[Openstack] [Designate] Integration with Infoblox backend

Kiall Mac Innes kiall at macinnes.ie
Fri Jul 17 14:30:26 UTC 2015


Hi Jamie,

I'm afraid I can't comment on why Infoblox isn't transferring the data,
I would suspect something needs to be setup on that side to allow the
transfers. John (CC'd) can likely help you out with this part.

Some more comments inline.


On 17/07/15 08:31, Jaime Fernández wrote:
> We want Designate to use Infoblox as its DNS backend. We've following
> this guideline:
> http://docs.openstack.org/developer/designate/backends/infoblox.html
> 
> It does not work and we could not find what was the reason. When adding
> a record to a domain, mDNS tries to synchronize with Infoblox but it fails:
> 
> *
> 
> 2015-07-16 16:00:54.642 23660 INFO designate.mdns.notify
> [req-361d6bac-570f-420c-957c-d72f3593539f noauth-user noauth-project - -
> -] Sending 'SOA' for 'ost2.*xx*.' to '10.95.121.180:53
> <http://10.95.121.180:53>'.
> 
> 2015-07-16 16:00:54.654 23660 INFO designate.mdns.notify
> [req-361d6bac-570f-420c-957c-d72f3593539f noauth-user noauth-project - -
> -] ost2.*xx*. not found on 10.95.121.180:53 <http://10.95.121.180:53>
> 
> 2015-07-16 16:00:54.655 23660 WARNING designate.mdns.notify
> [req-361d6bac-570f-420c-957c-d72f3593539f noauth-user noauth-project - -
> -] Got lower serial for 'ost2.*xx*.' to '10.95.121.180:53
> <http://10.95.121.180:53>'. **Expected:'1438054443'. Got:'None'.Retries
> left='5'
> *
> I'm afraid that I need to clarify some doubts before:
> 
> a) I added a server (name server) with REST API v1. Without any server,
> I could not create a domain. This server targets to Designate mDNS. Is
> it correct?


No, these should be the DNS servers you expect end-users will query - in
your case - the InfoBlox appliances.


> 
> b) What's the purpose of the pool manager (integrated with Infoblox via
> API) when data is synchronized via DNS (NOTIFY & AXFR)?


Pool Manager was introduced as a service that handles the orchestration
of ensuring data makes it to the end-user facing nameservers, breaking
away from the fully synchronous pattern we had before.

Previously, an API call would not complete until all end-user
nameservers had the data present, which was terrible for servers like
BIND where you might need to call our to 100 servers.

Now, we commit changes to our DB, inform pool-manager of a change, and
complete the API call. pool-manager will, in the background, ensure all
the data is pushed out.


> c) Why I can see the records via API, but I cannot resolve them via mDNS?
> 
> $ dig @localhost prueba2.ost2.xx
> 
> [SNIP]
> 
> It looks like the DNS query is refused.


Is this actually mDNS you're querying? By default, we listen on port
5354 for this - and - is there an A record present at prueba2.ost2.xx?
Normally, I would do a SOA query for the domain name itself as a quick
check, as it will always exist.

Thanks,
Kiall





More information about the Openstack mailing list