| *** ianychoi__ is now known as ianychoi | 00:34 | |
| *** hamalq has quit IRC | 01:10 | |
| *** icey_ is now known as icey | 07:43 | |
| openstackgerrit | Merged openstack/designate stable/stein: Adding distributed locking to central https://review.opendev.org/c/openstack/designate/+/776288 | 10:00 |
|---|---|---|
| *** mugsie_ is now known as mugsie | 10:16 | |
| *** zigo has joined #openstack-dns | 13:21 | |
| openstackgerrit | Nicolas Bock proposed openstack/designate stable/stein: Update zones masters using pool target masters. https://review.opendev.org/c/openstack/designate/+/744796 | 13:44 |
| openstackgerrit | Nicolas Bock proposed openstack/designate stable/ussuri: Update zones masters using pool target masters. https://review.opendev.org/c/openstack/designate/+/743610 | 13:47 |
| nicolasbock | johnsom: I am working on getting the series https://review.opendev.org/q/I9dddd4130a0cbb29311eeb52e077e216c8c03f3a green so we can merge them. If I remember correctly this change was one you wanted to see in Stein before we might cut another release. | 16:05 |
| johnsom | Cool, that is a good bug to get fixed | 16:27 |
| *** icey has quit IRC | 16:33 | |
| *** icey has joined #openstack-dns | 16:34 | |
| *** hamalq has joined #openstack-dns | 17:16 | |
| hamalq | hi can i get +1 on https://review.opendev.org/c/openstack/designate/+/754226/ | 17:17 |
| nicolasbock | Sorry for the delays hamalq | 17:43 |
| nicolasbock | I left you some comments | 17:43 |
| hamalq | am doing the changes :) | 17:47 |
| openstackgerrit | hamza proposed openstack/designate master: Adding split horizon documentation https://review.opendev.org/c/openstack/designate/+/754226 | 17:52 |
| hamalq | donee | 17:52 |
| hamalq | @nicolasbock thanks for the review | 17:53 |
| nicolasbock | Thanks hamalq . I'll have another look soon. | 18:01 |
| *** spatel has joined #openstack-dns | 18:36 | |
| hamalq | thanks | 18:43 |
| eandersson | Is Designate meant to allow for ns records to be created for child zones? e.g. should office.home.com be allowed to create an NS record for the sub-domain dev? dev.office.home.com NS 192.168.0.1 | 20:48 |
| eandersson | I don't think we allow that todayu | 20:48 |
| *** spatel has quit IRC | 21:10 | |
| nicolasbock | Hmm, how would you define one in the zone file? Would you need to create another SOA entry eandersson ? | 21:22 |
| eandersson | I don't belive so. This would be in place to allow recursive lookups. | 21:24 |
| nicolasbock | You can do `openstack recordset create --records 1.1.1.1 --type A example.com. host1.subdomain` right now | 21:25 |
| nicolasbock | But that's not maybe what you want | 21:25 |
| eandersson | Yea - the problem is that you might have child zones | 21:25 |
| eandersson | e.g. | 21:25 |
| eandersson | openstack zone create home.com | 21:26 |
| eandersson | openstack zone create office.home.com | 21:26 |
| eandersson | openstack zone create dev.home.com | 21:26 |
| eandersson | openstack zone create prod.home.com | 21:26 |
| nicolasbock | I don't think we can do that as a child zone. They would be independent zones. | 21:27 |
| eandersson | I think I need to do some light reading on how this is meant to work. | 21:28 |
| eandersson | Maybe johnsom has some insight into the RFCs :D | 21:28 |
| nicolasbock | Haha | 21:28 |
| nicolasbock | I found this: https://nnc3.com/mags/Networking2/dns/ch09_04.htm | 21:29 |
| johnsom | What is the question you summoned me for???? Hi | 21:29 |
| eandersson | The idea is that other DNS servers not controlled by designate might only be aware of home.com, and to allow recursive lookups you would add NS records for the sub domains | 21:30 |
| eandersson | So home.com would have a NS pointing at office.home, office.com would have NS records for dev and prod | 21:30 |
| eandersson | Currently in designate adding a NS for DEV in office.home.com would result in a RecordSet belongs in a child zone dev.home.com | 21:31 |
| eandersson | johnsom basically asking if you know if this is WAI :D ^ | 21:32 |
| eandersson | brb food | 21:32 |
| johnsom | hahaha, summons me, then runs | 21:32 |
| johnsom | I guess I'm not following the scenario here well. | 21:33 |
| nicolasbock | There appear to be different ways of managing a subdomain johnsom . Unfortunately that's all I can say at this point. I am still reading how this is supposed to work :) | 21:34 |
| johnsom | The original question, can you add delegation from a Designate "owned" zone, sure, it should be possible. I.e. adding NS records in example.com for eandersson-food.example.com. | 21:34 |
| nicolasbock | There we go :) | 21:35 |
| nicolasbock | By the way, https://review.opendev.org/c/openstack/designate/+/743610 is green now. johnsom, eandersson, could you have a look? | 21:35 |
| nicolasbock | This one is green too, but we need the Ussuri patch first. https://review.opendev.org/c/openstack/designate/+/743611 | 21:36 |
| johnsom | nicolasbock Cool, thanks. Technically I am on vacation today and Monday, so I haven't been following too closely | 21:36 |
| nicolasbock | The backport to Stein keeps timing out for some reaons | 21:36 |
| nicolasbock | Oh sorry | 21:36 |
| johnsom | No, no worries | 21:36 |
| nicolasbock | Didn't mean to rope you in here on your vacation | 21:36 |
| nicolasbock | But that was eandersson 's fault ;) | 21:36 |
| johnsom | Exactly | 21:37 |
| johnsom | grin | 21:37 |
| johnsom | It's a distraction from doing my taxes | 21:40 |
| johnsom | There is a check like: https://github.com/openstack/designate/blob/master/designate/api/v2/controllers/zones/recordsets.py#L116 | 21:43 |
| johnsom | You can't hack the zones that are owned by Designate. | 21:44 |
| eandersson | https://opendev.org/openstack/designate/src/branch/master/designate/central/service.py#L322 | 21:46 |
| eandersson | This is the one I saw as well preventing the NS record from being created in the parent. | 21:46 |
| eandersson | Also taxes -_- I haven't even started mine | 21:46 |
| johnsom | Today was an opportunity, so... | 21:47 |
| johnsom | I'm not sure I answered your question or not. | 21:47 |
| eandersson | Yea you did | 21:47 |
| johnsom | Cool, I hope I was right. grin | 21:47 |
| eandersson | I wonder if it is as simple just excluding NS records from that check | 21:48 |
| johnsom | Why? That check is valid. | 21:49 |
| johnsom | A delegation for eandersson-food.example.com must be under example.com. You can't create a delegation for eandersson-food.tacos.com from an example.com zone. | 21:50 |
| eandersson | oh yea https://opendev.org/openstack/designate/src/branch/master/designate/central/service.py#L371 | 21:50 |
| eandersson | Wrong function | 21:50 |
| eandersson | Line 378 is what actually throws the error | 21:51 |
| eandersson | Let me reproduce the error | 21:51 |
| johnsom | I vaguely remember a bug or someone talking about this check. | 21:54 |
| johnsom | I think the intent is if you are adding a record burger.eandersson-food.example.com to the example.com zone, should there be a eandersson-food.example.com zone, deny it and make them create burger in the eandersson-food.example.com zone instead. | 21:56 |
| eandersson | From what I understand the issue is that there is a root server that only knows of example.com, and the "local" dns server is meant to recursively lookup records from e.g. eandersson-food.example.com | 21:56 |
| eandersson | but without a NS record in example.com pointing at eandersson-food the local DNS server wouldn't allow recursive lookups | 21:56 |
| johnsom | Well, you can delegate eandersson-food to designate authoritative servers from the example.com zone. That way it is globally resolvable. | 21:57 |
| eandersson | Right | 22:00 |
| eandersson | openstack recordset create example.com. eandersson-food --type NS --record '192.168.0.1' --record '192.168.0.2' | 22:03 |
| eandersson | This is one way of doing that right? | 22:03 |
| eandersson | In this case designate owns both example.com and eandersson-food.example.com | 22:03 |
| johnsom | I'm confused, if Designate owns (by own I think has a zone defined and manages the authoritative zone in bind/pdns), there are zone records for both example.com and eandersson-food.example.com in Designate. In which case, you cannot touch the NS records. | 22:06 |
| johnsom | If Designate just has a zone for example.com, then yeah, you would add a NS record (which BTW, are FQDN "records") for each authoritative server that hosts the eandersson-food zone. You need glue records for the NS FQDNs | 22:08 |
| eandersson | Don't worry I am confused too. | 22:08 |
| johnsom | I guess I should say, you may need glue records | 22:08 |
| johnsom | I can take one more pass at describing delegation if that would help. | 22:13 |
| johnsom | To delegate eandersson-food.example.com to an outside DNS server (i.e. not a zone owned by Designate) you would end up with the following in the example.com zone file (owned by Designate in this example): | 22:14 |
| johnsom | eandersson-food.example.com IN NS ns1.eandersson-food.example.com | 22:15 |
| johnsom | and a glue record: | 22:15 |
| johnsom | ns1.eandersson-food.example.com IN A 192.0.2.99 | 22:16 |
| johnsom | Where 192.0.2.99 is the authoritative DNS server that will host eandersson-food.example.com | 22:16 |
| johnsom | This topic is actually one michchap and I have been talking about recently in our "upstream docs needed" series. The designate docs don't have cookbooks for how to integrate Designate into an existing DNS infrastructure. It's on our TODO list. | 22:21 |
| eandersson | Awesome! Yea I think that is it | 22:45 |
| eandersson | johnsom when you are off vacation https://bugs.launchpad.net/designate/+bug/1917099 | 23:35 |
| openstack | Launchpad bug 1917099 in Designate "NS records for child zones should be allowed to exist in parent zones" [Undecided,New] | 23:35 |
| *** hamalq has quit IRC | 23:40 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!