Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Martin Basti

On 22/07/14 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still 
trying to work out the correct syntax.

I have 2 hosts:

   - foo1.example.com
   - foo2.example.com

and would like to create a round-robin DNS srv record for both called 
foo.example.com


I already have DNS entries for both hosts in IPA:

  # ipa dnsrecord-show example.com foo1
Record name: foo1
A record: 10.0.0.1
  # ipa dnsrecord-show example.com foo2
Record name: foo2
A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

  # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com

  Record name: _foo.tcp
  SRV record: 0 50 53 foo1.example.com
  # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo2.example.com

  Record name: _foo.tcp
  SRV record: 0 50 53 foo2.example.com


Hello Mark,

add dot at the end of SRV target.
ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1.example.com.

DNS server is adding 'example.com.' to all non-FQDN domain names

which seemed to be added ok but on second glance I think not:

  # host -t srv _foo.tcp.example.com
  _foo.tcp..example.com has SRV record 0 50 53 
foo1.example.com.example.com.
  _foo.tcp..example.com has SRV record 0 50 53 
foo2.example.com.example.com.


In looking over the description of rfc2782 
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax is 
a little different,
and the documentation is scarce so admittedly I'm taking a swag at 
this ;-)


I can do this fine without srv but don't have enough familiarity with 
DNS srv here.
Can anyone help clarify what I'm missing? I'd like to have equal 
weighting, priority
to both hosts - I'm assuming the port (53) is correct for DNS here as 
well.


Thank you very much,

-m





--

Red Hat Reference Architectures

Follow Us:https://twitter.com/RedHatRefArch
Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
Like Us:https://www.facebook.com/rhrefarch





--
Martin Basti

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Petr Spacek

On 22.7.2014 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still trying to
work out the correct syntax.
I have 2 hosts:

- foo1.example.com
- foo2.example.com

and would like to create a round-robin DNS srv record for both called
foo.example.com

I already have DNS entries for both hosts in IPA:

   # ipa dnsrecord-show example.com foo1
 Record name: foo1
 A record: 10.0.0.1
   # ipa dnsrecord-show example.com foo2
 Record name: foo2
 A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1.example.com
   Record name: _foo.tcp
   SRV record: 0 50 53 foo1.example.com
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo2.example.com
   Record name: _foo.tcp
   SRV record: 0 50 53 foo2.example.com

which seemed to be added ok but on second glance I think not:

   # host -t srv _foo.tcp.example.com
   _foo.tcp..example.com has SRV record 0 50 53 foo1.example.com.example.com.
   _foo.tcp..example.com has SRV record 0 50 53 foo2.example.com.example.com.

In looking over the description of rfc2782
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax is a
little different,


I don't think so :-)

Please note the trailing dot in target part of 
http://en.wikipedia.org/wiki/SRV_record#Record_format.


IPA behaves in the same way as BIND 9: All domain names without trailing dot 
are automatically extended with zone origin, i.e. example.com..


You have two options:
# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1 (DNS server 
will automatically append example.com.)


or

# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1.example.com.
(please note the trailing dot)



Another note is about _foo. foo should be service name according to
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

It will probably not cause any problems if you invent your own name 
(preferably prefixed with x- to avoid collisions in future, e.g. _x-foo), 
but it will not hurt you if you register your protocol into the registry :-)

See http://tools.ietf.org/html/rfc6335


and the documentation is scarce so admittedly I'm taking a swag at this ;-)

I can do this fine without srv but don't have enough familiarity with DNS srv
here.
Can anyone help clarify what I'm missing? I'd like to have equal weighting,
priority
to both hosts - I'm assuming the port (53) is correct for DNS here as well.
What are you trying to achieve? The port number refers to port used by your 
application, not to DNS.


--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Martin Basti

On 22/07/14 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still 
trying to work out the correct syntax.

I have 2 hosts:

   - foo1.example.com
   - foo2.example.com

and would like to create a round-robin DNS srv record for both called 
foo.example.com


I already have DNS entries for both hosts in IPA:

  # ipa dnsrecord-show example.com foo1
Record name: foo1
A record: 10.0.0.1
  # ipa dnsrecord-show example.com foo2
Record name: foo2
A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

  # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com

  Record name: _foo.tcp
  SRV record: 0 50 53 foo1.example.com
  # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo2.example.com

  Record name: _foo.tcp
  SRV record: 0 50 53 foo2.example.com

which seemed to be added ok but on second glance I think not:

  # host -t srv _foo.tcp.example.com
  _foo.tcp..example.com has SRV record 0 50 53 
foo1.example.com.example.com.
  _foo.tcp..example.com has SRV record 0 50 53 
foo2.example.com.example.com.

^^
Is this typo, or the host command really returns two dots?
Martin

In looking over the description of rfc2782 
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax is 
a little different,
and the documentation is scarce so admittedly I'm taking a swag at 
this ;-)


I can do this fine without srv but don't have enough familiarity with 
DNS srv here.
Can anyone help clarify what I'm missing? I'd like to have equal 
weighting, priority
to both hosts - I'm assuming the port (53) is correct for DNS here as 
well.


Thank you very much,

-m





--

Red Hat Reference Architectures

Follow Us:https://twitter.com/RedHatRefArch
Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
Like Us:https://www.facebook.com/rhrefarch





--
Martin Basti

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Mark Heslin

Martin, Petr,

I didn't see that missing dot . - good catch. As always the devil is 
in the details :-)


Two follow up questions:

 1. I've set the priority and weighting equally here but I will add a 
third host
  so would it make sense to just set both priority and weight to 
0 for all three hosts?:


   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo1.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo2.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo3.example.com.


 2. To Petr's point about registering the _foo.tcp service. By 
definition this isn't really
  a true service and more like CNAME with benefits. (Sorry, 
couldn't resist the bad dating reference ;-))
  Do I actually still need to add this to /etc/services? If so, 
then I'd have to do that for

  all hosts in the environment, IdM servers, clients, etc., correct?

  Truth be told, this is just being used for an alternative to a 
true h/w, s/w load balancer
  for demonstration purposes so I'm sure adding it to the services 
file makes sense.


Thank you both!

-m




On 07/22/2014 03:16 AM, Petr Spacek wrote:

On 22.7.2014 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still 
trying to

work out the correct syntax.
I have 2 hosts:

- foo1.example.com
- foo2.example.com

and would like to create a round-robin DNS srv record for both called
foo.example.com

I already have DNS entries for both hosts in IPA:

   # ipa dnsrecord-show example.com foo1
 Record name: foo1
 A record: 10.0.0.1
   # ipa dnsrecord-show example.com foo2
 Record name: foo2
 A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com

   Record name: _foo.tcp
   SRV record: 0 50 53 foo1.example.com
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo2.example.com

   Record name: _foo.tcp
   SRV record: 0 50 53 foo2.example.com

which seemed to be added ok but on second glance I think not:

   # host -t srv _foo.tcp.example.com
   _foo.tcp..example.com has SRV record 0 50 53 
foo1.example.com.example.com.
   _foo.tcp..example.com has SRV record 0 50 53 
foo2.example.com.example.com.


In looking over the description of rfc2782
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax is a
little different,


I don't think so :-)

Please note the trailing dot in target part of 
http://en.wikipedia.org/wiki/SRV_record#Record_format.


IPA behaves in the same way as BIND 9: All domain names without 
trailing dot are automatically extended with zone origin, i.e. 
example.com..


You have two options:
# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1 (DNS 
server will automatically append example.com.)


or

# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com.

(please note the trailing dot)



Another note is about _foo. foo should be service name according to
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml 



It will probably not cause any problems if you invent your own name 
(preferably prefixed with x- to avoid collisions in future, e.g. 
_x-foo), but it will not hurt you if you register your protocol into 
the registry :-)

See http://tools.ietf.org/html/rfc6335

and the documentation is scarce so admittedly I'm taking a swag at 
this ;-)


I can do this fine without srv but don't have enough familiarity with 
DNS srv

here.
Can anyone help clarify what I'm missing? I'd like to have equal 
weighting,

priority
to both hosts - I'm assuming the port (53) is correct for DNS here as 
well.
What are you trying to achieve? The port number refers to port used by 
your application, not to DNS.





--

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Mark Heslin

On 07/22/2014 08:00 AM, Mark Heslin wrote:

Martin, Petr,

I didn't see that missing dot . - good catch. As always the devil is 
in the details :-)


Two follow up questions:

 1. I've set the priority and weighting equally here but I will add a 
third host
  so would it make sense to just set both priority and weight to 
0 for all three hosts?:


   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo1.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo2.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53 
foo3.example.com.


 2. To Petr's point about registering the _foo.tcp service. By 
definition this isn't really
  a true service and more like CNAME with benefits. (Sorry, 
couldn't resist the bad dating reference ;-))
  Do I actually still need to add this to /etc/services? If so, 
then I'd have to do that for

  all hosts in the environment, IdM servers, clients, etc., correct?

  Truth be told, this is just being used for an alternative to a 
true h/w, s/w load balancer
  for demonstration purposes so I'm sure adding it to the services 
file makes sense.


Gah! I meant to say I'm *not* sure adding it to the services file makes 
sense.





Thank you both!

-m




On 07/22/2014 03:16 AM, Petr Spacek wrote:

On 22.7.2014 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still 
trying to

work out the correct syntax.
I have 2 hosts:

- foo1.example.com
- foo2.example.com

and would like to create a round-robin DNS srv record for both called
foo.example.com

I already have DNS entries for both hosts in IPA:

   # ipa dnsrecord-show example.com foo1
 Record name: foo1
 A record: 10.0.0.1
   # ipa dnsrecord-show example.com foo2
 Record name: foo2
 A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com

   Record name: _foo.tcp
   SRV record: 0 50 53 foo1.example.com
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo2.example.com

   Record name: _foo.tcp
   SRV record: 0 50 53 foo2.example.com

which seemed to be added ok but on second glance I think not:

   # host -t srv _foo.tcp.example.com
   _foo.tcp..example.com has SRV record 0 50 53 
foo1.example.com.example.com.
   _foo.tcp..example.com has SRV record 0 50 53 
foo2.example.com.example.com.


In looking over the description of rfc2782
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax 
is a

little different,


I don't think so :-)

Please note the trailing dot in target part of 
http://en.wikipedia.org/wiki/SRV_record#Record_format.


IPA behaves in the same way as BIND 9: All domain names without 
trailing dot are automatically extended with zone origin, i.e. 
example.com..


You have two options:
# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1 
(DNS server will automatically append example.com.)


or

# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 
foo1.example.com.

(please note the trailing dot)



Another note is about _foo. foo should be service name 
according to
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml 



It will probably not cause any problems if you invent your own name 
(preferably prefixed with x- to avoid collisions in future, e.g. 
_x-foo), but it will not hurt you if you register your protocol 
into the registry :-)

See http://tools.ietf.org/html/rfc6335

and the documentation is scarce so admittedly I'm taking a swag at 
this ;-)


I can do this fine without srv but don't have enough familiarity 
with DNS srv

here.
Can anyone help clarify what I'm missing? I'd like to have equal 
weighting,

priority
to both hosts - I'm assuming the port (53) is correct for DNS here 
as well.
What are you trying to achieve? The port number refers to port used 
by your application, not to DNS.








--

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Petr Spacek

On 22.7.2014 14:06, Mark Heslin wrote:

On 07/22/2014 08:00 AM, Mark Heslin wrote:

Martin, Petr,

I didn't see that missing dot . - good catch. As always the devil is in
the details :-)

Two follow up questions:

 1. I've set the priority and weighting equally here but I will add a third
host
  so would it make sense to just set both priority and weight to 0 for
all three hosts?:

   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53
foo1.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53
foo2.example.com.
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 0 53
foo3.example.com.

 2. To Petr's point about registering the _foo.tcp service. By definition
this isn't really
  a true service and more like CNAME with benefits. (Sorry, couldn't
resist the bad dating reference ;-))
  Do I actually still need to add this to /etc/services? If so, then I'd
have to do that for
  all hosts in the environment, IdM servers, clients, etc., correct?

  Truth be told, this is just being used for an alternative to a true
h/w, s/w load balancer
  for demonstration purposes so I'm sure adding it to the services file
makes sense.


Gah! I meant to say I'm *not* sure adding it to the services file makes sense.


For test purposes you can use whatever, preferably something like _x-test. 
No modification to /etc/services is necessary. AFAIK /etc/services just allows 
clients to translate service name to port number but this will not be used 
anyway because clients will get port number from DNS.


Petr^2 Spacek


Thank you both!

-m




On 07/22/2014 03:16 AM, Petr Spacek wrote:

On 22.7.2014 00:13, Mark Heslin wrote:

Hi All,

I had some off-list exchanges with Petr Spacek on this but am still trying to
work out the correct syntax.
I have 2 hosts:

- foo1.example.com
- foo2.example.com

and would like to create a round-robin DNS srv record for both called
foo.example.com

I already have DNS entries for both hosts in IPA:

   # ipa dnsrecord-show example.com foo1
 Record name: foo1
 A record: 10.0.0.1
   # ipa dnsrecord-show example.com foo2
 Record name: foo2
 A record: 10.0.0.2

I'd like to get the correct syntax for adding the srv record for foo.
My understanding is that it should be something like this:

   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53
foo1.example.com
   Record name: _foo.tcp
   SRV record: 0 50 53 foo1.example.com
   # ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53
foo2.example.com
   Record name: _foo.tcp
   SRV record: 0 50 53 foo2.example.com

which seemed to be added ok but on second glance I think not:

   # host -t srv _foo.tcp.example.com
   _foo.tcp..example.com has SRV record 0 50 53 foo1.example.com.example.com.
   _foo.tcp..example.com has SRV record 0 50 53 foo2.example.com.example.com.

In looking over the description of rfc2782
http://en.wikipedia.org/wiki/SRV_record it appears the IPA syntax is a
little different,


I don't think so :-)

Please note the trailing dot in target part of
http://en.wikipedia.org/wiki/SRV_record#Record_format.

IPA behaves in the same way as BIND 9: All domain names without trailing
dot are automatically extended with zone origin, i.e. example.com..

You have two options:
# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1 (DNS
server will automatically append example.com.)

or

# ipa dnsrecord-add example.com _foo.tcp --srv-rec=0 50 53 foo1.example.com.
(please note the trailing dot)



Another note is about _foo. foo should be service name according to
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml


It will probably not cause any problems if you invent your own name
(preferably prefixed with x- to avoid collisions in future, e.g. _x-foo),
but it will not hurt you if you register your protocol into the registry :-)
See http://tools.ietf.org/html/rfc6335


and the documentation is scarce so admittedly I'm taking a swag at this ;-)

I can do this fine without srv but don't have enough familiarity with DNS srv
here.
Can anyone help clarify what I'm missing? I'd like to have equal weighting,
priority
to both hosts - I'm assuming the port (53) is correct for DNS here as well.

What are you trying to achieve? The port number refers to port used by your
application, not to DNS.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project