Designate bind9 backend missing recursion ACL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
New
|
Undecided
|
Unassigned |
Bug Description
Per https:/
I attempted to implement this via the kolla-ansible standard config change process:
```
diff --git c/etc/kolla/
new file mode 100644
index 000000000.
--- /dev/null
+++ w/etc/kolla/
@@ -0,0 +1,9 @@
+acl "private" {
+ 10.0.0.0/8;
+ 192.168.0.0/16;
+ 172.16.0.0/21;
+};
+
+options {
+ allow-recursion { private; };
+};
```
but this isn't being interpolated to the configuration file - just ignored by `... reconfigure --tags designate-
For now, i have manually added the ACL set and the allow-recursion option below `recursion yes;` and it works as expected on all 3 control nodes/bind containers.
Before the change it replied with `** server can't find google.com: REFUSED` to a lookup for google.com, now it says
```
Non-authoritative answer:
Name: google.com
Address: 142.250.80.46
Name: google.com
Address: 2607:f8b0:
```
Pretty sure this requires some jinja templating and config option changes in the YAML consumed by the Ansible code.
This is all wallaby
description: | updated |
description: | updated |
Problem persists in Xena