[network] Configure DNS resolution

Configure DNS resolution for instances.

Closes-Bug: #1541192

Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>

Change-Id: I7e536291bb0966969b3153481c734f71cb3cad5f
(cherry picked from commit f3eff8dfa9)

doc/networking-guide/source/config-dns-resolution.rst

@@ -0,0 +1,97 @@
+.. _config-dns-resolution:
+
+=============================
+Name resolution for instances
+=============================
+
+The Networking service offers several methods to configure name
+resolution (DNS) for instances. Most deployments should implement
+case 1 or 2. Case 3 requires security considerations to prevent
+leaking internal DNS information to instances.
+
+Case 1: Each virtual network uses unique DNS resolver(s)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In this case, the DHCP agent offers one or more unique DNS resolvers
+to instances via DHCP on each virtual network. You can configure a DNS
+resolver when creating or updating a subnet. To configure more than
+one DNS resolver, use a comma between each value.
+
+* Configure a DNS resolver when creating a subnet.
+
+  .. code-block:: console
+
+     $ neutron subnet-create --dns-nameserver DNS_RESOLVER
+
+  Replace ``DNS_RESOLVER`` with the IP address of a DNS resolver reachable
+  from the virtual network. For example:
+
+  .. code-block:: console
+
+     $ neutron subnet-create --dns-nameserver 8.8.8.8,8.8.4.4
+
+  .. note::
+
+     This command requires other options outside the scope of this
+     content.
+
+* Configure a DNS resolver on an existing subnet.
+
+  .. code-block:: console
+
+     $ neutron subnet-update --dns-nameserver DNS_RESOLVER SUBNET_ID_OR_NAME
+
+  Replace ``DNS_RESOLVER`` with the IP address of a DNS resolver reachable
+  from the virtual network and ``SUBNET_ID_OR_NAME`` with the UUID or name
+  of the subnet. For example, using the ``selfservice`` subnet:
+
+  .. code-block:: console
+
+     $ neutron subnet-update --dns-nameserver 8.8.8.8,8.8.4.4 selfservice
+
+Case 2: All virtual networks use same DNS resolver(s)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In this case, the DHCP agent offers the same DNS resolver(s) to
+instances via DHCP on all virtual networks.
+
+* In the ``dhcp_agent.ini`` file, configure one or more DNS resolvers. To
+  configure more than one DNS resolver, use a comma between each value.
+
+  .. code-block:: ini
+
+     [DEFAULT]
+     dnsmasq_dns_servers = DNS_RESOLVER
+
+  Replace ``DNS_RESOLVER`` with the IP address of a DNS resolver reachable
+  from all virtual networks. For example:
+
+  .. code-block:: ini
+
+     [DEFAULT]
+     dnsmasq_dns_servers = 8.8.8.8, 8.8.4.4
+
+  .. note::
+
+     You must configure this option for all eligible DHCP agents and
+     restart them to activate the values.
+
+Case 3: All virtual networks use DNS resolver(s) on the host
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In this case, the DHCP agent offers the DNS resolver(s) in the
+``resolv.conf`` file on the host running the DHCP agent via DHCP to
+instances on all virtual networks.
+
+* In the ``dhcp_agent.ini`` file, enable advertisement of the DNS resolver(s)
+  on the host.
+
+  .. code-block:: ini
+
+     [DEFAULT]
+     dnsmasq_local_resolv = True
+
+  .. note::
+
+     You must configure this option for all eligible DHCP agents and
+     restart them to activate the values.

doc/networking-guide/source/config.rst

@@ -11,3 +11,4 @@ the `Configuration Reference
 
    config-server.rst
    config-ml2-plug-in.rst
+   config-dns-resolution.rst