MaaS DNS and OpenStack Designate


#1

Hey guys,

I’m currently using MaaS 2.5 to deploy Machines that are being used by OpenStack Ansible.

Thing is, currently, my lab have two separated DNS servers, the MaaS DNS and the Bind9 that OpenStack Designate manages.

I’m wondering here if there is a way to manage MaaS DNS domains via DynDNS (with rndc.key) from an external agent, like Designate.

If yes, any doc about it / best practices?

Cheers!


#2

With regards to your actual question, as far as I am aware there is no way to configure the MAAS DNS server for dynamic DNS updates from an arbitrary client. Secondly as far as I am aware there is no way to configure the MAAS DNS server to look for specific domains at an alternative location (e.g. to tell it that openstack.corp can be found at 192.168.1.1 - your designate DNS server).

To provide you with a solution, generally speaking what you should be doing is using a public domain name for your designate environment that is publicly resolvable. Your designate bind servers would have a real public IP, your domain name (or sub-domain delegation to the designate nameserver) would exist on the internet DNS root servers. In this way, MAAS will be able to resolve the designate names just fine as anyone else would be able to.

If you are planning instead to have designate manage a private domain (that doesn’t really exist), or to have private IPs that are not publicly routable, this solution can still work.

The first part is whether your domain name really exists or not. If you use a real domain name, you can still delegate it to nameservers that have private IP addresses. As long as the DNS resolver/caching nameserver is on your internal network it will happily traverse down and request the record for the “real” domain name from an internal IP that is not routable. The only requirement is that the caching DNS server is inside your network and is not configured to use an “upstream” DNS resolver that is outside of your network. The last DNS server that has no “upstream” configured does the actual DNS queries itself, so as long as it can access both the public internet and your internal nameserver IPs then you are good to go.

The second part is if your domain name does not really exist, e.g. you plan to use a name such as ‘mycompany.corp’. In this case there is no way to configure the MAAS DNS server to ‘override’ the server for this domain to be at a specific IP. In this scenario, what you need to do is configure your own company DNS server somewhere outside of your MAAS/OpenStack environment. This DNS server (which can be any software you like) would be setup to act as a caching nameserver like normal, and you would then configure and override and tell it that ‘mycompany.corp’ and/or any other domain names that live inside of your designate service exist at the IP of your designate nameservers. This would bypass the normal lookup through the internet root servers, which would not know about this ‘private’ domain name. You would then configure the MAAS DNS server to use this resolver as an ‘upstream’ DNS server, and you would also configure your OpenStack networks to do the same, so that your openstack tenants can also resolve these DNS names.

Hope that helps… if I didn’t cover your specific case please feel free to describe it in more detail and I would be happy to try and clarify further.