[Freeipa-users] Correct *usage* for round-robin DNS srv records
Mark Heslin
mheslin at redhat.com
Wed Jul 23 13:50:36 UTC 2014
Martin, Petr,
Thanks for helping me sort through the syntax. I have the entries added
properly:
# ipa dnsrecord-show example.com _foo.tcp
Record name: _foo.tcp
SRV record: 0 0 53 foo1.example.com., 0 0 53 foo2.example.com.
# host -t srv _foo.tcp
_foo.tcp.example.com has SRV record 0 0 53 foo2.example.com.
_foo.tcp.example.com has SRV record 0 0 53 foo1.example.com.
but how to I actually use the entry?
# nslookup _foo.tcp
Server: 10.19.140.101
Address: 10.19.140.101#53
*** Can't find _foo.tcp: No answer
# nslookup _foo.tcp.example.com.
Server: 10.19.140.101
Address: 10.19.140.101#53
*** Can't find _foo.tcp.example.com.: No answer
# ping _foo.tcp
ping: unknown host _foo.tcp
The point of this is to create a front-end to balance requests from
OpenShift clients
across a set of OpenShift brokers. Host "foo" would alternate across the
first broker
(foo1) and second broker (foo2).
-m
On 07/22/2014 08:06 AM, Mark Heslin wrote:
> On 07/22/2014 08:00 AM, Mark Heslin wrote:
>> Martin, Petr,
>>
>> I didn't see that missing dot "." - good catch. As always the devil
>> is in the details :-)
>>
>> Two follow up questions:
>>
>> 1. I've set the priority and weighting equally here but I will add a
>> third host
>> so would it make sense to just set both priority and weight to
>> "0" for all three hosts?:
>>
>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>> foo1.example.com."
>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>> foo2.example.com."
>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>> foo3.example.com."
>>
>> 2. To Petr's point about registering the "_foo.tcp" service. By
>> definition this isn't really
>> a true "service" and more like "CNAME with benefits". (Sorry,
>> couldn't resist the bad dating reference ;-))
>> Do I actually still need to add this to /etc/services? If so,
>> then I'd have to do that for
>> all hosts in the environment, IdM servers, clients, etc., correct?
>>
>> Truth be told, this is just being used for an alternative to a
>> true h/w, s/w load balancer
>> for demonstration purposes so I'm sure adding it to the
>> services file makes sense.
>
> Gah! I meant to say I'm *not* sure adding it to the services file
> makes sense.
>
>
>>
>> Thank you both!
>>
>> -m
>>
>>
>>
>>
>> On 07/22/2014 03:16 AM, Petr Spacek wrote:
>>> On 22.7.2014 00:13, Mark Heslin wrote:
>>>> Hi All,
>>>>
>>>> I had some off-list exchanges with Petr Spacek on this but am still
>>>> trying to
>>>> work out the correct syntax.
>>>> I have 2 hosts:
>>>>
>>>> - foo1.example.com
>>>> - foo2.example.com
>>>>
>>>> and would like to create a round-robin DNS srv record for both called
>>>> foo.example.com
>>>>
>>>> I already have DNS entries for both hosts in IPA:
>>>>
>>>> # ipa dnsrecord-show example.com foo1
>>>> Record name: foo1
>>>> A record: 10.0.0.1
>>>> # ipa dnsrecord-show example.com foo2
>>>> Record name: foo2
>>>> A record: 10.0.0.2
>>>>
>>>> I'd like to get the correct syntax for adding the srv record for foo.
>>>> My understanding is that it should be something like this:
>>>>
>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>>> foo1.example.com"
>>>> Record name: _foo.tcp
>>>> SRV record: 0 50 53 foo1.example.com
>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>>> foo2.example.com"
>>>> Record name: _foo.tcp
>>>> SRV record: 0 50 53 foo2.example.com
>>>>
>>>> which seemed to be added ok but on second glance I think not:
>>>>
>>>> # host -t srv _foo.tcp.example.com
>>>> _foo.tcp..example.com has SRV record 0 50 53
>>>> foo1.example.com.example.com.
>>>> _foo.tcp..example.com has SRV record 0 50 53
>>>> foo2.example.com.example.com.
>>>>
>>>> In looking over the description of rfc2782
>>>> <http://en.wikipedia.org/wiki/SRV_record> it appears the IPA syntax
>>>> is a
>>>> little different,
>>>
>>> I don't think so :-)
>>>
>>> Please note the trailing dot in "target" part of
>>> http://en.wikipedia.org/wiki/SRV_record#Record_format.
>>>
>>> IPA behaves in the same way as BIND 9: All domain names without
>>> trailing dot are automatically extended with zone origin, i.e.
>>> "example.com.".
>>>
>>> You have two options:
>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53 foo1"
>>> (DNS server will automatically append "example.com.")
>>>
>>> or
>>>
>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>> foo1.example.com."
>>> (please note the trailing dot)
>>>
>>>
>>>
>>> Another note is about "_foo". "foo" should be "service name"
>>> according to
>>> http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
>>>
>>>
>>> It will probably not cause any problems if you invent your own name
>>> (preferably prefixed with x- to avoid collisions in future, e.g.
>>> "_x-foo"), but it will not hurt you if you register your protocol
>>> into the registry :-)
>>> See http://tools.ietf.org/html/rfc6335
>>>
>>>> and the documentation is scarce so admittedly I'm taking a swag at
>>>> this ;-)
>>>>
>>>> I can do this fine without srv but don't have enough familiarity
>>>> with DNS srv
>>>> here.
>>>> Can anyone help clarify what I'm missing? I'd like to have equal
>>>> weighting,
>>>> priority
>>>> to both hosts - I'm assuming the port (53) is correct for DNS here
>>>> as well.
>>> What are you trying to achieve? The port number refers to port used
>>> by your application, not to DNS.
>>>
>>
>>
>
>
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
More information about the Freeipa-users
mailing list