How to Change the Default DNS IPs Added to the VMs?

Problem

Default DNS IPs 8.8.8.8 and 1.1.1.1 are getting added to the VMs when there is no DNS configured on a subnet.
Default IPs are configured within the neutron-server /etc/neutron/plugins/ml2/ml2_conf.ini file.

Environment

Private Cloud Director Virtualization - v2025.4 and Higher.
Self-Hosted Private Cloud Director Virtualization – v2025.4 and Higher.
Component - Networking

Procedure

For SaaS environments, the Platform9 support team should be contacted to implement the changes.

For Self-Hosted environments, the changes should be carried out directly from the Management Plane cluster.

A DNS entry is populating from the secret neutron-etc as shown below, which is referred in the neutron-server deployment. The config file is in the form of base64 encoded within the secret.
The secret can be found in the corresponding region namespace

Command
    
 
$ kubectl get secret -n <REGION_NAMESPACE>
Copy

Example
    
 
$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d[agent]
extensions =
[ml2]
extension_drivers = dns,port_security
mechanism_drivers = openvswitch,ovn,l2population
tenant_network_types = vxlan
type_drivers = flat,vlan,local,geneve,vxlan
[ml2_type_flat]
flat_networks = *
[ml2_type_geneve]
max_header_size = 38
vni_ranges = 4:4000
[ml2_type_vlan]
network_vlan_ranges = ext_net,physnet
[ml2_type_vxlan]
vni_ranges = 4:4000
vxlan_group = 239.1.1.1
[ovn]
dns_servers = 8.8.8.8,1.1.1.1   <<------------   DNS IPenable_distributed_floating_ip = true
neutron_sync_mode = repair
ovn_l3_scheduler = leastloaded
Copy

To modify the default IPs, follow the below steps

Replace the <REGION_NAMESPACE> with an actual namespace

Redirect the config to a file.

Command
    
 
$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d > secret_neutron-etc_ml2_conf.ini
Copy

Modify the file by replacing the IPs against dns_servers with your preferred IPs and Encode the file using base64.

Updating new IPs
    
​x
 
$ vi secret_neutron-etc_ml2_conf.ini    //  Update prefered DNS IPs in dns_servers field​$ base64 secret_neutron-etc_ml2_conf.ini -w0   // Encoding the file with new values
Copy

Edit the secret and replace the existing base64 encoded data with the new one on the variable ml2_conf.ini within the secret.

Command
    
 
$ kubectl edit secret -n <REGION_NAMESPACE> neutron-etcsecret/neutron-etc edited
Copy

Run the following command to verify whether a new IP is being retrieved from the secret.

Command
    
 
$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d
Copy

Scale the neutron-server deployment to 0. Once the pods are successfully terminated, scale it back to 2.

Command to scale deployment
    
 
$ kubectl scale deploy/neutron-server -n <REGION_NAMESPACE> --replicas=0deployment.apps/neutron-server scaled​$ kubectl scale deploy/neutron-server -n <REGION_NAMESPACE> --replicas=2deployment.apps/neutron-server scaled
Copy

Verify that new DNS IPs are being received within the pod.

Command
    
 
$ kubectl exec -it  -n <REGION_NAMESPACE> <NEUTRON_SERVER_POD> -c neutron-server -- cat /etc/neutron/plugins/ml2/ml2_conf.ini
Copy

Now, a VM should be created by attaching it to a network or subnet that does not have DNS configured manually. Once the VM is up and running, log in to it and execute the commands below to verify that the new IPs are reflected.

Note: These changes will not be reflected in the existing virtual machines.

Command
    
 
$ resolvctl dns​$ ip route | grep <NEW_DNS_IP>
Copy

Last updated on

Was this page helpful?