Hi Xiao,
Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to "allow-update" from the IP of the xCAT server
too.
Secondly, I still don't quite understand about the xcat_key. On the server
hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in
/etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does "makedns" (which
I think ends up running 'nsupdate') read the key from?
Note that I have already configured the xcat_key on the external DNS server
in its own /etc/named.conf, but I am not asking about that host but rather
the xCAT server (which for purposes of DNS I am calling the "client").
Thanks,
Josh
On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang <w...@cn.ibm.com> wrote:
> You can NOT depend on xCAT to setup dns server on remote server. You need
> get the xcat_key from local dns configuration.
>
> You need prepare the remote dns ready so that xCAT could push the new dns
> entry to the remote dns server, this is what xCAT 'makedns -e' does.
>
> Thanks
> Best Regards
> ----------------------------------------------------------------------
> Wang Xiaopeng (王晓朋)
> IBM China System Technology Laboratory
> Tel: 86-10-82453455
> Email: w...@cn.ibm.com
> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
> Haidian District Beijing P.R.China 100193
>
> [image: Inactive hide details for Josh Nielsen ---2014/09/25
> 05:46:04---I'm starting to see an older conversation that I had back in
> Ja]Josh
> Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation
> that I had back in January of this year in a different lig
>
> From: Josh Nielsen <jniel...@hudsonalpha.org>
> To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
> Date: 2014/09/25 05:46
> Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
> makedns -e
> ------------------------------
>
>
>
> I'm starting to see an older conversation that I had back in January
> of this year in a different light now:
> http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182
>
> There it was suggested that I "be aware that you may need to run a
> separate makedns to populate the local zone files as well as makedns
> -e to do the external name servers." Does this mean that an xCAT
> installation is required on the external DNS server just to populate
> the zones initially? Wouldn't having two xCAT installations, whose
> records you have to keep in sync, get tedious after a while? Maybe I'm
> misunderstanding how the external DNS solution is supposed to work in
> connection with xCAT. Any clarifications are welcome.
>
> -Josh
>
> On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen <jniel...@hudsonalpha.org>
> wrote:
> > Hello all,
> >
> > I am in the process of trying to move to an external DNS implementation
> for
> > name resolution with our compute cluster. The only requirement I see in
> the
> > man page for makedns is to have one (and only one?) IP of the external
> DNS
> > server that you want to update in /etc/resolv.conf and also a valid
> > xcat_key.
> >
> > Firstly, how do you specify the xcat_key to be used on the client server
> > that is pushing out the dns changes with makedns -e? For a local setup
> the
> > key definition in /etc/named.conf is sufficient, but since makedns -e
> isn't
> > dependent on the local config (or is it?), how is the xcat_key specified?
> > The local /etc/named.conf file doesn't even need to exist on the client
> does
> > it?
> >
> > Secondly, the server I am pushing to only has a 127.0.0 zone since it is
> a
> > fresh BIND install and I'm wanting 'makedns -e' to create the new zones
> (and
> > zone files under /var/named/) for me on the remote server. With a local
> DNS
> > setup, makedns would parse your settings and handle all the file updates
> and
> > creation for you. But when I try makedns -e I see the following but no
> > files or zone updates (is this an xcat_key problem?):
> >
> > (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)
> >
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
> approved
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): send
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): sendto
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): senddone
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): next
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> > (9.101.20.10.IN-ADDR.ARPA): endrequest
> > 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3
> for
> > socket 514
> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2
> for
> > socket -1
> > 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
> > 0x7f0017c8c160 -> task 0x7f0017e369d0
> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event
> > 0x7f0017c8c160 -> task 0x7f0017e369d0
> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
> > 0x7f0017e369d0 got event 0x7f0017e1ec88
> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet
> > received correctly
> >
> > "9.101.20.10.IN-ADDR.ARPA/NS/IN" must be my test node definition in the
> > client's /etc/hosts file "10.20.101.9 node0009 node0009.mydomain.org",
> but I
> > have no zone definition for 10.20 in /etc/named.conf on the external DNS
> > server yet.
> >
> > On the Cluster Name Resolution wiki page
> > (
> http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution
> )
> > under 'Option #2: Use a DNS That is Outside of the Cluster' it says: "If
> you
> > already have a DNS on your site network and you want to use that for your
> > cluster node names too, you can point all of the nodes to it. You must
> > ensure that your nodes have IP connectivity to the DNS, and you must
> > manually configure your DNS with the node hostnames and IP addresses."
> >
> > Does 'makedns -e' not populate the zone files for you, just like it
> would if
> > DNS were running locally on the MN itself by just parsing /etc/hosts on
> the
> > client and adding/pushing it to the (remote) DNS zone files for you?
> >
> > If not does this mean I need to hand configure the remote DNS server's
> > /etc/named.conf to stub out definitions for (as of yet) empty zones, or
> will
> > makedns -e do that for me?
> >
> > Thanks,
> > Josh
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
