Ubuntu
maas package

maas incorrectly overmanages DNS reverse zones

Bug #1356012 reported by LaMont Jones
34
This bug affects 5 people
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
High
LaMont Jones
MAAS 2.0.0
1.9
Won't Fix
Wishlist
Unassigned
maas (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

when I configure maas to manage DNS and DHCP for 10.89.64.0/20, it creates a reverse zone for 89.10.in-addr.arpa.

If 10.89.0.0/16 is in use for other things, and only 10.89.64.0/20 was delegated to scalingstack, then no reverse DNS can happen, since the parent zone will win the argument.

In this case, maas needs to create the following zones, and properly populate them (nsupdate will do the right thing if the zone declarations are correct):
    64.89.10.in-addr.arpa
    65.89.10.in-addr.arpa
    ...
    78.89.10.in-addr.arpa
    79.89.10.in-addr.arpa
(a total of 16 zones.)

Seen on trusty:
ii maas-dns 1.5.2+bzr2282-0ubuntu0.2 all MAAS DNS server

Please let me know what other information you need.

lamont

Tags: dns

Related branches

lp:~lamont/maas/dns-2.0
Mike Pontillo (community): Approve
Diff: 917 lines (+389/-151)
7 files modified
etc/maas/templates/dns/named.conf.template (+4/-2)
src/maasserver/dns/config.py (+4/-3)
src/provisioningserver/dns/actions.py (+17/-12)
src/provisioningserver/dns/config.py (+15/-4)
src/provisioningserver/dns/tests/test_actions.py (+4/-4)
src/provisioningserver/dns/tests/test_zoneconfig.py (+179/-52)
src/provisioningserver/dns/zoneconfig.py (+166/-74)
lp:~lamont/maas/dns-1.9
Rejected for merging into lp:maas/1.9
MAAS Committers: Pending requested
Diff: 917 lines (+389/-151)
7 files modified
etc/maas/templates/dns/named.conf.template (+4/-2)
src/maasserver/dns/config.py (+4/-3)
src/provisioningserver/dns/actions.py (+17/-12)
src/provisioningserver/dns/config.py (+15/-4)
src/provisioningserver/dns/tests/test_actions.py (+4/-4)
src/provisioningserver/dns/tests/test_zoneconfig.py (+179/-52)
src/provisioningserver/dns/zoneconfig.py (+166/-74)
lp:~lamont/maas/rfc2317-small-subnet-rdns
Blake Rouse (community): Approve
Diff: 27 lines (+8/-2)
1 file modified
src/maastesting/factory.py (+8/-2)
lp:~lamont/maas/bug-1356012
Blake Rouse (community): Approve
Diff: 661 lines (+238/-26)
14 files modified
src/maasserver/api/subnets.py (+10/-1)
src/maasserver/api/tests/test_subnets.py (+7/-0)
src/maasserver/dns/tests/test_config.py (+12/-6)
src/maasserver/dns/tests/test_zonegenerator.py (+53/-9)
src/maasserver/dns/zonegenerator.py (+38/-2)
src/maasserver/enum.py (+26/-0)
src/maasserver/forms_subnet.py (+5/-0)
src/maasserver/migrations/builtin/maasserver/0023_add_rdns_mode.py (+22/-0)
src/maasserver/models/subnet.py (+7/-0)
src/maasserver/models/tests/test_subnet.py (+5/-2)
src/maasserver/testing/factory.py (+3/-2)
src/maasserver/websockets/handlers/tests/test_subnet.py (+1/-0)
src/provisioningserver/dns/tests/test_zoneconfig.py (+4/-2)
src/provisioningserver/dns/zoneconfig.py (+45/-2)
LaMont Jones (lamont)
summary: - maas incorrectly overmanages DNS
+ maas incorrectly overmanages DNS reverse zones
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in maas (Ubuntu):
status: New → Confirmed
Revision history for this message
Julian Edwards (julian-edwards) wrote :

This was a known issue when the code was originally written. I'm not sure the solution you write about was ever considered, so I am sure Raphaël will be interested to see this!

Changed in maas:
status: New → Triaged
importance: Undecided → Medium
tags: added: dns
Revision history for this message
LaMont Jones (lamont) wrote :

See also https://www.ietf.org/rfc/rfc2317.txt for a very nice (still current best practice 16 years later) writeup on how to handle zones smaller than /24.

If you guys have any other DNS questions, feel free to ask me, or one of the other admins.

Revision history for this message
Mike Pontillo (mpontillo) wrote :

Thanks to LaMont's recent work on this for MAAS-next, we have the opportunity to backport this fix to 1.9.0 before the codebase diverges too much.

Changed in maas:
milestone: none → 1.9.0
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Hi Guys,

This is more of a feature request rather than a proper bug fix. This would change the behavior of 1.9, and as such, it is not back portable.

no longer affects: maas/1.9
Revision history for this message
Blake Rouse (blake-rouse) wrote :

This is being hit by users. I think we should fix this in 1.9.1.

Revision history for this message
LaMont Jones (lamont) wrote :

This will also entail adding a field to Subnet (default=True, changable via the api, but we won't clutter the web UI with it) to also be authoritative for the parent /24 zone and generate glue for the /{25..30} rfc2317 zone.

Revision history for this message
LaMont Jones (lamont) wrote :

As the change was implemented in 2.0, backporting it to 1.9 would require a data migration in 1.9, which we need to avoid.

As such, if we ever do backport this to 1.9, we'll probably need assume rdns_mode=Enabled in the code, and if the admin wants rdns_mode=rfc2317_glue (the 2.0 default), then he will need to create the parent /24 subnet in maas, so that we generate that zone (and the glue that lives therein)

Andres Rodriguez (andreserl)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.