cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Lee Green <eric.lee.gr...@gmail.com>
Subject DNS quit working when I updated to 4.11.2
Date Fri, 24 May 2019 00:15:13 GMT
I had this working under 4.9. All I did was, on my main BIND9 servers, 
point a forward zone at 'cloud.<mydomain>.com' to the virtual router 
associated with all VM's that were publicly available. I could then 
resolve all foo.cloud.<mydomain>.com names on my global network.

Somehow, though, this quit working after I updated to 4.11. I'm not 
quite sure why.

The 'Guest Network' is defined with domain 'cloud.mydomain.com'.

Okay, so my router for the 'Guest Network' advanced networking is 
located at 10.102.199.148. In my master BIND9 DNS server at 10.31.1.2 I 
have this:
zone "cloud.mydomain.com" IN {
    type forward;
    forward only;
    forwarders {
         10.102.199.148;
     };
};

If I send a NAMED request directly to the virtual router while logged 
into my main name server, it works:

[root@ypbind ~]# host eric-gui.cloud.mydomain.com 10.102.199.148
Using domain server:
Name: 10.102.199.148
Address: 10.102.199.148#53
Aliases:

eric-gui.cloud.mydomain.com has address 10.102.199.234

If I try to use the name server however, it doesn't work:

[root@ypbind logs]# host eric-gui.cloud.mydomain.com
Host eric-gui.cloud.viakoo.com not found: 3(NXDOMAIN)

I'm baffled, because this *was* working.

So I disabled any dnssec in the {options} on bind9  and gave all 
permissions to see if that was the problem (note that this is internal 
to my infrastructure, so DNS amplification isn't an issue):

         dnssec-enable no;
         dnssec-validation no;
         dnssec-lookaside auto;
         recursion yes;
         allow-recursion { any; };
         allow-query { any; };
         allow-query-cache { any; };user

Still nope. Still baffled.

Anybody got any clues as to what I may be doing wrong? I'm thinking it 
has to be on the BIND9 side, because I can resolve the host name if I 
talk to the virtual router directly, but for some reason it's not 
allowing me to get any records from the router.

Right now I've temporarily worked around this with a script that 
directly queries the MySQL database every few minutes and generates a 
revised zone file on my master DNS server when the list of virtual 
machines queried out of the database changes, but that's clearly not the 
right way to do it. The question is, what *is* the right way to do it?

-Eric



Mime
View raw message