Tuesday, 2018-09-11

« Monday, 2018-09-10 Index Wednesday, 2018-09-12 »
*** Leo_m_ has quit IRC00:00
*** abaindur has quit IRC00:43
*** abaindur has joined #openstack-dns00:44
*** abaindur_ has joined #openstack-dns00:47
*** abaindur has quit IRC00:48
*** abaindur_ has quit IRC01:09
KrenairIn Horizon when I go to create a record set there's no option for the NS type. Is that normal?01:35
Krenair -> https://bugs.launchpad.net/designate-dashboard/+bug/179186502:03
openstackLaunchpad bug 1791865 in Designate Dashboard "Can't create NS record?" [Undecided,New]02:03
*** kiall has joined #openstack-dns04:12
*** kiall has joined #openstack-dns04:12
*** pcaruana has joined #openstack-dns05:00
*** pcaruana has quit IRC05:09
*** AlexeyAbashkin has joined #openstack-dns06:06
*** AlexeyAbashkin has quit IRC06:10
*** Emine has quit IRC06:32
*** ginopc has joined #openstack-dns07:10
*** pcaruana has joined #openstack-dns07:13
*** ginopc has quit IRC07:54
*** ginopc has joined #openstack-dns07:54
*** AlexeyAbashkin has joined #openstack-dns08:01
*** Emine has joined #openstack-dns08:31
*** trident has quit IRC09:15
*** trident has joined #openstack-dns09:16
*** bnemec has quit IRC09:49
*** rpittau has joined #openstack-dns10:20
*** rpittau has quit IRC10:21
*** rpittau has joined #openstack-dns10:21
*** trungnv has quit IRC10:50
*** trungnv has joined #openstack-dns10:51
*** ircuser-1 has joined #openstack-dns11:00
*** ginopc has quit IRC12:58
*** ginopc has joined #openstack-dns13:03
*** bnemec has joined #openstack-dns14:20
*** Leo_m has joined #openstack-dns14:29
*** bnemec has quit IRC14:39
*** sapd1_ has joined #openstack-dns14:44
*** pcaruana has quit IRC14:47
*** bnemec has joined #openstack-dns15:08
*** aniketh has joined #openstack-dns15:23
*** Emine has quit IRC15:44
*** ginopc has quit IRC15:57
*** joshkelly has joined #openstack-dns16:50
joshkellyHi everybody, I'm new here. I have a question about an issue I'm running into with a 2nd Designate host and BIND916:53
joshkellywhat happened was we changed the host we are running designate worker and mdns on. The first one went down, we brought up a 2nd designate worker/mdns host. Now the zones that were created using the 1st Designate host are in Error and only new zones created with the 2nd Designate host are working. We are also seeing notify refused from non-master on the bind server. I have set allow-notify{designate ho17:02
joshkellyst ip}, but no luck.17:02
joshkellySimilarily, how does this work when we have multiple designate workers/mdns's? Which one is the master?17:02
*** bnemec has quit IRC17:09
*** AlexeyAbashkin has quit IRC17:09
*** sapd1_ has quit IRC17:13
*** bnemec has joined #openstack-dns17:13
*** Leo_m has quit IRC17:17
*** pcaruana has joined #openstack-dns17:32
*** abaindur has joined #openstack-dns18:04
devxin my limited experience all dns servers have to be up18:22
*** joshkelly has quit IRC18:27
*** joshkelly has joined #openstack-dns18:35
*** bnemec has quit IRC18:40
joshkelly@devx The issue is that the first Designate host was removed due to h/w issues and won't be coming back online anytime soon.18:41
*** Leo_m has joined #openstack-dns18:41
*** briner has joined #openstack-dns18:45
*** joshkelly has quit IRC19:05
*** joshkelly has joined #openstack-dns19:06
abaindurdevx: similarily, how does this work when we have multiple designate workers/mdns's? Which one is the master? Wouldn't the bind server receive NOTIFYs and zone transfers from different IPs?19:31
*** briner has quit IRC19:35
mugsieabaindur: you would usually have mulitple masters19:42
mugsiejoshkelly: the allow-notfiy should be working on bind19:42
abaindurWhat if as joshkelly mentioned, one went away and we had to replace them (or all) with different hosts19:42
abaindurin thise case, we updated the pools.yaml to have IPs of new designate hosts, re-ran db sync command19:43
mugsieyou may have to loop through the zones on the bind server to update the masters19:43
abaindurpre-existing zones error out in bind saying refused from non-master19:43
abaindurbut new zones create fine19:43
abaindurmugsie: thanks, thats what i figured. any idea how to exactly do that? "loop through the zones on the bind server" - do you mean manually edit the bind zone files?19:44
mugsieunfortunately, i think so19:44
mugsiethere may be a global setting19:44
mugsielet me hve a look19:45
abaindurI guess it makes sense from a security point of view... im a bind DNS server previously talking to server A. I wouldn't all of a sudden trust IP B sending me DNS packets19:45
mugsieabaindur: it looks like it has to be manual :/19:46
mugsieyeah19:46
abaindurmanual meaning editng the zone files?19:46
abaindurok we'll have to look into that... haven't mucked around with bind manually much19:46
abaindurmugsie: also had a question about zone imports/exports. As I understand, this is just to import into designate's DB the zones/records from another Openstack/designate deployment19:47
abaindur?19:47
abaindurbasically move from one cloud deployment into another?19:48
mugsieor other DNS servers - it imprts and exports a standard text/dns formatted file19:48
mugsienearly all DNS servers can import and export from this format19:48
mugsieit also allows for point in time backup19:49
abaindurah ok. thats where i hit same issue joshkelly described. I exported a zone from one Openstack cloud, imported into another. Designate loaded all the zones and records, but I was unable to add any records to them with same "refused notify from non master"19:49
abaindurbecause bind still thought master was the old cloud19:49
abaindurmugsie: one more ?19:52
mugsiesure :)19:53
abaindurwhat does then the allow-notify { any }; do in bind?19:53
abaindurallow-transfer any as well19:53
mugsieit is supposed to be a setting that allows any node to say "go pull the latest zone data from your master"19:53
mugsiebut, I have never seen it work19:54
abaindurThis is in the named.conf file. I believe I tried changing that to any, but still saw the same error So I guess it does something completely different19:54
mugsiethe allow-transfer allows any other client to do a AFXR pull from bind19:54
mugsiethis would allow anyone to see all your records19:54
abaindurah19:55
*** pcaruana has quit IRC19:55
mugsieanyone could do `dig AFXR zone.tld @bind-ip` to get all records19:56
mugsieabaindur: oh - if a zone also has a "allow-notify" block it could be overriding the one in named.conf19:58
joshkellymugsie: Thank you! This is really helpful20:05
mugsiejoshkelly: no problem20:08
joshkellyIf we want to run multiple designate hosts then how would we need to configure the environment so that all designate hosts can notify the BIND servers? Essentially add all IPs to the zone allow-notify.20:17
mugsieyeah, that can be set in the pools.yaml20:21
*** bnemec has joined #openstack-dns20:23
mugsiejust add extra masters in the targets section20:25
devxmugsie are you available to sync up about designate integration with nuetron & nova?20:26
mugsiedevx: I am20:26
mugsiedoes 3:30pm suit?20:26
devxsure20:27
devxwe can meet by registration if you want. then figure out where to go20:29
mugsiedevx: I just booked ballroom C20:30
devxok see you there20:30
*** bnemec has quit IRC21:17
*** Leo_m_ has joined #openstack-dns21:20
*** bnemec has joined #openstack-dns21:21
*** Leo_m_ has quit IRC21:22
*** Leo_m has quit IRC21:22
*** aniketh has quit IRC21:27
mugsiedevx: https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html21:27
mugsiedevx: https://launchpad.net/~grahamhayes/+sshkeys21:43
d34dh0r53devx: curl -O https://github.com/d34dh0r53.keys >> ~/.ssh/authorized_keys21:43
*** Emine has joined #openstack-dns21:45
devx65.61.151.11021:45
*** Emine has quit IRC21:49
*** bnemec has quit IRC22:17
*** joshkell_ has joined #openstack-dns23:22
*** joshkelly has quit IRC23:25
*** joshkell_ has quit IRC23:42
*** joshkelly has joined #openstack-dns23:43
« Monday, 2018-09-10 Index Wednesday, 2018-09-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!