maas hooks/triggers for dns (de-)registration
LaMont Jones
lamont at mmjgroup.com
Wed Mar 29 17:57:02 UTC 2017
On Wed, Mar 29, 2017 at 03:36:19PM +0200, Patrizio Bassi wrote:
> 2017-03-29 15:18 GMT+02:00 Andres Rodriguez <andres.rodriguez at canonical.com>
> :
>
> > Hi Patrizio,
> >
> > I have an external dns providing name resolution for bare metal machines
> >> and everything works fine.
> >> Basically we have a subnet 10.10.xxx.xxx/16 allocated where first
> >> addresses are statically registered in the dns server, while the others are
> >> "assigned" (meaning, without any hostname association) to maas so it can
> >> dynamically use them.
> >>
> >
> > Does this mean that your machines in MAAS share the same hostname as those
> > in your upstream DNS server? Are you configuring MAAS DNS to point to the
> > upstream DNS (Under the Settings page). This would allow MAAS to use your
> > upstream DNS server to resolve for domains names MAAS doesn't know about.
> >
>
> Dear Andres,
>
> MAAS is configured like this:
> 1) under global settings it has the upstream DNS (Infoblox) to resolve
> hostnames it doesn't know, this dns list is passed to maas-deployed
> machines too
> 2) the upstream DNS has some (read: first 50s) ips/hostnames already
> configured in the network 10.x.x.x we are using
> 3) under DNS settings MAAS has the domain configured as not Authoritative.
> in the Subnet network, infact i reserved the first 50 ips not to be used by
> MAAS (statically allocated in our upstream dns)
> 4) when MAAS commissions a machine or a juju container it can allocate
> ip/hostname without problems but, as it's not authoritative and as our
> clients are pointing to upstream dns, we do need to notify upstream server
> to add new entry (and remove when it's gone)
The better solution would be to have the infoblox DNS delegate a zone to
MAAS and slave it. Even if that means using an RFC2317 network. (MAAS
will happily work with that.) Then the entries get added and removed
for you, and the slave zone (since you added the NS RR pointing at
it...) will get notified and refresh.
MAAS really needs to be authoritative for the netblock that it's
managing. That reality drove the DNS design, not the other way around.
lamont
More information about the Maas-devel
mailing list