[Freeipa-users] Correct *usage* for round-robin DNS srv records
Martin Basti
mbasti at redhat.com
Wed Jul 23 14:28:43 UTC 2014
On 23/07/14 15:50, Mark Heslin wrote:
> Martin, Petr,
>
> Thanks for helping me sort through the syntax. I have the entries
> added properly:
>
> # ipa dnsrecord-show example.com _foo.tcp
> Record name: _foo.tcp
> SRV record: 0 0 53 foo1.example.com., 0 0 53 foo2.example.com.
>
> # host -t srv _foo.tcp
> _foo.tcp.example.com has SRV record 0 0 53 foo2.example.com.
> _foo.tcp.example.com has SRV record 0 0 53 foo1.example.com.
>
> but how to I actually use the entry?
>
> # nslookup _foo.tcp
> Server: 10.19.140.101
> Address: 10.19.140.101#53
>
> *** Can't find _foo.tcp: No answer
>
> # nslookup _foo.tcp.example.com.
> Server: 10.19.140.101
> Address: 10.19.140.101#53
>
> *** Can't find _foo.tcp.example.com.: No answer
>
> # ping _foo.tcp
> ping: unknown host _foo.tcp
Hi,
try to use dig,
https://library.linode.com/linux-tools/common-commands/dig
dig srv _foo.tcp.example.com.
>
> The point of this is to create a front-end to balance requests from
> OpenShift clients
> across a set of OpenShift brokers. Host "foo" would alternate across
> the first broker
> (foo1) and second broker (foo2).
>
> -m
>
>
>
>
> On 07/22/2014 08:06 AM, Mark Heslin wrote:
>> On 07/22/2014 08:00 AM, Mark Heslin wrote:
>>> Martin, Petr,
>>>
>>> I didn't see that missing dot "." - good catch. As always the devil
>>> is in the details :-)
>>>
>>> Two follow up questions:
>>>
>>> 1. I've set the priority and weighting equally here but I will add
>>> a third host
>>> so would it make sense to just set both priority and weight to
>>> "0" for all three hosts?:
>>>
>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>>> foo1.example.com."
>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>>> foo2.example.com."
>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 0 53
>>> foo3.example.com."
>>>
>>> 2. To Petr's point about registering the "_foo.tcp" service. By
>>> definition this isn't really
>>> a true "service" and more like "CNAME with benefits". (Sorry,
>>> couldn't resist the bad dating reference ;-))
>>> Do I actually still need to add this to /etc/services? If so,
>>> then I'd have to do that for
>>> all hosts in the environment, IdM servers, clients, etc.,
>>> correct?
>>>
>>> Truth be told, this is just being used for an alternative to a
>>> true h/w, s/w load balancer
>>> for demonstration purposes so I'm sure adding it to the
>>> services file makes sense.
>>
>> Gah! I meant to say I'm *not* sure adding it to the services file
>> makes sense.
>>
>>
>>>
>>> Thank you both!
>>>
>>> -m
>>>
>>>
>>>
>>>
>>> On 07/22/2014 03:16 AM, Petr Spacek wrote:
>>>> On 22.7.2014 00:13, Mark Heslin wrote:
>>>>> Hi All,
>>>>>
>>>>> I had some off-list exchanges with Petr Spacek on this but am
>>>>> still trying to
>>>>> work out the correct syntax.
>>>>> I have 2 hosts:
>>>>>
>>>>> - foo1.example.com
>>>>> - foo2.example.com
>>>>>
>>>>> and would like to create a round-robin DNS srv record for both called
>>>>> foo.example.com
>>>>>
>>>>> I already have DNS entries for both hosts in IPA:
>>>>>
>>>>> # ipa dnsrecord-show example.com foo1
>>>>> Record name: foo1
>>>>> A record: 10.0.0.1
>>>>> # ipa dnsrecord-show example.com foo2
>>>>> Record name: foo2
>>>>> A record: 10.0.0.2
>>>>>
>>>>> I'd like to get the correct syntax for adding the srv record for foo.
>>>>> My understanding is that it should be something like this:
>>>>>
>>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>>>> foo1.example.com"
>>>>> Record name: _foo.tcp
>>>>> SRV record: 0 50 53 foo1.example.com
>>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>>>> foo2.example.com"
>>>>> Record name: _foo.tcp
>>>>> SRV record: 0 50 53 foo2.example.com
>>>>>
>>>>> which seemed to be added ok but on second glance I think not:
>>>>>
>>>>> # host -t srv _foo.tcp.example.com
>>>>> _foo.tcp..example.com has SRV record 0 50 53
>>>>> foo1.example.com.example.com.
>>>>> _foo.tcp..example.com has SRV record 0 50 53
>>>>> foo2.example.com.example.com.
>>>>>
>>>>> In looking over the description of rfc2782
>>>>> <http://en.wikipedia.org/wiki/SRV_record> it appears the IPA
>>>>> syntax is a
>>>>> little different,
>>>>
>>>> I don't think so :-)
>>>>
>>>> Please note the trailing dot in "target" part of
>>>> http://en.wikipedia.org/wiki/SRV_record#Record_format.
>>>>
>>>> IPA behaves in the same way as BIND 9: All domain names without
>>>> trailing dot are automatically extended with zone origin, i.e.
>>>> "example.com.".
>>>>
>>>> You have two options:
>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53 foo1"
>>>> (DNS server will automatically append "example.com.")
>>>>
>>>> or
>>>>
>>>> # ipa dnsrecord-add example.com _foo.tcp --srv-rec="0 50 53
>>>> foo1.example.com."
>>>> (please note the trailing dot)
>>>>
>>>>
>>>>
>>>> Another note is about "_foo". "foo" should be "service name"
>>>> according to
>>>> http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
>>>>
>>>>
>>>> It will probably not cause any problems if you invent your own name
>>>> (preferably prefixed with x- to avoid collisions in future, e.g.
>>>> "_x-foo"), but it will not hurt you if you register your protocol
>>>> into the registry :-)
>>>> See http://tools.ietf.org/html/rfc6335
>>>>
>>>>> and the documentation is scarce so admittedly I'm taking a swag at
>>>>> this ;-)
>>>>>
>>>>> I can do this fine without srv but don't have enough familiarity
>>>>> with DNS srv
>>>>> here.
>>>>> Can anyone help clarify what I'm missing? I'd like to have equal
>>>>> weighting,
>>>>> priority
>>>>> to both hosts - I'm assuming the port (53) is correct for DNS here
>>>>> as well.
>>>> What are you trying to achieve? The port number refers to port used
>>>> by your application, not to DNS.
>>>>
>>>
>>>
>>
>>
>
>
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140723/821d9af3/attachment.htm>
More information about the Freeipa-users
mailing list