Designate

DNS notification based on TSIG is not supported

Bug #1875939 reported by hamza on 2020-04-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Designate	Fix Released	Wishlist	hamza

Bug Description

in the pool.yaml the user can define

  # Optional list of additional IP/Port's for which designate-mdns will send
  # DNS NOTIFY packets to
  also_notifies:
   - host: 192.0.2.4
     port: 53

based on the link below
https://docs.openstack.org/designate/latest/admin/pools.html

but the notification does not the have the option to to notify
based on TSIG which can be useful for (internal, external) view handling

for example if the change include recordset with public IP record use external TSIG and if private IP record use the internal TSIG for notifications

Tags:

Revision history for this message

Dr. Jens Harbott (j-harbott) wrote on 2020-04-29:

This is similar to https://bugs.launchpad.net/designate/+bug/1852902 , maybe you can create a common spec.

Changed in designate:
status:	New → Triaged
importance:	Undecided → Wishlist

Revision history for this message

hamza (alqtaishat) wrote on 2020-05-08:

ok i will do the SPEC for this

Revision history for this message

hamza (alqtaishat) wrote on 2020-05-11:

just initial thought for the https://bugs.launchpad.net/designate/+bug/1852902
When the user add TSIG key to a zone and the backend is BIND, PDNS then using command line Nsupdate, and PDNS api (depend on dns server version) the tsig key will be added to backend plugin
A designate configuration can be added to enable/disable this feature and it will be disabled by default for backward compatibility

for the split view:

Solution 1.
I was working on this before https://review.opendev.org/#/c/693583/
which add the concept of internal/external view to the recordset so when an AXFR/also-notify happens for the recordset it will choose the right tsig-key, or response with the correct recordsets based on the tsig-key
for example if the recordset is marked external, external tsig-key is used for also-notify and this recordset will appear in the external view in AXFR if the external tsig-key is used

but before u said before u need more details about it (if this is ok i can provide more details)

Solution 2:
A new Type of zones is created called split-view when the user create a split-view zone designate will do the following
    * Create two zones in the backend
          Zone-internal
          Zone-external
    * Create two tsig-keys and attach them to the zone
          Internal-tsig key
          External-tsig key
    * In the backend plugin attach tsig-key to corresponding zone (internal/external)
    * AXFR/also-notify will be handled by the backend plugin

what do u think about each direction ( each one has cons/pros )

the idea with designate and split-view the user should know only one zone example.com. (not multiple internal / external zones)

am sending this to point me in the right direction so i can begin writing detailed SPEC

Revision history for this message

hamza (alqtaishat) wrote on 2020-05-12:

and i think this ticket is related too https://bugs.launchpad.net/designate/+bug/1877681

Revision history for this message

hamza (alqtaishat) wrote on 2020-05-15:

any update on this? :)

Revision history for this message

hamza (alqtaishat) wrote on 2020-06-01:

i added a spec for the second solution below the link
https://review.opendev.org/732450

OpenStack Infra (hudson-openstack) on 2020-06-01

Changed in designate:
assignee:	nobody → hamza (alqtaishat)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-30: Fix merged to designate-specs (master)

Reviewed: https://review.opendev.org/732450
Committed: https://git.openstack.org/cgit/openstack/designate-specs/commit/?id=9dc089be2b6bdaa6d9cbbc8ccece2b310536c4d2
Submitter: Zuul
Branch: master

commit 9dc089be2b6bdaa6d9cbbc8ccece2b310536c4d2
Author: hamalq <email address hidden>
Date: Mon Jun 1 20:53:13 2020 +0000

Adding a spec for implementing the split view feature in designate

The spec include the details about the implementation of split_view
Closes-Bug:1875939

Change-Id: Ib646c3065d9cffa75e2763115a38ad718bfe2490

Changed in designate:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-26: Related fix proposed to designate (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/748285

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-09-30: Fix proposed to designate (master)

Fix proposed to branch: master
Review: https://review.opendev.org/755379

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-09-24: Change abandoned on designate (master)

#10

Change abandoned by "Erik Olof Gunnar Andersson <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/designate/+/755379

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Split View

Remote bug watches

Bug watches keep track of this bug in other bug trackers.