Friday, 2018-06-22

« Thursday, 2018-06-21 Index Saturday, 2018-06-23 »
*** blake has quit IRC02:00
*** blake has joined #openstack-dns02:01
*** blake has quit IRC02:05
*** Shadowphax has joined #openstack-dns05:21
*** Shadowphax has quit IRC05:33
*** Shadowphax has joined #openstack-dns05:37
*** briner has joined #openstack-dns05:37
*** briner has quit IRC05:39
*** blake has joined #openstack-dns05:41
*** blake has quit IRC05:43
*** blake has joined #openstack-dns05:44
*** AlexeyAbashkin has joined #openstack-dns05:54
*** masber has joined #openstack-dns05:57
*** AlexeyAbashkin has quit IRC06:13
*** andrewbogott has quit IRC06:28
*** andrewbogott has joined #openstack-dns06:28
*** pcaruana has joined #openstack-dns06:30
*** briner has joined #openstack-dns06:31
*** Shadowphax has quit IRC06:33
*** AlexeyAbashkin has joined #openstack-dns07:10
*** rui2 has joined #openstack-dns07:15
*** Shadowphax has joined #openstack-dns07:16
*** blake has quit IRC07:21
*** rui2 has quit IRC07:29
*** rui2 has joined #openstack-dns07:31
*** rui2 has quit IRC07:32
Shadowphaxthanks mugsie07:39
*** briner has quit IRC07:41
*** peereb has joined #openstack-dns08:05
*** briner has joined #openstack-dns08:23
*** AlexeyAbashkin has quit IRC08:29
*** salmankhan has joined #openstack-dns08:57
*** salmankhan has quit IRC09:28
*** salmankhan has joined #openstack-dns09:31
*** AlexeyAbashkin has joined #openstack-dns09:36
*** briner has quit IRC09:49
*** trungnv has quit IRC10:02
*** kbyrne has quit IRC10:49
*** kbyrne has joined #openstack-dns10:51
mugsieKeithMnemonic: in theory yes, that could work.11:30
mugsiehowever.11:30
mugsieI would recommend against it11:30
mugsieand there is no upstream support for doing it that way :)11:30
*** diman has joined #openstack-dns11:37
*** briner has joined #openstack-dns11:40
*** briner has quit IRC11:49
*** rfreire has joined #openstack-dns11:53
openstackgerritPavlo Shchelokovskyy proposed openstack/designate master: Init config before service start  https://review.openstack.org/57688611:54
*** AlexeyAbashkin has quit IRC11:57
*** AlexeyAbashkin has joined #openstack-dns12:11
KeithMnemonicmugsie: Thanks! We had a query about using two different backend in one OpenStack deployment.12:56
mugsieyou can use 2 different backends, but I would tell people to do it in 2 different pools12:57
KeithMnemonicthat is what i meant, one pool for bind, one pool for inofblox12:58
Shadowphaxmugsie: what would the usecase be for that ?13:04
mugsiesorry, I completely miss read that13:04
mugsiethat is ++ KeithMnemonic13:04
mugsieShadowphax: if you have infoblox for internal DNS but want a real DNS server for external internet facing traffic13:05
Shadowphaxokay13:06
mugsieit allows you to have DNS zones availible to different networks, or have tiers of DNS services (so one teir may have servers globally, one has just US and one is just in a single DC)13:06
KeithMnemonicor vice versa, maybe your corp IT is Infoblox but for a devops lab you want something opensource13:07
Shadowphaxmugsie: how do I prevent the private address space from being looked up ?13:22
Shadowphaxi only want the floating_ip to be available externally13:22
Shadowphaxinternally the project zone private address space can be done13:23
*** briner has joined #openstack-dns13:25
*** briner has quit IRC13:29
*** brad[] has quit IRC14:02
*** peereb has quit IRC14:10
*** Shadowphax has quit IRC14:31
bnemecHey, I noticed that I was unable to delete my example.com. zone in a TripleO-based deployment, but it worked in devstack (tm).15:27
bnemecIt turns out that it's because puppet turns on recursion in BIND by default, and since example.com is a real domain it looked like it never went away.15:28
bnemecdevstack disable recursion though.15:28
bnemecIs that just for simplicity or should I not have recursion turned on in TripleO either?15:28
bnemecIt seems like that would make the Designate-managed BIND kind of useless as a general purpose DNS server though.15:29
kiallGenerally, it's best practice to split your authoritative DNS servers from your recursive DNS servers.15:32
kiallThere have been many DNS vunlerabilities over the years causes by combining the two15:33
*** diman has quit IRC15:34
*** rpittau has quit IRC15:35
bnemecOkay, that's good to know.  Thanks.15:47
*** Shadowphax has joined #openstack-dns15:57
*** pcaruana has quit IRC16:04
*** Shadowphax has quit IRC16:17
*** kberger has joined #openstack-dns16:51
mugsiebnemec: yeah, I would disable it in the tripleO bind server - it could also block people who move a domain to a new server from deleting a zone in designate17:00
*** briner has joined #openstack-dns17:02
*** briner has quit IRC17:05
bnemecmugsie: A lot of stuff suddenly makes more sense now that I know you're not supposed to have clients hit that server directly.17:05
bnemecUnfortunately it also complicates the deployment process quite a bit. :-)17:07
*** briner has joined #openstack-dns17:13
*** briner has quit IRC17:14
*** salmankhan has quit IRC17:20
*** briner has joined #openstack-dns17:40
*** kberger has quit IRC17:42
*** briner has quit IRC18:26
*** briner has joined #openstack-dns18:32
*** AlexeyAbashkin has quit IRC18:44
*** Shadowphax has joined #openstack-dns18:52
*** Shadowphax has quit IRC18:59
*** Shadowphax has joined #openstack-dns19:14
*** cmurphy is now known as cmurphy_vacation19:31
*** briner has quit IRC19:56
*** rfreire has quit IRC20:57
*** AlexeyAbashkin has joined #openstack-dns21:02
*** Shadowphax has quit IRC21:06
*** AlexeyAbashkin has quit IRC21:11
*** KeithMnemonic has quit IRC21:15
*** eandersson_ has joined #openstack-dns21:30
*** eandersson_ has quit IRC21:30
« Thursday, 2018-06-21 Index Saturday, 2018-06-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!