Failing to set up secondary DNS with OVN network zone (AXFR transfer)

Hello everyone,

I’m trying to set up an authoritative secondary DNS server (using NSD) inside a container on a MicroCloud cluster. My goal is to have this container pull the zone information from LXD’s built-in DNS server via an AXFR transfer for an OVN network. I’m running into a connectivity issue and would appreciate some guidance.

My Environment:

• LXD cluster managed by MicroCloud 4 nodes

• A default OVN network is configured as follows:
  default | ovn | YES | 10.94.219.1/24

Configuration Steps:

1. I have created the forward and reverse network zones:

       # lxc network zone list
   +------------------------+-------------+---------+
   |          NAME          | DESCRIPTION | USED BY |
   +------------------------+-------------+---------+
   | 219.94.10.in-addr.arpa |             | 1       |
   +------------------------+-------------+---------+
   | lxd.utn.ac.cr          |             | 1       |
   +------------------------+-------------+---------+
     
   

2. The zones are configured with a peer (ns1) which has a static IP of 10.94.219.5:

       # lxc network zone show lxd.utn.ac.cr
   config:
     dns.nameservers: ns1.lxd.utn.ac.cr
     peers.ns1.address: 10.94.219.5
     
   

3. I have enabled LXD’s built-in DNS server to listen on the OVN network’s gateway IP and a non-standard port:

       # lxc config show
   config:
     core.dns_address: 10.94.219.1:8853
     
   

4. Inside the ns1 container, NSD is configured to request the zone transfer from the OVN gateway:

       # cat /etc/nsd/nsd.conf.d/server.conf
   server:
     ip-address: 10.94.219.5
   
   zone:
     name: "lxd.utn.ac.cr"
     request-xfr: AXFR 10.94.219.1@8853 NOKEY
   
   zone:
     name: "219.94.10.in-addr.arpa"
     request-xfr: AXFR 10.94.219.1@8853 NOKEY
     
   

The Problem:

The zone transfer fails. When I query the ns1 server, I get a SERVFAIL response, as expected since it never received the zone data.

    # host ns1.lxd.utn.ac.cr 10.94.219.5
Host ns1.lxd.utn.ac.cr not found: 2(SERVFAIL)
  

To diagnose this, I checked the network connectivity from the ns1 container to the OVN gateway IP on the AXFR port. The connection fails (it times out with no response).

    # lxc exec ns1 -- nc -zv 10.94.219.1 8853
(Command hangs and eventually fails)
  

This appears to be the root of the problem: the container cannot reach the OVN gateway IP on the port specified in core.dns_address.

My Questions:

1. Is it expected for the OVN gateway IP (10.94.219.1) to be reachable on the core.dns_address port from within a container? Or is this approach incorrect?

2. What is the recommended way to expose LXD’s AXFR service to a container that is part of the same OVN network it is serving zones for?

Any help or clarification on the correct architecture for this would be greatly appreciated.

Thank you

I am sorry. We do not provide support for LXD on this forum. Your best bet is to contact Canonical.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.