| *** livelace has quit IRC | 00:43 | |
| *** livelace has joined #openstack-dns | 00:43 | |
| *** abaindur has quit IRC | 01:05 | |
| openstackgerrit | Merged openstack/designate stable/queens: import zuul job settings from project-config https://review.openstack.org/593314 | 02:09 |
|---|---|---|
| *** abaindur has joined #openstack-dns | 04:04 | |
| openstackgerrit | Nguyen Hai proposed openstack/python-designateclient stable/queens: import zuul job settings from project-config https://review.openstack.org/592863 | 04:42 |
| openstackgerrit | Merged openstack/designate stable/rocky: import zuul job settings from project-config https://review.openstack.org/593316 | 05:30 |
| openstackgerrit | Merged openstack/designate stable/ocata: import zuul job settings from project-config https://review.openstack.org/593310 | 05:30 |
| *** abaindur has quit IRC | 05:38 | |
| *** abaindur has joined #openstack-dns | 05:38 | |
| openstackgerrit | Merged openstack/designate stable/pike: import zuul job settings from project-config https://review.openstack.org/593312 | 05:39 |
| *** pcaruana has joined #openstack-dns | 06:42 | |
| *** abaindur has quit IRC | 07:22 | |
| *** ginopc has joined #openstack-dns | 07:42 | |
| *** phasespace has joined #openstack-dns | 09:28 | |
| phasespace | Hi! Does designate support using TSIG to sign messages to bind9 slaves? If so, where do I configure it? | 09:30 |
| openstackgerrit | Tytus Kurek proposed openstack/designate master: NAPTR DNS records https://review.openstack.org/594126 | 10:53 |
| mugsie | phasespace: create a tsigkey with openstack tsigkey create --name <name> --algorithm <algorithm> --secret <secret> --scope POOL --resource-id <POOL-ID> | 12:20 |
| phasespace | mugsie, thanks for answering. I've done so already. Does this mean mDNS will automatically sign notify messages using this key? | 12:23 |
| phasespace | (btw, i'm using the ocata version) | 12:24 |
| mugsie | phasespace: oh - no it will just enforce that the bind slave uses that key to request a zone transfer | 12:25 |
| mugsie | that does seem like a good addition though, if you file a bug, we should add that to the back log | 12:25 |
| phasespace | Ok, thank you for clarifying | 12:31 |
| phasespace | If an attacker knows the ip of a designate master, wouldn't it then be possible to spoof a dns notify packet and cause the slave to trigger a full zone transfer? (since there is no TSIG signature check) | 12:50 |
| mugsie | phasespace: yes, but it will do a zone transfer from the listed master | 13:41 |
| mugsie | so, it may be a potentional DOS area, but the data should be consistent | 13:42 |
| phasespace | Yes, it was the DOS aspect of it I was thinking about. Thanks for answering my questions | 14:12 |
| *** phasespace has quit IRC | 14:17 | |
| *** phasespace has joined #openstack-dns | 14:40 | |
| *** Leo_m has joined #openstack-dns | 14:54 | |
| *** ginopc has quit IRC | 15:01 | |
| *** pcaruana has quit IRC | 15:09 | |
| eandersson | mugsie, https://review.openstack.org/#/c/593096/ https://review.openstack.org/#/c/594126/ | 16:06 |
| eandersson | I assume these two needs to include a sql upgrade path? | 16:06 |
| mugsie | yup | 16:06 |
| mugsie | I need to review - the change is wrong for the DB schema (in CAA anyway) | 16:07 |
| *** phasespace has quit IRC | 16:48 | |
| openstackgerrit | Pavlo Shchelokovskyy proposed openstack/designate-tempest-plugin master: Add test for quota set for invalid project https://review.openstack.org/580142 | 17:14 |
| openstackgerrit | Pavlo Shchelokovskyy proposed openstack/designate master: Add docs for project-id verification feature https://review.openstack.org/588509 | 17:19 |
| *** abaindur has joined #openstack-dns | 18:36 | |
| *** abaindur has quit IRC | 18:36 | |
| *** abaindur has joined #openstack-dns | 18:37 | |
| *** andrewbogott has quit IRC | 18:37 | |
| *** Chealion has quit IRC | 18:42 | |
| *** fyx has quit IRC | 18:42 | |
| *** therve has quit IRC | 18:42 | |
| *** bnemec has quit IRC | 19:20 | |
| *** bnemec has joined #openstack-dns | 19:20 | |
| *** ullbeking has quit IRC | 19:33 | |
| *** harmw has quit IRC | 19:34 | |
| *** ullbeking has joined #openstack-dns | 19:35 | |
| *** w|zzy has quit IRC | 19:39 | |
| *** ntr0py_ has quit IRC | 19:39 | |
| *** bauruine has quit IRC | 19:46 | |
| *** w|zzy has joined #openstack-dns | 19:49 | |
| *** bauruine has joined #openstack-dns | 19:58 | |
| *** Tahvok_ has joined #openstack-dns | 20:12 | |
| *** Tahvok has quit IRC | 20:19 | |
| *** Tahvok_ is now known as Tahvok | 20:19 | |
| *** blake has joined #openstack-dns | 20:29 | |
| *** blake has quit IRC | 20:53 | |
| *** blake has joined #openstack-dns | 20:54 | |
| *** blake_ has joined #openstack-dns | 21:55 | |
| *** blake_ has quit IRC | 21:55 | |
| *** blake has quit IRC | 21:59 | |
| *** Leo_m has quit IRC | 22:44 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!