Closed oybed closed 8 years ago
I was able to test this pretty well based off obedin's instructions. I tested many different hosts in all the zones. this is just an example output from one:
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @192.168.124.41 master.john.second.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10093
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.john.second.example.com. IN A
;; ANSWER SECTION:
master.john.second.example.com. 3600 IN A 10.8.88.20
;; AUTHORITY SECTION:
second.example.com. 3600 IN NS ns1.second.example.com.
;; ADDITIONAL SECTION:
ns1.second.example.com. 3600 IN A 192.168.124.41
;; Query time: 0 msec
;; SERVER: 192.168.124.41#53(192.168.124.41)
;; WHEN: Wed Apr 20 09:36:16 EDT 2016
;; MSG SIZE rcvd: 109
[root@localhost test]# dig @127.0.0.1 master.john.second.example.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @127.0.0.1 master.john.second.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2820
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.john.second.example.com. IN A
;; ANSWER SECTION:
master.john.second.example.com. 3600 IN A 10.8.88.20
;; AUTHORITY SECTION:
second.example.com. 3600 IN NS ns1.second.example.com.
;; ADDITIONAL SECTION:
ns1.second.example.com. 3600 IN A 192.168.124.41
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 20 09:36:09 EDT 2016
;; MSG SIZE rcvd: 109
set the dns record here:
...
- view: public
zone: second.example.com
entries:
- type: A
hostname: master.john
ip: 10.8.88.20
- type: A
hostname: node1
ip: 10.8.88.20
...
@oybed i was able to run the tests you created against our openstack cloud. They were all successful. However i'm noticing a few odd behaviors.
First up...
# dig @10.3.8.92 node1.first.example.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @10.3.8.92 node1.first.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49654
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node1.first.example.com. IN A
;; ANSWER SECTION:
node1.first.example.com. 3600 IN A 10.9.77.20
;; AUTHORITY SECTION:
first.example.com. 3600 IN NS ns1.first.example.com.
;; ADDITIONAL SECTION:
ns1.first.example.com. 3600 IN A 172.16.252.41
;; Query time: 74 msec
;; SERVER: 10.3.8.92#53(10.3.8.92)
;; WHEN: Wed Apr 27 19:07:16 UTC 2016
the lookup returns the floating IP of the instance, but the nameserver address is in the private IP space. is this a result of the test, or does the role need adjustment?
@etsauer for the ns being in the different ip space - that's something I choose not to do anything about as I don't think it causes any misbehavior. I may be wrong, so if you'd like to have that change, we can work on it, but maybe in a follow-up PR? The tricky part about this is to know what IP to use. It's almost like we need the user to specify this, but in that case we need to specify a generic "flag" to indicate which IP to use as the IP isn't necessarily known up front...
@oybed if you're not worried about it, then I won't worry about it.
As far as returning the right IP, wouldn't that depend on the ACL?
lgtm
What does this PR do?
Ansible roles for setting up a DNS server (bind/named) and allow for static DNS records to be added through the dns role (+ enables "nsupdate" for dynamic updates)
How should this be manually tested?
Use the files from the test directories to run the roles - i.e.:
Is there a relevant Issue open for this?
N/A
Who would you like to review this?
/cc @etsauer @JayKayy @vvaldez @sabre1041