Doc says to first enable internal DNS support by enabling dns(-integration) or dns_domain_ports extensions, but devstack enables subnet-dns-publish-fixed-ip instead, which depends on dns-domain-ports, which depends on dns-integration. They're an inheritance chain with subnet-dns-publish-fixed-ip instead of separate extensions.
dns-integration appears to be an implementation agnostic api spec, with an accompanying implementation
for ml2. DNS domain ports adds port-domain associations to the api, and subnet-dns-publish-fixed-ip
then adds a bool to subnet objects that tells dns_integration.py
to add records when updating ports in
the external service.
Alias 'dns', lowest level of DNS extension
inherits from neutron_lib.api.extensions.APIExtensionDescriptor
inherits from neutron_lib.plugins.ml2.api.ExtensionDriver
Where the actual work is done pushing DNS updates out to an external service when a port/network/subnet/floatingip is CRUDed.
Extends API:
- Adds DNS name and assignment to ports
- Adds DNS name and domain to floating ips
- adds DNS domain to networks
Adds DNS domain assignment to ports
Adds a bool 'dns_publish_fixed_ip' to the subnet object, but the work is done in
dns_integration.py
++ the api exension as well
neutron.conf/[designate]
- ipv4_ptr_zone_prefix_size defaults to 24 - why? and when to configure?
- ipv6_ptr_zone_prefix_size defaults to 120 - why? and when to configure?
- ca_cert is deprecated in favor of cafile, but cafile isn't listed as an option
- register_auth_conf_options in keystoneauth1 used register
- load_auth_from_conf_options in keystoneauth1 used to parse
- this opt method used for comms with nova as well
following this yields the default domain rather than the provided one on the internal port:
| dns_assignment | fqdn='my-vm.openstackgate.local.', hostname='my-vm', ip_address='10.0.0.22' |
| | fqdn='my-vm.openstackgate.local.', hostname='my-vm', ip_address='fd82:d6b9:4ad5:0:f816:3eff:fec2:6a4c' |
| dns_domain | |
| dns_name | my-vm
Probably because we haven't created the zone in designate. but this is failing silently - no errors in designate-central/api or neutron-server logs or any feedback to the user
Create example.org zone in designate:
We can't do an ANY query to see all the records for a zone because mdns refuses ANY requests:
[root@devstack neutron]# dig @192.168.122.236 -p 5354 example.org ANY
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> @192.168.122.236 -p 5354 example.org ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 34740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;example.org. IN ANY
;; Query time: 14 msec
;; SERVER: 192.168.122.236#5354(192.168.122.236)
;; WHEN: Fri Jan 22 03:10:09 UTC 2021
;; MSG SIZE rcvd: 40
But we can confirm there's an NS and SOA record there by asking specifically:
[root@devstack neutron]# dig @192.168.122.236 -p 5354 example.org SOA
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> @192.168.122.236 -p 5354 example.org SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3776
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;example.org. IN SOA
;; ANSWER SECTION:
example.org. 3600 IN SOA ns1.devstack.org. admin.example.org. 1611283847 3560 600 86400 3600
;; Query time: 18 msec
;; SERVER: 192.168.122.236#5354(192.168.122.236)
;; WHEN: Fri Jan 22 03:10:26 UTC 2021
;; MSG SIZE rcvd: 95
[root@devstack neutron]# dig @192.168.122.236 -p 5354 example.org NS
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> @192.168.122.236 -p 5354 example.org NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34924
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;example.org. IN NS
;; ANSWER SECTION:
example.org. 3600 IN NS ns1.devstack.org.
;; Query time: 13 msec
;; SERVER: 192.168.122.236#5354(192.168.122.236)
;; WHEN: Fri Jan 22 03:10:33 UTC 2021
;; MSG SIZE rcvd: 67
in /var/named we can also see a file:
slave.example.org.635c1d20-c34b-46e3-b503-712b4bfa3640
and making the same query on the standard DNS port gives the same result, as our named slave responds:
[root@devstack neutron]# dig @192.168.122.236 example.org NS
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> @192.168.122.236 example.org NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5276
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f455bf81ba3f5d0dd4315da4600a42ffff3cbd904144126e (good)
;; QUESTION SECTION:
;example.org. IN NS
;; ANSWER SECTION:
example.org. 3600 IN NS ns1.devstack.org.
;; Query time: 0 msec
;; SERVER: 192.168.122.236#53(192.168.122.236)
;; WHEN: Fri Jan 22 03:14:07 UTC 2021
;; MSG SIZE rcvd: 95
Interestingly, named does respond to the ANY request:
[root@devstack neutron]# dig @192.168.122.236 -p 53 example.org ANY
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> @192.168.122.236 -p 53 example.org ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59385
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 15dc3549a978f6ec147305d9600a43492c298ba29fa074c8 (good)
;; QUESTION SECTION:
;example.org. IN ANY
;; ANSWER SECTION:
example.org. 3600 IN SOA ns1.devstack.org. admin.example.org. 1611283847 3560 600 86400 3600
example.org. 3600 IN NS ns1.devstack.org.
;; Query time: 0 msec
;; SERVER: 192.168.122.236#53(192.168.122.236)
;; WHEN: Fri Jan 22 03:15:21 UTC 2021
;; MSG SIZE rcvd: 137