At some point over the last few days, the integration labs project has been switched to the new DNS resolver based on OpenStack Designate has described at https://lists.wikimedia.org/pipermail/labs-l/2015-April/003585.html
It has a bunch of unwanted side effects and we should revert back to dnsmasq:
- dnsmasq has aliases set to have public DNS entries to resolve to the instance internal IP (10.0.0.0/8) instead of the public IP. That makes it possible to reach *.beta.wmflabs.org from labs.
- The instance fully qualified hostnames are being changed to include the labs project. We use puppetmaster::self , the clients certificate name are based on the hostname and thus the cert is no more recognized by the puppetmaster.