed IP addresses (both public and private) on the cloud controller (CLC).

The Eucalyptus CLC is visible from more than one IP address at the same time:

  • Its public IP address, where the services/Eucalyptus web service is normally available.
  • For every security group there is an IP subnet for VMs. The first (TBD: check) IP address in every subnet is the CC(CLC) machine.

The problematic points:

  • Eucalyptus CLC replies from its subnet-specific private IP address if queried from a VM, even if originally the query is directed towards the CLC’s public IP. The standard resolve libraries treat this reply as a DNS spoofing attempt (request destination IP !!= reply source IP) and drop it.
  • It is not possible to set the internal address of Eucalyptus CLC statically, since it depends on the subnet which in turn depends on which security group the VM was launched in.

The solution is an external DNS server that relays forward and reverse DNS queries for both public and private domain names and IP addresses to the Eucalyptus DNS server for the VMs to work correctly.

Example configuration settings using dnsmasq:

  • In this example 192.168.2.41 is the Eucalyptus CC’s public address
  • 192.168.2.1 is the dnsmasq server that is external to Eucalyptus.
  • 192.168.5.0/24 is the public network range of Eucalyptus VMs
  • 192.168.6.0/24 is the private network range of Eucalyptus VMs
  • compute.local is the public DNS suffix
  • eucalyptus.internal is the private DNS suffix
  • 10.56.130.139 is external/internal DNS to resolve internal domain names

Configuration in /etc/dnsmasq.conf

#cat /etc/dnsmasq.conf server=/compute.local/192.168.2.41 server=/eucalyptus.internal/192.168.2.41 server=/5.168.192.in-addr.arpa/192.168.2.41 server=/6.168.192.in-addr.arpa/192.168.2.41 resolv-file=/etc/dnsmasq-resolv.conf

Congfigure default forwader to external/internet DNS

 #cat /etc/dnsmasq-resolv.conf nameserver 10.56.130.139

In Eucalyptus CC, /etc/eucalyptus/eucalyptus.conf, set the DNS for the VMs to the dnsmasq server:

VNET_DNS="192.168.2.1"