Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Josh we will investigate the area. Unless you sign a contributors agreemen,t we cannot use you code. Here are the details. https://sourceforge.net/p/xcat/wiki/XCAT_Developer_Guide/#contributor-and-maintainer-agreements Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net, Lissa Valletta/Poughkeepsie/IBM@IBMUS, w...@cn.ibm.com Date: 10/03/2014 03:05 PM Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e Lissa / Xiao, I may have possibly discovered a bug(?) in ddns.pm, unless it is a print formatting issue. I traced the autovivification of the $ctx hash in ddns.pm throughout the code, and then wrote a few lines of test code to descend into all the hash values of $ctx and print them out (prefixed with the string CTX Key/Value). For $ctx-{resolver} the value looks like it may not have executed the Net::DNS::Resolver Perl call correctly, and instead treated the Net::DNS::Resolver function as a literal string (and what caught my eye is that the string has a space between the two colons after Net (e.g. Net: :). Here is what my code printed for the key/value of $ctx- {resolver}: CTX Key/Value ||resolver|| = Net: :DNS::Resolver=HASH(0x2ca6b08) Maybe the actual Perl module call Net: :DNS::Resolver is meant to be literally placed in the value of the $ctx_{resolver} though, so I may be mistaken. By contrast, however, some of the other key/value pairs under $ctx looked like this: CTX Key/Value ||domain|| = morgan.haib.org CTX Key/Value ||forwarders|| = ARRAY(0x2b9b2d8) ||forwarders|| (ARRAY VALUE) 172.24.12.1 ||forwarders|| (ARRAY VALUE) 172.24.12.2 The relevant code on line 723 of ddns.pm is: if ($external) { # based on /etc/resolv.conf $ctx-{resolver} = Net::DNS::Resolver-new(); } else { # default to localhost $ctx-{resolver} = Net::DNS::Resolver-new(nameservers= ['127.0.0.1']); } my $ret = add_or_delete_records($ctx); unless($ret) { xCAT::SvrUtils::sendmsg(DNS setup is completed, $callback); } Is the value of $ctx-{resolver} normally supposed to be Net::DNS::Resolver=HASH(0x2ca6b08) (once I remove the whitespace between the two colons)? Or is it not supposed to include the Perl module call? Regards, Josh On Thu, Oct 2, 2014 at 1:47 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Okay, so I moved to an RPM based install of BIND instead of from source and the problem did not go away. My setup is that I am using a development machine which I exported the current xCAT settings that are on my iDataPlex headnode to that dev VM which I installed xCAT on (definitely a newer version on the VM than the headnode) and when I first ran restorexCATdb I got errors when running 'makedns' which said: Ignoring host node0014, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver. I thought: That's odd, because the network definition looks fine to me and I don't see why xCAT would change it between versions. On the headnode the networks database looks like this for the relevant network (compute) a secondary network (I snipped out the other entries): #netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254 10gig,10.60.0.0,255.255.0.0,,10.20.0.1,, When I restored the tables on the dev VM it would fail to parse compute but not for 10gig (the only obvious difference being that 10gig had less fields filled in). I modified the ddns.pm code to echo messages when parsing the networks to determine what was going on, and once I discovered that it liked 10gig but not compute I deleted all the extra fields in compute to make it match 10gig and suddenly it would parse. Maybe it has to do with the dynamicrange field in the networks definition? Below are my code modifications (just adding sendmsg commands) and the corresponding output from a test execution: # exclude the nodes not belong to any nets defined in networks table # because only the nets defined in networks table will be add # zones later. my $found = 0; foreach (@networks) { xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback); xCAT::SvrUtils::sendmsg(MASK is $_-{mask} , $callback); xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} , $callback); if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask}, $_-{net})) { $found = 1;
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Lissa / Xiao, I may have possibly discovered a bug(?) in ddns.pm, unless it is a print formatting issue. I traced the autovivification of the $ctx hash in ddns.pm throughout the code, and then wrote a few lines of test code to descend into all the hash values of $ctx and print them out (prefixed with the string CTX Key/Value). For $ctx-{resolver} the value looks like it may not have executed the Net::DNS::Resolver Perl call correctly, and instead treated the Net::DNS::Resolver function as a literal string (and what caught my eye is that the string has a space between the two colons after Net (e.g. Net: :). Here is what my code printed for the key/value of $ctx-{resolver}: CTX Key/Value ||resolver|| = Net: :DNS::Resolver=HASH(0x2ca6b08) Maybe the actual Perl module call Net: :DNS::Resolver is meant to be literally placed in the value of the $ctx_{resolver} though, so I may be mistaken. By contrast, however, some of the other key/value pairs under $ctx looked like this: CTX Key/Value ||domain|| = morgan.haib.org CTX Key/Value ||forwarders|| = ARRAY(0x2b9b2d8) ||forwarders|| (ARRAY VALUE) 172.24.12.1 ||forwarders|| (ARRAY VALUE) 172.24.12.2 The relevant code on line 723 of ddns.pm is: if ($external) { # based on /etc/resolv.conf $ctx-{resolver} = Net::DNS::Resolver-new(); } else { # default to localhost $ctx-{resolver} = Net::DNS::Resolver-new(nameservers=['127.0.0.1']); } my $ret = add_or_delete_records($ctx); unless($ret) { xCAT::SvrUtils::sendmsg(DNS setup is completed, $callback); } Is the value of $ctx-{resolver} normally supposed to be Net::DNS::Resolver=HASH(0x2ca6b08) (once I remove the whitespace between the two colons)? Or is it not supposed to include the Perl module call? Regards, Josh On Thu, Oct 2, 2014 at 1:47 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Okay, so I moved to an RPM based install of BIND instead of from source and the problem did not go away. My setup is that I am using a development machine which I exported the current xCAT settings that are on my iDataPlex headnode to that dev VM which I installed xCAT on (definitely a newer version on the VM than the headnode) and when I first ran restorexCATdb I got errors when running 'makedns' which said: *Ignoring host node0014, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver*. I thought: That's odd, because the network definition looks fine to me and I don't see why xCAT would change it between versions. On the headnode the networks database looks like this for the relevant network (compute) a secondary network (I snipped out the other entries): #netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254 10gig,10.60.0.0,255.255.0.0,,10.20.0.1,, When I restored the tables on the dev VM it would fail to parse compute but not for 10gig (the only obvious difference being that 10gig had less fields filled in). I modified the ddns.pm code to echo messages when parsing the networks to determine what was going on, and once I discovered that it liked 10gig but not compute I deleted all the extra fields in compute to make it match 10gig and suddenly it would parse. Maybe it has to do with the dynamicrange field in the networks definition? Below are my code modifications (just adding sendmsg commands) and the corresponding output from a test execution: # exclude the nodes not belong to any nets defined in networks table # because only the nets defined in networks table will be add # zones later. my $found = 0; foreach (@networks) { xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback); xCAT::SvrUtils::sendmsg(MASK is $_-{mask} , $callback); xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} , $callback); if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask}, $_-{net})) { $found = 1; xCAT::SvrUtils::sendmsg(Found! , $callback); } else { xCAT::SvrUtils::sendmsg(Not Found! , $callback); } } if ($found) { push @nodes,$node; $ctx-{nodeips}-{$node}-{$addr}=1; } else { unless ($node =~ /localhost/) { xCAT::SvrUtils::sendmsg(:Ignoring host $node, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver., $callback);
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Okay, so I moved to an RPM based install of BIND instead of from source and the problem did not go away. My setup is that I am using a development machine which I exported the current xCAT settings that are on my iDataPlex headnode to that dev VM which I installed xCAT on (definitely a newer version on the VM than the headnode) and when I first ran restorexCATdb I got errors when running 'makedns' which said: *Ignoring host node0014, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver*. I thought: That's odd, because the network definition looks fine to me and I don't see why xCAT would change it between versions. On the headnode the networks database looks like this for the relevant network (compute) a secondary network (I snipped out the other entries): #netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254 10gig,10.60.0.0,255.255.0.0,,10.20.0.1,, When I restored the tables on the dev VM it would fail to parse compute but not for 10gig (the only obvious difference being that 10gig had less fields filled in). I modified the ddns.pm code to echo messages when parsing the networks to determine what was going on, and once I discovered that it liked 10gig but not compute I deleted all the extra fields in compute to make it match 10gig and suddenly it would parse. Maybe it has to do with the dynamicrange field in the networks definition? Below are my code modifications (just adding sendmsg commands) and the corresponding output from a test execution: # exclude the nodes not belong to any nets defined in networks table # because only the nets defined in networks table will be add # zones later. my $found = 0; foreach (@networks) { xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback); xCAT::SvrUtils::sendmsg(MASK is $_-{mask} , $callback); xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} , $callback); if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask}, $_-{net})) { $found = 1; xCAT::SvrUtils::sendmsg(Found! , $callback); } else { xCAT::SvrUtils::sendmsg(Not Found! , $callback); } } if ($found) { push @nodes,$node; $ctx-{nodeips}-{$node}-{$addr}=1; } else { unless ($node =~ /localhost/) { xCAT::SvrUtils::sendmsg(:Ignoring host $node, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver., $callback); } } --- My test run: # makedns -e node0014 Handling node0014 in /etc/hosts. ADDR is 10.20.101.14 MASK is NETWORK is Not Found! ADDR is 10.20.101.14 MASK is NETWORK is Not Found! ADDR is 10.20.101.14 MASK is 255.255.0.0 NETWORK is 10.40.0.0 Not Found! ADDR is 10.20.101.14 MASK is 255.255.0.0 NETWORK is 10.20.0.0 Found! - ADDR is 10.20.101.14 MASK is 255.255.0.0 NETWORK is 10.60.0.0 Not Found! - As you can see, some other networks are being parsed as blank (the first two encountered in the foreach loop) but after I modified the compute/ 10.20.0.0 network then it printed finally my Found! message (perviously it was also parsing as blank). I suspect that there are other lurking problems in the tables between the two xCAT versions due to the backup/restore of the databases which might be causing this problem. I'm not sure how to address this without a full reinstall from scratch for xCAT if a backup/restore between versions is not possible/compatible. I'm exploring alternatives though. Regards, Josh On Wed, Oct 1, 2014 at 10:45 AM, Josh Nielsen jniel...@hudsonalpha.org wrote: So I'm thinking that either: A) My DNS server (BIND) is somehow misconfigured (which may include some bug when BIND is compiled from the latest source) - even though the keys obviously work in some instances and I am indeed getting partial remote updates successfully. - OR - B) There is a bug in makedns or the underlying config/tools it uses on the OS. Possibly there was some unclean transfer or mismatch of settings when I used dumpxCATdb/restorexCATdb, even though I updated the site table and have my resolv.conf pointing only to the external DNS server. Even so, as I pointed out, some of the entries are being correctly sent with the key, but I am occasionally seeing request is not signed for some requests OR I am not seeing the request for a forward lookup entry at all (which is
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
So I'm thinking that either: A) My DNS server (BIND) is somehow misconfigured (which may include some bug when BIND is compiled from the latest source) - even though the keys obviously work in some instances and I am indeed getting partial remote updates successfully. - OR - B) There is a bug in makedns or the underlying config/tools it uses on the OS. Possibly there was some unclean transfer or mismatch of settings when I used dumpxCATdb/restorexCATdb, even though I updated the site table and have my resolv.conf pointing only to the external DNS server. Even so, as I pointed out, some of the entries are being correctly sent with the key, but I am occasionally seeing request is not signed for some requests OR I am not seeing the request for a forward lookup entry at all (which is what happened the first few times I tried). I just can't tell whether it is a sending problem (makedns/nsupdate) or a receiving problem (external BIND server). -Josh On Tue, Sep 30, 2014 at 10:29 AM, Josh Nielsen jniel...@hudsonalpha.org wrote: Xiao, For some additional details I am running BIND 9.10.0-P2 which I compiled from source. I used --enable-largefile which specfies 64-bit file support but I noticed this in the kernel boot messages in /var/log/messages: Sep 29 11:25:25 dns01 kernel: warning: `named' uses 32-bit capabilities (legacy support in use) When I start named in the foreground here are the first few lines, where you can see my compile options and a few things about startup: 30-Sep-2014 09:59:20.672 built with '--prefix=/opt/bind9' '--sysconfdir=/etc' '--with-gtest' '--with-log4cplus=/opt/log4cplus' '--with-pythonpath=/usr/bin/python' '--localstatedir=/var' '--mandir=/usr/share/man' '--enable-threads' '--enable-largefile' '--with-libtool' '--disable-static' '--with-openssl' 30-Sep-2014 09:59:20.672 30-Sep-2014 09:59:20.672 BIND 9 is maintained by Internet Systems Consortium, 30-Sep-2014 09:59:20.672 Inc. (ISC), a non-profit 501(c)(3) public-benefit 30-Sep-2014 09:59:20.672 corporation. Support and training for BIND 9 are 30-Sep-2014 09:59:20.672 available at https://www.isc.org/support 30-Sep-2014 09:59:20.672 30-Sep-2014 09:59:20.672 adjusted limit on open files from 4096 to 1048576 30-Sep-2014 09:59:20.672 found 1 CPU, using 1 worker thread 30-Sep-2014 09:59:20.672 using 1 UDP listener per interface 30-Sep-2014 09:59:20.672 using up to 4096 sockets 30-Sep-2014 09:59:20.672 Registering DLZ_dlopen driver 30-Sep-2014 09:59:20.672 Registering SDLZ driver 'dlopen' 30-Sep-2014 09:59:20.672 Registering DLZ driver 'dlopen' 30-Sep-2014 09:59:20.676 decrement_reference: delete from rbt: 0x7ff551ecd148 . 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: created 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -3 for socket 20 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -2 for socket -1 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: socket_recv: event 0x7ff551ee0010 - task 0x7ff551ed9250 30-Sep-2014 09:59:20.678 loading configuration from '/etc/named.conf' 30-Sep-2014 09:59:20.679 reading built-in trusted keys from file '/etc/bind.keys' I've been planning to move to an RPM based installation rolled out with CentOS but was testing with a source install first. Does any of this look like a likely culprit for the problems I'm seeing? Thanks, Josh On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote: Then, in this case, did you check the 'allow of key xcat_key' has been set correctly in name.conf for zone morgan.haib.org? And did you see any useful message for this error in the syslog of external server? Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 [image: Inactive hide details for Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server working: partly. For some]Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server working: partly. For some very odd reason the external DNS serv From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/30 06:49 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e -- Okay, I have the external DNS server working: partly. For some very odd reason the external DNS server is only receiving the request to enter the reverse lookup for a new node (ex: makedns -e node0014), but does not even attempt to add the forward lookup zone. I see the key authorization passed successfully for the reverse entry, so there are no authentication
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Hi Xiao, Here is the relevant zone: zone morgan.haib.org in { type master; file morgan/db.morgan.haib.org; allow-transfer { 10.20.0.100/32; 10.20.0.101/32; }; allow-update { key xcat_key; }; notify yes; }; Its allow-update looks the same as the one for zone 20.10.IN-ADDR.ARPA. I saw no messages in /var/log/messages concerning named. But I did just try it again this morning and the opposite happened: 'morgan.haib.org' updated but 20.10.IN-ADDR.ARPA. did not. So the issue is very inconsistent, other than that one of the two entries gets omitted. See below (which I have shortened some), and notice where it says request is not signed for the 20.10 zone, but it signed (this time!) the morgain.haib.org zone: 0-Sep-2014 10:01:39.446 socket 0x7ff551edebc8 172.26.42.60#58640: packet received correctly 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: UDP request 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: using view '_default' 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: request is not signed 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: recursion available 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: query 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): query '20.10.IN-ADDR.ARPA/NS/IN' approved 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): send 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): sendto 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): senddone 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): next 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0 30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): endrequest 30-Sep-2014 10:01:39.446 client @0x7ff5480d7710: udprecv ... ... 30-Sep-2014 10:01:39.454 socket 0x7ff551edebc8 172.26.42.60#42345: packet received correctly 30-Sep-2014 10:01:39.454 client 172.26.42.60#42345: UDP request 30-Sep-2014 10:01:39.454 client 172.26.42.60#42345: using view '_default' 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345: request has valid signature: xcat_key 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: recursion available 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: update 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: ns_client_attach: ref = 1 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': prerequisites are OK 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: signer xcat_key approved 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: update 'morgan.haib.org/IN' approved 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': update section prescan OK 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': adding an RR at 'node0014.morgan.haib.org' A 10.20.101.14 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': checking for NSEC3PARAM changes 30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': writing journal morgan/db.morgan.haib.org.jnl 30-Sep-2014 10:01:39.455 writing to journal 30-Sep-2014 10:01:39.455 del morgan.haib.org. 86400 IN SOA dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012080935 10800 3600 604800 86400 30-Sep-2014 10:01:39.455 add morgan.haib.org. 86400 IN SOA dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012080936 10800 3600 604800 86400 30-Sep-2014 10:01:39.455 add node0014.morgan.haib.org. 86400 IN A 10.20.101.14 30-Sep-2014 10:01:39.476 client 172.26.42.60#42345/key xcat_key: updating zone 'morgan.haib.org/IN': committing update transaction 30-Sep-2014 10:01:39.477 zone_needdump: zone morgan.haib.org/IN: enter 30-Sep-2014 10:01:39.477 zone_settimer: zone morgan.haib.org/IN: enter 30-Sep-2014 10:01:39.477 zone_settimer: zone morgan.haib.org/IN: enter I'll send another email with other possibly relevant details to keep this one's length down. -Josh On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote: Then, in this case, did you check the 'allow of key xcat_key' has been set correctly in name.conf for zone morgan.haib.org? And did you see any useful message for this error in the syslog of external server? Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server working: partly. For some very odd reason the external
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Xiao, For some additional details I am running BIND 9.10.0-P2 which I compiled from source. I used --enable-largefile which specfies 64-bit file support but I noticed this in the kernel boot messages in /var/log/messages: Sep 29 11:25:25 dns01 kernel: warning: `named' uses 32-bit capabilities (legacy support in use) When I start named in the foreground here are the first few lines, where you can see my compile options and a few things about startup: 30-Sep-2014 09:59:20.672 built with '--prefix=/opt/bind9' '--sysconfdir=/etc' '--with-gtest' '--with-log4cplus=/opt/log4cplus' '--with-pythonpath=/usr/bin/python' '--localstatedir=/var' '--mandir=/usr/share/man' '--enable-threads' '--enable-largefile' '--with-libtool' '--disable-static' '--with-openssl' 30-Sep-2014 09:59:20.672 30-Sep-2014 09:59:20.672 BIND 9 is maintained by Internet Systems Consortium, 30-Sep-2014 09:59:20.672 Inc. (ISC), a non-profit 501(c)(3) public-benefit 30-Sep-2014 09:59:20.672 corporation. Support and training for BIND 9 are 30-Sep-2014 09:59:20.672 available at https://www.isc.org/support 30-Sep-2014 09:59:20.672 30-Sep-2014 09:59:20.672 adjusted limit on open files from 4096 to 1048576 30-Sep-2014 09:59:20.672 found 1 CPU, using 1 worker thread 30-Sep-2014 09:59:20.672 using 1 UDP listener per interface 30-Sep-2014 09:59:20.672 using up to 4096 sockets 30-Sep-2014 09:59:20.672 Registering DLZ_dlopen driver 30-Sep-2014 09:59:20.672 Registering SDLZ driver 'dlopen' 30-Sep-2014 09:59:20.672 Registering DLZ driver 'dlopen' 30-Sep-2014 09:59:20.676 decrement_reference: delete from rbt: 0x7ff551ecd148 . 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: created 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -3 for socket 20 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -2 for socket -1 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: socket_recv: event 0x7ff551ee0010 - task 0x7ff551ed9250 30-Sep-2014 09:59:20.678 loading configuration from '/etc/named.conf' 30-Sep-2014 09:59:20.679 reading built-in trusted keys from file '/etc/bind.keys' I've been planning to move to an RPM based installation rolled out with CentOS but was testing with a source install first. Does any of this look like a likely culprit for the problems I'm seeing? Thanks, Josh On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote: Then, in this case, did you check the 'allow of key xcat_key' has been set correctly in name.conf for zone morgan.haib.org? And did you see any useful message for this error in the syslog of external server? Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 [image: Inactive hide details for Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server working: partly. For some]Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server working: partly. For some very odd reason the external DNS serv From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/30 06:49 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e -- Okay, I have the external DNS server working: partly. For some very odd reason the external DNS server is only receiving the request to enter the reverse lookup for a new node (ex: makedns -e node0014), but does not even attempt to add the forward lookup zone. I see the key authorization passed successfully for the reverse entry, so there are no authentication issues, and when I try a manual 'nsupdate' it adds the forward lookup definition just fine: # nsupdate -k /etc/rndc.key server [external_dns_ip] prereq nxdomain *node0014.morgan.haib.org* http://node0014.morgan.haib.org/. update add *node0014.morgan.haib.org* http://node0014.morgan.haib.org/. 300 A 10.20.101.14 send It looks like 'makedns -e node0014' is somehow sending ONLY the reverse lookup definition (though this is only a guess). This is what the client sees: [root@JNDev ~]# makedns -e node0014 Handling node0014 in /etc/hosts. Getting reverse zones, this may take several minutes for a large cluster. Completed getting reverse zones. Updating DNS records, this may take several minutes for a large cluster. Error: No reply received when sending DNS update to zone *morgan.haib.org* http://morgan.haib.org/. Completed updating DNS records. It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20' but for the DNS zone '*morgan.haib.org* http://morgan.haib.org/' I see the message: Error: No reply received when sending DNS update to zone
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Then, in this case, did you check the 'allow of key xcat_key' has been set correctly in name.conf for zone morgan.haib.org? And did you see any useful message for this error in the syslog of external server? Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/30 06:49 Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e Okay, I have the external DNS server working: partly. For some very odd reason the external DNS server is only receiving the request to enter the reverse lookup for a new node (ex: makedns -e node0014), but does not even attempt to add the forward lookup zone. I see the key authorization passed successfully for the reverse entry, so there are no authentication issues, and when I try a manual 'nsupdate' it adds the forward lookup definition just fine: # nsupdate -k /etc/rndc.key server [external_dns_ip] prereq nxdomain node0014.morgan.haib.org. update add node0014.morgan.haib.org. 300 A 10.20.101.14 send It looks like 'makedns -e node0014' is somehow sending ONLY the reverse lookup definition (though this is only a guess). This is what the client sees: [root@JNDev ~]# makedns -e node0014 Handling node0014 in /etc/hosts. Getting reverse zones, this may take several minutes for a large cluster. Completed getting reverse zones. Updating DNS records, this may take several minutes for a large cluster. Error: No reply received when sending DNS update to zone morgan.haib.org. Completed updating DNS records. It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20' but for the DNS zone 'morgan.haib.org' I see the message: Error: No reply received when sending DNS update to zone morgan.haib.org. Here is what I see from running named in the foreground when running makedns -e node0014: 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: UDP request 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: using view '_default' 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: request has valid signature: xcat_key 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: recursion available 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: ns_client_attach: ref = 1 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': prerequisites are OK 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: signer xcat_key approved 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update '20.10.IN-ADDR.ARPA/IN' approved 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': update section prescan OK 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': adding an RR at '14.101.20.10.IN-ADDR.ARPA' PTR node0014.morgan.haib.org. 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': checking for NSEC3PARAM changes 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': writing journal morgan/db.10.20.jnl 29-Sep-2014 15:13:07.022 writing to journal 29-Sep-2014 15:13:07.022 del 20.10.IN-ADDR.ARPA. 86400 IN SOA dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072410 10800 3600 604800 86400 29-Sep-2014 15:13:07.022 add 20.10.IN-ADDR.ARPA. 86400 IN SOA dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072411 10800 3600 604800 86400 29-Sep-2014 15:13:07.022 add 14.101.20.10.IN-ADDR.ARPA. 86400 IN PTR node0014.morgan.haib.org. 29-Sep-2014 15:13:07.033 client 172.26.42.60#60681/key xcat_key: updating zone '20.10.IN-ADDR.ARPA/IN': committing update transaction 29-Sep-2014 15:13:07.034 zone_needdump: zone 20.10.IN-ADDR.ARPA/IN: enter 29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter 29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: send 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: sendto 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: senddone 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: next 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: ns_client_detach: ref = 0 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: endrequest Any ideas what debugging steps I can take to see why the forward lookup is not being sent as well? I would love to know the actual command makedns ends up executing on the operating
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
The procedure is documented here in detail https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/ Specifically https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/#option-2-use-a-dns-that-is-outside-of-the-cluster Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 09/25/2014 10:03 AM Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e Hi Xiao, Thanks for the response. So if I have this straight, I need to manually create and maintain the zone files on the external DNS server, and already have initially empty (but present) zone files in place. Is that right? And I imagine that I will need to allow-update from the IP of the xCAT server too. Secondly, I still don't quite understand about the xcat_key. On the server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in /etc/named.conf. I should not even need /etc/named.conf since I am not hosting DNS on the same server as xCAT correct? Or does makedns have some sort of dependency on a local /etc/named.conf even when pushing externally? If /etc/named.conf is not needed, however, then where does makedns (which I think ends up running 'nsupdate') read the key from? Note that I have already configured the xcat_key on the external DNS server in its own /etc/named.conf, but I am not asking about that host but rather the xCAT server (which for purposes of DNS I am calling the client). Thanks, Josh On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote: You can NOT depend on xCAT to setup dns server on remote server. You need get the xcat_key from local dns configuration. You need prepare the remote dns ready so that xCAT could push the new dns entry to the remote dns server, this is what xCAT 'makedns -e' does. Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in JaJosh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in January of this year in a different lig From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 05:46 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844:
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Thank you for the clarifications. I read the wiki entry on Cluster Name Resolution but wanted to be sure of the particulars. Regards, Josh On Thu, Sep 25, 2014 at 10:36 PM, Xiao Peng Wang w...@cn.ibm.com wrote: #1, you are right, you need prepare configuration files in external dns server. #2, the xcat_key is gotten from passwd table like this 'omapi,xcat_key,TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs=' Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 [image: Inactive hide details for Josh Nielsen ---2014/09/25 21:58:19---Hi Xiao, Thanks for the response. So if I have this straight, I]Josh Nielsen ---2014/09/25 21:58:19---Hi Xiao, Thanks for the response. So if I have this straight, I need to manually From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 21:58 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e -- Hi Xiao, Thanks for the response. So if I have this straight, I need to manually create and maintain the zone files on the external DNS server, and already have initially empty (but present) zone files in place. Is that right? And I imagine that I will need to allow-update from the IP of the xCAT server too. Secondly, I still don't quite understand about the xcat_key. On the server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in /etc/named.conf. I should not even need /etc/named.conf since I am not hosting DNS on the same server as xCAT correct? Or does makedns have some sort of dependency on a local /etc/named.conf even when pushing externally? If /etc/named.conf is not needed, however, then where does makedns (which I think ends up running 'nsupdate') read the key from? Note that I have already configured the xcat_key on the external DNS server in its own /etc/named.conf, but I am not asking about that host but rather the xCAT server (which for purposes of DNS I am calling the client). Thanks, Josh On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang *w...@cn.ibm.com* w...@cn.ibm.com wrote: You can NOT depend on xCAT to setup dns server on remote server. You need get the xcat_key from local dns configuration. You need prepare the remote dns ready so that xCAT could push the new dns entry to the remote dns server, this is what xCAT 'makedns -e' does. Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: *w...@cn.ibm.com* w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 [image: Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in Ja]Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in January of this year in a different lig From: Josh Nielsen *jniel...@hudsonalpha.org* jniel...@hudsonalpha.org To: xCAT Users Mailing list *xcat-user@lists.sourceforge.net* xcat-user@lists.sourceforge.net Date: 2014/09/25 05:46 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e -- I'm starting to see an older conversation that I had back in January of this year in a different light now: *http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182* http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen *jniel...@hudsonalpha.org* jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly,
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
You do not and should not have a separate installation of xCAT on an external server. Take a look at this document https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/ I am assuming you are using xCAT 2.8.X. Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 09/24/2014 05:51 PM Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default' 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): send 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): sendto 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): senddone 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): next 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): endrequest 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for socket 514 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for socket -1 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task 0x7f0017e369d0 got event 0x7f0017e1ec88 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet received correctly 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but I have no zone definition for 10.20 in /etc/named.conf on the external DNS server yet. On the Cluster Name Resolution wiki page ( http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution ) under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If you already have a DNS on your site network and you want to use that for your cluster node names too, you can point all of the nodes to it. You must ensure that your nodes have IP connectivity to the DNS, and you must
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
Hi Xiao, Thanks for the response. So if I have this straight, I need to manually create and maintain the zone files on the external DNS server, and already have initially empty (but present) zone files in place. Is that right? And I imagine that I will need to allow-update from the IP of the xCAT server too. Secondly, I still don't quite understand about the xcat_key. On the server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in /etc/named.conf. I should not even need /etc/named.conf since I am not hosting DNS on the same server as xCAT correct? Or does makedns have some sort of dependency on a local /etc/named.conf even when pushing externally? If /etc/named.conf is not needed, however, then where does makedns (which I think ends up running 'nsupdate') read the key from? Note that I have already configured the xcat_key on the external DNS server in its own /etc/named.conf, but I am not asking about that host but rather the xCAT server (which for purposes of DNS I am calling the client). Thanks, Josh On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote: You can NOT depend on xCAT to setup dns server on remote server. You need get the xcat_key from local dns configuration. You need prepare the remote dns ready so that xCAT could push the new dns entry to the remote dns server, this is what xCAT 'makedns -e' does. Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 [image: Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in Ja]Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in January of this year in a different lig From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 05:46 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e -- I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default' 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): send 24-Sep-2014
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
#1, you are right, you need prepare configuration files in external dns server. #2, the xcat_key is gotten from passwd table like this 'omapi,xcat_key,TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs=' Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 21:58 Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e Hi Xiao, Thanks for the response. So if I have this straight, I need to manually create and maintain the zone files on the external DNS server, and already have initially empty (but present) zone files in place. Is that right? And I imagine that I will need to allow-update from the IP of the xCAT server too. Secondly, I still don't quite understand about the xcat_key. On the server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in /etc/named.conf. I should not even need /etc/named.conf since I am not hosting DNS on the same server as xCAT correct? Or does makedns have some sort of dependency on a local /etc/named.conf even when pushing externally? If /etc/named.conf is not needed, however, then where does makedns (which I think ends up running 'nsupdate') read the key from? Note that I have already configured the xcat_key on the external DNS server in its own /etc/named.conf, but I am not asking about that host but rather the xCAT server (which for purposes of DNS I am calling the client). Thanks, Josh On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote: You can NOT depend on xCAT to setup dns server on remote server. You need get the xcat_key from local dns configuration. You need prepare the remote dns ready so that xCAT could push the new dns entry to the remote dns server, this is what xCAT 'makedns -e' does. Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in JaJosh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation that I had back in January of this year in a different lig From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 05:46 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?):
[xcat-user] Questions on prerequisites for external DNS and makedns -e
Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default' 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): send 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): sendto 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): senddone 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): next 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): endrequest 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for socket 514 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for socket -1 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task 0x7f0017e369d0 got event 0x7f0017e1ec88 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet received correctly 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but I have no zone definition for 10.20 in /etc/named.conf on the external DNS server yet. On the Cluster Name Resolution wiki page ( http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution) under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If you already have a DNS on your site network and you want to use that for your cluster node names too, you can point all of the nodes to it. You must ensure that your nodes have IP connectivity to the DNS, and you must manually configure your DNS with the node hostnames and IP addresses. Does 'makedns -e' not populate the zone files for you, just like it would if DNS were running locally on the MN itself by just parsing /etc/hosts on the client and adding/pushing it to the (remote) DNS zone files for you? If not does this mean I need to hand configure the remote DNS server's /etc/named.conf to stub out definitions for (as of yet) empty zones, or will makedns -e do that for me? Thanks, Josh -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default' 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): send 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): sendto 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): senddone 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): next 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): endrequest 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for socket 514 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for socket -1 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task 0x7f0017e369d0 got event 0x7f0017e1ec88 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet received correctly 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but I have no zone definition for 10.20 in /etc/named.conf on the external DNS server yet. On the Cluster Name Resolution wiki page (http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution) under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If you already have a DNS on your site network and you want to use that for your cluster node names too, you can point all of the nodes to it. You must ensure that your nodes have IP connectivity to the DNS, and you must manually configure your DNS with the node hostnames and IP addresses. Does 'makedns -e' not populate the zone files for you, just like it would if DNS were running locally on the MN itself by just parsing /etc/hosts on the client and adding/pushing it to the (remote) DNS zone files for you? If not does this mean I need to hand configure the remote DNS server's /etc/named.conf to stub out definitions for (as of yet) empty zones, or will makedns -e do that for me? Thanks, Josh
Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e
You can NOT depend on xCAT to setup dns server on remote server. You need get the xcat_key from local dns configuration. You need prepare the remote dns ready so that xCAT could push the new dns entry to the remote dns server, this is what xCAT 'makedns -e' does. Thanks Best Regards -- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: w...@cn.ibm.com Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net Date: 2014/09/25 05:46 Subject:Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e I'm starting to see an older conversation that I had back in January of this year in a different light now: http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182 There it was suggested that I be aware that you may need to run a separate makedns to populate the local zone files as well as makedns -e to do the external name servers. Does this mean that an xCAT installation is required on the external DNS server just to populate the zones initially? Wouldn't having two xCAT installations, whose records you have to keep in sync, get tedious after a while? Maybe I'm misunderstanding how the external DNS solution is supposed to work in connection with xCAT. Any clarifications are welcome. -Josh On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote: Hello all, I am in the process of trying to move to an external DNS implementation for name resolution with our compute cluster. The only requirement I see in the man page for makedns is to have one (and only one?) IP of the external DNS server that you want to update in /etc/resolv.conf and also a valid xcat_key. Firstly, how do you specify the xcat_key to be used on the client server that is pushing out the dns changes with makedns -e? For a local setup the key definition in /etc/named.conf is sufficient, but since makedns -e isn't dependent on the local config (or is it?), how is the xcat_key specified? The local /etc/named.conf file doesn't even need to exist on the client does it? Secondly, the server I am pushing to only has a 127.0.0 zone since it is a fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and zone files under /var/named/) for me on the remote server. With a local DNS setup, makedns would parse your settings and handle all the file updates and creation for you. But when I try makedns -e I see the following but no files or zone updates (is this an xcat_key problem?): (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity) 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default' 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): send 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): sendto 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): senddone 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): next 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844 (9.101.20.10.IN-ADDR.ARPA): endrequest 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for socket 514 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for socket -1 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event 0x7f0017c8c160 - task 0x7f0017e369d0 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task 0x7f0017e369d0 got event 0x7f0017e1ec88 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet received correctly 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but I have no zone definition for 10.20 in /etc/named.conf on the external DNS server yet. On the Cluster Name Resolution wiki page ( http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution ) under 'Option