Use ipv6 resolvers only with ipv6 networking

If we have ipv6 networking that is routable then only use ipv6 name resolvers to avoid traversing potential NAT with ipv4. If we don't have ipv6 available and routable then only use ipv4 resolvers to avoid timeouts and failovers. Change-Id: I885418e07265002b09592c3cf3aff9712c6e001f
2017-06-20 13:05:18 -07:00 · 2017-06-20 13:05:18 -07:00 · 023f9f19ac
parent d1cf20a9a6
commit 023f9f19ac
1 changed files with 31 additions and 0 deletions
--- a/nodepool/scripts/configure_mirror.sh
+++ b/nodepool/scripts/configure_mirror.sh
@ -22,6 +22,37 @@ if [ -f /etc/dib-builddate.txt ]; then
    cat /etc/dib-builddate.txt
 fi

+# Use only ipv6 resolvers if ipv6 is present and routable. This
+# avoids traversing potential NAT when using ipv4 which can be unreliable.
+#
+# Similarly do not use ipv6 resolvers if there is no ipv6 available as this
+# causes timeouts and failovers that are unnecesary.
+export NODEPOOL_STATIC_NAMESERVER_V6='2620:0:ccc::2'
+export NODEPOOL_STATIC_NAMESERVER_V4='208.67.222.222'
+export NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK='2001:4860:4860::8888'
+export NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK='8.8.8.8'
+if ip -6 route | grep '^default' ; then
+    cat > /etc/unbound/forwarding.conf << EOF
+forward-zone:
+  name: "."
+  forward-addr: $NODEPOOL_STATIC_NAMESERVER_V6
+  forward-addr: $NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK
+EOF
+else
+    cat > /etc/unbound/forwarding.conf << EOF
+forward-zone:
+  name: "."
+  forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4
+  forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK
+EOF
+fi
+
+if type -p systemctl ; then
+    sudo systemctl restart unbound
+else
+    sudo service unbound restart
+fi
+
 source /etc/nodepool/provider

 NODEPOOL_MIRROR_HOST=${NODEPOOL_MIRROR_HOST:-mirror.$NODEPOOL_REGION.$NODEPOOL_CLOUD.openstack.org}