On Thu, Oct 27, 2016 at 12:32 PM, Jonas Israelsson <jonas.israelsson@elementary.se> wrote:

I could indeed, the issue I saw yesterday is resolved already. I was merely thinking we might have a potential single point of failure here.
While the primary nameserver was offline the machine (where the ovirt-engine is running) itself had no problem doing name-resolution, still oVirt-ui was acting rather unpleasant.
And since my changes to resolv.conf only had an impact after restarting the engine I thought there are some internals, such as a cache causing this problem.

It was only a suggestion, I didn't try myself with ovirt-engine.

But if you have a test system, you can simulate running something like this on your engine server

change resolv.conf while engine is running

silently drop connections to primary dns server with

iptables -I OUTPUT -d your_primary_dns_ip -j DROP

(at the end of tests you delete the rule checking the line number of the inserted line (it should be 1 because of "-I" option above) with

iptables -L -n --line-numbers

and then

iptables -D OUTPUT 1

or in general

iptables -D OUTPUT N

if line is not 1 but N

)

you can then monitor calls to dns with tcpdump, something like

tcpdump -nn dst port 53

HIH debugging,

Gianluca