[Freeipa-users] Correct syntax for round-robin DNS srv records
Mark Heslin
mheslin at redhat.com
Tue Jul 22 12:00:50 UTC 2014
Martin, Petr,
I didn't see that missing dot "." - good catch. As always the devil is
in the details :-)
Two follow up questions:
1. I've set the priority and weighting equally here but I will add a
third host
so would it make sense to just set both priority and weight to
"0" for all three hosts?:
# ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
foo1.example.com."
# ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
foo2.example.com."
# ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
foo3.example.com."
2. To Petr's point about registering the "_foo.tcp" service. By
definition this isn't really
a true "service" and more like "CNAME with benefits". (Sorry,
couldn't resist the bad dating reference ;-))
Do I actually still need to add this to /etc/services? If so,
then I'd have to do that for
all hosts in the environment, IdM servers, clients, etc., correct?
Truth be told, this is just being used for an alternative to a
true h/w, s/w load balancer
for demonstration purposes so I'm sure adding it to the services
file makes sense.
Thank you both!
-m
On 07/22/2014 03:16 AM, Petr Spacek wrote:
> On 22.7.2014 00:13, Mark Heslin wrote:
>> Hi All,
>>
>> I had some off-list exchanges with Petr Spacek on this but am still
>> trying to
>> work out the correct syntax.
>> I have 2 hosts:
>>
>> - foo1.example.com
>> - foo2.example.com
>>
>> and would like to create a round-robin DNS srv record for both called
>> foo.example.com
>>
>> I already have DNS entries for both hosts in IPA:
>>
>> # ipa dnsrecord-show example.com foo1
>> Record name: foo1
>> A record: 10.0.0.1
>> # ipa dnsrecord-show example.com foo2
>> Record name: foo2
>> A record: 10.0.0.2
>>
>> I'd like to get the correct syntax for adding the srv record for foo.
>> My understanding is that it should be something like this:
>>
>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>> foo1.example.com"
>> Record name: _foo.tcp
>> SRV record: 0 50 53 foo1.example.com
>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>> foo2.example.com"
>> Record name: _foo.tcp
>> SRV record: 0 50 53 foo2.example.com
>>
>> which seemed to be added ok but on second glance I think not:
>>
>> # host -t srv _foo.tcp.example.com
>> _foo.tcp..example.com has SRV record 0 50 53
>> foo1.example.com.example.com.
>> _foo.tcp..example.com has SRV record 0 50 53
>> foo2.example.com.example.com.
>>
>> In looking over the description of rfc2782
>> <http://en.wikipedia.org/wiki/SRV_record> it appears the IPA syntax is a
>> little different,
>
> I don't think so :-)
>
> Please note the trailing dot in "target" part of
> http://en.wikipedia.org/wiki/SRV_record#Record_format.
>
> IPA behaves in the same way as BIND 9: All domain names without
> trailing dot are automatically extended with zone origin, i.e.
> "example.com.".
>
> You have two options:
> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53 foo1" (DNS
> server will automatically append "example.com.")
>
> or
>
> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
> foo1.example.com."
> (please note the trailing dot)
>
>
>
> Another note is about "_foo". "foo" should be "service name" according to
> http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
>
>
> It will probably not cause any problems if you invent your own name
> (preferably prefixed with x- to avoid collisions in future, e.g.
> "_x-foo"), but it will not hurt you if you register your protocol into
> the registry :-)
> See http://tools.ietf.org/html/rfc6335
>
>> and the documentation is scarce so admittedly I'm taking a swag at
>> this ;-)
>>
>> I can do this fine without srv but don't have enough familiarity with
>> DNS srv
>> here.
>> Can anyone help clarify what I'm missing? I'd like to have equal
>> weighting,
>> priority
>> to both hosts - I'm assuming the port (53) is correct for DNS here as
>> well.
> What are you trying to achieve? The port number refers to port used by
> your application, not to DNS.
>
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
More information about the Freeipa-users
mailing list