For note: Everyone should understand the basic of DNS BUT if you DO NOT… Then Please have a read below. Also here HERE
Maybe use some google fu (google; what is DNS) :)
What is DNS
How it works DNS
For example, when searching for cloud.example.com, the resolver starts with the root name server.. The root replies with the location of the .com name server. The resolver then contacts the .com name server to get the example.com name server. Finally, the resolver locates the cloud.example.com record and returns it to the user.
OpenStack Designate
- Designate is a multi-tenant DNSaaS service for OpenStack
Typically I am mostly demonstrating Designate in Red Hat OpenStack Platform deployed with TripleO. These notes should work with any though.
Basic components to Designate
Checking out the containers that are running the overcloud Controller nodes.
Designate API (designate-api container) Provides the OpenStack standard REST API for users and the RHOSP Networking service (neutron) to interact with designate.
Producer (designate-producer container) Orchestrates periodic tasks that are run by designate.
Central (designate-central container) Orchestrates zone and record set creation, update, and deletion. The Central service receives RPC requests sent by the Designate API service and applies the necessary business logic to the data while coordinating its persistent storage.
Worker (designate-worker container) Provides the interface to the drivers for the DNS servers that designate manages. The Worker service reads the server configuration from the designate database, and also manages periodic tasks that are requested by the Producer.
Mini DNS (designate-mdns container) Manages zone authoritative transfer (AXFR) requests from the name servers. The Mini DNS service also pulls DNS information about DNS zones hosted outside of the designate infrastructure.
BIND 9 (bind container) Provides a DNS server for the DNS service. This specifically acts as the authoritative nameserver.
Unbound (unbound container) Fulfils the role of the DNS recursive resolver, which initiates and sequences the queries needed to translate DNS requests into an IP address. Unbound is a DNS service and acts as the recursive resolver for all the OpenStack Instances.
On a Overcloud Controller node
- We can see these containers running using this command
podman ps -f name=designate
6c58b8c3b2b3 rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-backend-bind9:17.0 kolla_start 3 days ago Up 2 days ago designate_backend_bind9
af0d50f6b494 rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-api:17.0 kolla_start 3 days ago Up 2 days ago designate_api
b45ea1ba0cfb rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-central:17.0 kolla_start 39 hours ago Up 39 hours ago (unhealthy) designate_central
9ad43f7822bd rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-worker:17.0 kolla_start 39 hours ago Up 39 hours ago (unhealthy) designate_worker
de9c16afdcf5 rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-mdns:17.0 kolla_start 39 hours ago Up 39 hours ago (unhealthy) designate_mdns
a29ad769efc4 rhosp17d.ctlplane.localdomain:8787/rhosp-rhel9/openstack-designate-producer:17.0 kolla_start 39 hours ago Up 39 hours ago (unhealthy) designate_producer
Designate Command structure
- Detailed below are some command that are used to;
- Create a zone
- Create a recordset
- Recordsets in Designate are A, MX and CNAME
Sourcing the overcloudrc file as you expect, we’re working with the overcloud and not the undercloud in a OOO setup.
. overcloudrc
openstack zone create osp.example.com. --email jimboJones@example.com
- ONE very important note here, do NOT forget the
.aftercomas per this statement
The DNS domain must always be a fully qualified domain name (FQDN), meaning it will always end with a period.
Below is a Traceback of a zone created with no . to clearly understand this.
values {'name': 'osp.cbnode.com', 'type': 'PRIMARY', 'email': 'bobthedealer@example.com.'}: ValueError: Domain osp.cbnode.com does not end with a dot
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base Traceback (most recent call last):
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/adapters/base.py", line 188, in parse
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base values, output_object, *args, **kwargs)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/adapters/api_v2/zone.py", line 88, in _parse_object
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base values, object, *args, **kwargs)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/adapters/base.py", line 295, in _parse_object
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base setattr(output_object, obj_key, value)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/base.py", line 146, in __setattr__
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base super(DesignateObject, self).__setattr__(name, value)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/base.py", line 500, in setter
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base field_value = field.coerce(self, name, value)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base File "/usr/lib/python3.6/site-packages/designate/objects/fields.py", line 207, in coerce
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base raise ValueError("Domain %s does not end with a dot" % value)
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base ValueError: Domain osp.cbnode.com does not end with a dot
2023-04-05 23:49:15.290 8 ERROR designate.objects.adapters.base
Zone created BUT you can see that is is a PENDING STATE.
- This will take a few minutes to transition from
PENDINGtoACTIVE.- During the transition as you know it will do the backend work of creating the zone in Bind9.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2023-04-11T11:06:22.000000 |
| description | None |
| email | jimboJones@example.com |
| id | fe824efe-8071-4d66-924e-e011bea76add |
| masters | |
| name | osp.example.com. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | e9230f54fd874beaae42c940ba673d9e |
| serial | 1681211182 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
You can see the logs in /var/log/containers/designate/ of the zone we just created.
2023-04-11 11:06:23.049 10 INFO designate.worker.tasks.zone [req-ff134fd6-4ba6-40b3-9d82-a71ca3943cbe 10477bef4b8640289cbc80c3d693f63d e9230f54fd874beaae42c940ba673d9e - - -] Attempting CREATE on zone osp.example.com.
2023-04-11 11:06:23.050 10 DEBUG designate.worker.tasks.zone [req-ff134fd6-4ba6-40b3-9d82-a71ca3943cbe 10477bef4b8640289cbc80c3d693f63d e9230f54fd874beaae42c940ba673d9e - - -] Attempting CREATE zone osp.example.com. on <PoolTarget id:'1cf69bf8-327b-4538-a6f5-ade0a3aaaae4' type:'bind9' pool_id:'794ccc2c-d751-44fe-b57f-8894c9f5c842'> __call__ /usr/lib/python3.6/site-packages/designate/worker/tasks/zone.py:73
2023-04-11 11:06:23.050 10 DEBUG designate.backend.impl_bind9 [req-ff134fd6-4ba6-40b3-9d82-a71ca3943cbe 10477bef4b8640289cbc80c3d693f63d e9230f54fd874beaae42c940ba673d9e - - -] Create Zone create_zone /usr/lib/python3.6/site-packages/desi
gnate/backend/impl_bind9.py:81 2023-04-11 11:06:23.051 10 DEBUG designate.backend.impl_bind9 [req-ff134fd6-4ba6-40b3-9d82-a71ca3943cbe 10477bef4b8640289cbc80c3d693f63d e9230f54fd874beaae42c940ba673d9e - - -] Executing RNDC call: ['rndc', '-s', '172.22.60.246', '-p', '953', '-c', '/etc/designate/private/bind1.conf', 'addzone', 'osp.example.com { type slave; masters { 172.22.60.248 port 16000;}; file "slave.osp.example.com.fe824efe-8071-4d66-924e-e011bea76add"; };'] with timeout None _execute_rndc /usr/lib/python3.6/site-packages/designate/backend/impl_bind9.py:212
You can clearly see that rndc was called to create the zone in Bind9
Now the Zone has been created we can go ahead and create a recordset
- In this example, I will create a
Arecord to point to a server I have already created.
openstack recordset create --type A --record 172.22.60.184 osp.example.com. www
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2023-04-11T11:22:52.000000 |
| description | None |
| id | 1d53e4ea-f678-4671-91ad-da390da26aca |
| name | www.osp.example.com. |
| project_id | e9230f54fd874beaae42c940ba673d9e |
| records | 172.22.60.184 |
| status | PENDING |
| ttl | None |
| type | A |
| updated_at | None |
| version | 1 |
| zone_id | fe824efe-8071-4d66-924e-e011bea76add |
| zone_name | osp.example.com. |
+-------------+--------------------------------------+
Now check it…
(overcloud) [stack@ospdup ~]$ openstack zone list
+--------------------------------------+--------------------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+--------------------+---------+------------+--------+--------+
| 77a07231-6897-43e0-82b3-751937174428 | osp.cbnode.com. | PRIMARY | 1680782069 | ACTIVE | NONE |
| d00efc6c-39e7-4a02-a87b-131b1b948b34 | t1.osp.cbnode.com. | PRIMARY | 1681195670 | ACTIVE | NONE |
| fe824efe-8071-4d66-924e-e011bea76add | osp.example.com. | PRIMARY | 1681212172 | ACTIVE | NONE |
+--------------------------------------+--------------------+---------+------------+--------+--------+
(overcloud) [stack@ospdup ~]$ openstack recordset list fe824efe-8071-4d66-924e-e011bea76add
+--------------------------------------+----------------------+------+-------------------------------------------------------------------------+--------+--------+
| id | name | type | records | status | action |
+--------------------------------------+----------------------+-------+-------------------------------------------------------------------------+--------+--------+
| 45fbf101-9a1a-4a66-bf64-e9dc213e1c1a | osp.example.com. | NS | ns1.example.org. | ACTIVE | NONE |
| e0eb4a8f-c880-4fb8-b39d-94a658313110 | osp.example.com. | SOA | ns1.example.org. jimboJones.example.com. 1681212813 3561 600 86400 3600 | ACTIVE | NONE |
| 1d53e4ea-f678-4671-91ad-da390da26aca | www.osp.example.com. | A | 172.22.60.185 | ACTIVE | NONE |
+--------------------------------------+----------------------+------+-------------------------------------------------------------------------+--------+--------+
Now as we just created a record, we should be about to dig it.
dig @172.22.60.246 www.osp.example.com
- IP Address
172.22.60.246is the IP of the overcloud Controller node that is Listening on port 53- It is the DNS server.
; <<>> DiG 9.11.36-RedHat-9.11.36-7.el8 <<>> @172.22.60.246 www.osp.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56311
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2c2539ac1212d81b48ca5f046435463513b8324f07a101de (good)
;; QUESTION SECTION:
;www.osp.example.com. IN A
;; ANSWER SECTION:
www.osp.example.com. 3000 IN A 172.22.60.185
;; Query time: 1 msec
;; SERVER: 172.22.60.246#53(172.22.60.246)
;; WHEN: Tue Apr 11 21:36:21 AEST 2023
;; MSG SIZE rcvd: 92
Next up:
- Unbound DNS configuration to work with OpenStack overcloud Bind9 server
- OpenStack Designate TLD
- Designate Troubleshooting. (enable debug)