Managing DNS records and multiple domains for machines

Features
1

Hey folks, I was hoping for some input on a case of managing DNS records and multiple domains for machines.

Setup

Machine:

  • machine1
    • eth1 - subnet1 - 10.0.10.10 (PXE)
    • eth2 - subnet2 - 10.0.20.20

Domains:

  • example1.com (default)
  • example2.com

Subnets:

  • subnet1 - 10.0.10.0/24 (PXE)
  • subnet2 - 10.0.20.0/24

Per 2.9.2, deploying a machine generates the following DNS records:

  • A record - machine1.example1.com -> eth1 - subnet1 - 10.0.10.10 (PXE)
  • PTR record - 10.0.10.10 -> machine1.example1.com
  • A record - eth2.machine1.example1.com -> eth2 - subnet2 - 10.0.20.20
  • PTR record - 10.0.20.20 -> eth2.machine1.example1.com

Problem

I want to create an A record and corresponding PTR record for this machine in the other non-default domain, example2.com:

  • A record - machine1.example2.com -> eth2 - subnet2 - 10.0.20.20
  • PTR record - 10.0.20.20 -> machine1.example2.com

Creating this A record in MAAS works, however the PTR record won’t be automatically generated because it already has the following PTR record for the automatically generated interface.hostname.domain record:

  • PTR record - 10.0.20.20 -> eth2.machine1.example1.com

I know it’s possible to disable the generation of PTR records in specific subnets (see lp#1634294), but that does not help as I do want PTR records.

Questions

  1. Is there any way to disable the automatic generation of these interface.hostname.domain records?
  2. Is there any way to map interfaces/subnets to different/multiple domains?
  3. If I want to handle DNS somewhere else, how do I run pre/post machine deployment scripts on a MAAS controller so it can call the DNS API? (I saw the feature suggestion for Pre/Post deployment script and asked for status but haven’t heard back)
  4. Any other ideas/suggestions on how to approach this?
2

Hi there,
So to answer your questions:

  1. You mean disable altogether? If MAAS is not authoritative, then the records will not be generated, otherwise, as you mentioned, it can be disabled by subnet.

  2. This would require DNS views to provide different answers for the same record based on querying client’s info, which is not something MAAS currently supports.

  3. In order to do this, you’ll have to configure MAAS’ DNS to be recursive, and forward to another DNS server. Regarding the pre/post deployment scripts, that isn’t planned for the current or upcoming release, but you may be able to use cloud-init in this case to call out to the external DNS server on startup.

  4. For this particular case, I believe having MAAS forward queries to an external authoritative DNS server and having cloud-init create or update records via runcmd should address this.

3

Hi @cgrabowski, thanks for your answers.

  1. No, I am just asking about the possibility of disabling the generation of the interface.hostname.domain records (ex. eth2.machine1.example1.com). Is that possible?
  2. Having a single mapping of a domain to a subnet/space/vlan might not require different answers depending on clients. For example, if subnet2 was mapped to domain2.example.com and a machine deployed with the interface eth2 in subnet2 could then also generate the record machine1.domain2.com. Can I create a separate feature request for this?
  3. As others have mentioned in the post, using cloud-init on the machine is unfortunately not something we can nor want to use as there are network access restrictions and having DNS credentials on each host is not desirable. It also doesn’t allow for any clean up hooks when releasing machines.
  4. See 3.
4

To follow up:

  1. You cannot disable only the generation of those records, record generation can be disabled either by DNS zone or altogether, currently.
  2. So a different DNS zone for record generation per subnet/space/vlan? Yes, that could be a separate feature request.