Comments on: NFS and Name Resolution

By: Top 5 Planet V12n blog posts week 23 | Download VDI Solutions

Top 5 Planet V12n blog posts week 23 | Download VDI Solutions — Wed, 27 Oct 2010 00:00:58 +0000

[...] Boche – NFS and Name ResolutionA few weeks ago I had decided to recarve the EMC Celerra fibre channel SAN storage. The VMs which [...]

By: Aaron Delp

Aaron Delp — Fri, 18 Jun 2010 05:11:51 +0000

Hey Jason – I’ve seen NFS mounts both with DNS and using IP. I prefer IP for the reason Andrew suggested. I have seen the (1) datastore, not pretty. Also, if you use DNS there is always the chance that the NFS would pop up to Layer 3 instead of sticking down a nice speedy Layer 2. This happened at another customer once upon a time when they swore to me over and over that everything was Layer 2 only. Not a super big deal but it can make a difference. Thanks!

By: Tariq

Tariq — Mon, 14 Jun 2010 19:33:47 +0000

We have an NFS environment as well, and I hate being forced to go physical because of DNS, so I decided to setup two DNS servers on the local storage of the ESX hosts, and I used DRS rules to make sure they wouldn’t run on the same ESX host. So far this seems to have worked well, and no need to “revert” to a physical device for DNS.

We do use IP for NFS mapping, but our SUN storage device starts to cry if it can do a reverse lookup, and all of our main NFS storage is on the SUN device.

By: Andrew Miller

Andrew Miller — Mon, 14 Jun 2010 03:48:15 +0000

For what it’s worth, I’ve been moving away from using DNS names for my NFS mounts in vSphere. There are situations where changing the underlying DNS references can actually cause vCenter to lose track of the datastores (and bring them back in as (1) datastores).

At that point, you’ve lost any flexibility from using DNS and actually introduced some rather nasty dependencies/recovery scenarios.

For what it’s worth, the NetApp RCU uses IP #’s when deploying NFS datastores.

By: Collin C. MacMillan

Collin C. MacMillan — Sun, 13 Jun 2010 22:45:41 +0000

@jason,

I agree with @Tony about relying on DNS for “service tier 0″ storage applications. Chicken-egg scenarios are just one of the issues to face: what about DNS poisoning and network failures when the DNS server is more than 1 layer-2 hop from the reliant service end-point?

That said, still I find it best practice to use IP addresses for mount points in NFS and populate DNS and /etc/hosts as well. Since IP addresses only rely on the supporting layer-2 and layer-3 infrastructure to function (and no other service dependencies) it is the only way to provision NFS/iSCSI storage at “service tier 0.” Client end-points – dependent upon a host of other services like DNS, DHCP, file servers, etc. – can use DNS-resolved NFS volumes, but not “service tier 0.” These guys are likely to be the underpinnings of your root file services, DNS servers and DHCP hosts.

In short (and in my opinion), you can’t have critical storage (service tier 0) tied to DNS – it simply opens you up to unnecessary race conditions. That includes ANY primary storage in virtual infrastructures. Sure, your ISO image store, backup volume or template store can be tied to DNS – anything you can stand to be without access to for some reasonable period of time – but not your VM, swap or production data volumes.

Once IP configurations and /etc/hosts updates are part of the “service tier 0″ NFS configuration process, they won’t be forgotten: it’s process. If it’s a one-off “fix” you’re already in deep water…

By the way, dangerous to let this “secret” out of the bag – you’re spoiling the fun for the uninitiated! Once someone gets stung by bad DNS resolution, they will forever think twice about anchoring critical storage to it.

I’d hate to see a “green” consultant disregard the dangers only to leave a ticking time bomb for the end-user the next time an intermediate switch or server hiccups… This is a problem best encountered and successfully conquered in the lab… In fact, it ought to be something that is intentionally “pulled” on the trainee just to develop some respect for the potential problem it could cause.

BTW, I’ve had many questions about this from DIY clients in the past. It always seems to come up because host names are so easy to deal with and IP addresses are not thought of as physically tied to a service. I guess it’s easy coming from an ISP/DNS background to chalk it up this way:

How do Internet DNS servers work? In other words, how does a domain – call it myco.com – resolve when the authoritative DNS servers are dns1.myco.com and dns2.myco.com? Actually, at least one of these hosts (usually both) must be pinned to a host record in the root servers responsible for the domain registry. These records are resolvable regardless if dns1 and dns2 are reachable.

In a 100% virtualized infrastructure, there is no equivalent to a DNS root server (i.e. no physical server sitting outside the virtual hosts) to resolve DNS for NFS. For that matter, no iSNS hosts either (for the iSCSI and FC wonks out there). Any IP storage at “service tier 0″ needs to boot-strap these services with either “persistent” local records (like /etc/hosts) or by IP address directly.

Does all this create a special problem for “service tier 0″ configuration management? Yep. In such case, shrinking “service tier 0″ down to the smallest possible footprint would be wise, requiring a staggered start-up process: bring-up service tier 0, then all other service platforms according to priority and serviceability. For my infrastructures, switches, routers, storage and hypervisors that host mission critical workloads comprise “service tier 0″ and are prioritized in that order (OK, I like OSI approaches).

It would be interesting to hear how other pros have dealt with this issue…

By: Active Directory Problems » boche.net – VMware Virtualization Evangelist

Sun, 13 Jun 2010 21:35:11 +0000

[...] [...]

By: `ariel

`ariel — Fri, 11 Jun 2010 20:07:33 +0000

Just remember that “manual input” on your /etc/hosts. a few times i found people who add host on that file and later nobody remember that and problems just start.

nice “lab” btw….

By: jason

jason — Fri, 11 Jun 2010 15:34:55 +0000

@Tony With the right convergence of circumstances, the combination you mention can indeed be disasterous. However, I wouldn’t necessary call foul on a design which uses FQDN for NFS mounts. I know of some large enterprise environments which are architected this way along with the necessary redundancy to prevent any achilles heel. FQDN is used not only with VMware infrastructure but with other operating systems as well (Windows, Linux, Unix, etc.). Ideally, NFS traffic will be isolated and there may not be DNS services ON that network, but that doesn’t mean there can’t be a DNS namespace created FOR that network on the DNS infrastructure. Thank you for your input!

By: Tony

Tony — Fri, 11 Jun 2010 15:03:02 +0000

Realistically, your NFS network would be isolated from production and normally you wouldn’t have DNS services on that separated network. Also, IP is the best practice on most storage arrays I’ve worked on because you VIF IP so you don’t always use the same hostname, you could use multiple IP’s for different mounts on the same arrays for better load balancing.

NFS + ESX + DNS = disaster waiting to happen

By: David Strebel

David Strebel — Fri, 11 Jun 2010 14:54:31 +0000

At least one physical AD and DNS server always made me sleep better at night.