Okay, I have the external DNS server working: partly. For some very odd
reason the external DNS server is only receiving the request to enter the
reverse lookup for a new node (ex: makedns -e node0014), but does not even
attempt to add the forward lookup zone. I see the key authorization passed
successfully for the reverse entry, so there are no authentication issues,
and when I try a manual 'nsupdate' it adds the forward lookup definition
just fine:
# nsupdate -k /etc/rndc.key
> server [external_dns_ip]
> prereq nxdomain node0014.morgan.haib.org.
> update add node0014.morgan.haib.org. 300 A 10.20.101.14
> send
It looks like 'makedns -e node0014' is somehow sending ONLY the reverse
lookup definition (though this is only a guess). This is what the client
sees:
[root@JNDev ~]# makedns -e node0014
Handling node0014 in /etc/hosts.
Getting reverse zones, this may take several minutes for a large cluster.
Completed getting reverse zones.
Updating DNS records, this may take several minutes for a large cluster.
Error: No reply received when sending DNS update to zone morgan.haib.org.
Completed updating DNS records.
It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20' but
for the DNS zone 'morgan.haib.org' I see the message: "Error: No reply
received when sending DNS update to zone morgan.haib.org".
Here is what I see from running named in the foreground when running
"makedns -e node0014":
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: UDP request
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: using view '_default'
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: request has valid
signature: xcat_key
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: recursion
available
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
ns_client_attach: ref = 1
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': prerequisites are OK
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: signer
"xcat_key" approved
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
'20.10.IN-ADDR.ARPA/IN' approved
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': update section prescan OK
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': adding an RR at '14.101.20.10.IN-ADDR.ARPA'
PTR node0014.morgan.haib.org.
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': checking for NSEC3PARAM changes
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': writing journal morgan/db.10.20.jnl
29-Sep-2014 15:13:07.022 writing to journal
29-Sep-2014 15:13:07.022 del 20.10.IN-ADDR.ARPA. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072410 10800 3600
604800 86400
29-Sep-2014 15:13:07.022 add 20.10.IN-ADDR.ARPA. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072411 10800 3600
604800 86400
29-Sep-2014 15:13:07.022 add 14.101.20.10.IN-ADDR.ARPA. 86400 IN PTR
node0014.morgan.haib.org.
29-Sep-2014 15:13:07.033 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': committing update transaction
29-Sep-2014 15:13:07.034 zone_needdump: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: send
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: sendto
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: senddone
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: next
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key:
ns_client_detach: ref = 0
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: endrequest
Any ideas what debugging steps I can take to see why the forward lookup is
not being sent as well? I would love to know the actual command makedns
ends up executing on the operating system/Linux (unless it uses direct BIND
library calls from perl instead - but in that case is there any way to
print out messages from ddns.pm or whatever calls it?).
Thanks,
Josh Nielsen
On Fri, Sep 26, 2014 at 10:03 AM, Josh Nielsen <jniel...@hudsonalpha.org>
wrote:
>
> Thank you for the clarifications. I read the wiki entry on Cluster Name
Resolution but wanted to be sure of the particulars.
>
> Regards,
> Josh
>
> On Thu, Sep 25, 2014 at 10:36 PM, Xiao Peng Wang <w...@cn.ibm.com> wrote:
>>
>> #1, you are right, you need prepare configuration files in external dns
server.
>>
>> #2, the xcat_key is gotten from passwd table like this
'"omapi","xcat_key","TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs=",,,,'
>>
>>
>>
>> Thanks
>> Best Regards
>> ----------------------------------------------------------------------
>> Wang Xiaopeng (王晓朋)
>> IBM China System Technology Laboratory
>> Tel: 86-10-82453455
>> Email: w...@cn.ibm.com
>> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193
>>
>> Josh Nielsen ---2014/09/25 21:58:19---Hi Xiao, Thanks for the response.
So if I have this straight, I need to manually
>>
>> From: Josh Nielsen <jniel...@hudsonalpha.org>
>> To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
>> Date: 2014/09/25 21:58
>> Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e
>>
>> ________________________________
>>
>>
>>
>> Hi Xiao,
>>
>> Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to "allow-update" from the IP of the xCAT server
too.
>>
>> Secondly, I still don't quite understand about the xcat_key. On the
server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and
in /etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does "makedns" (which
I think ends up running 'nsupdate') read the key from?
>>
>> Note that I have already configured the xcat_key on the external DNS
server in its own /etc/named.conf, but I am not asking about that host but
rather the xCAT server (which for purposes of DNS I am calling the
"client").
>>
>> Thanks,
>> Josh
>>
>> On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang <w...@cn.ibm.com> wrote:
>>
>> You can NOT depend on xCAT to setup dns server on remote server. You
need get the xcat_key from local dns configuration.
>>
>> You need prepare the remote dns ready so that xCAT could push the new
dns entry to the remote dns server, this is what xCAT 'makedns -e' does.
>>
>> Thanks
>> Best Regards
>> ----------------------------------------------------------------------
>> Wang Xiaopeng (王晓朋)
>> IBM China System Technology Laboratory
>> Tel: 86-10-82453455
>> Email: w...@cn.ibm.com
>> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193
>>
>> Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older
conversation that I had back in January of this year in a different lig
>>
>> From: Josh Nielsen <jniel...@hudsonalpha.org>
>> To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
>> Date: 2014/09/25 05:46
>> Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e
>> ________________________________
>>
>>
>>
>> I'm starting to see an older conversation that I had back in January
>> of this year in a different light now:
>> http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182
>>
>> There it was suggested that I "be aware that you may need to run a
>> separate makedns to populate the local zone files as well as makedns
>> -e to do the external name servers." Does this mean that an xCAT
>> installation is required on the external DNS server just to populate
>> the zones initially? Wouldn't having two xCAT installations, whose
>> records you have to keep in sync, get tedious after a while? Maybe I'm
>> misunderstanding how the external DNS solution is supposed to work in
>> connection with xCAT. Any clarifications are welcome.
>>
>> -Josh
>>
>> On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen <jniel...@hudsonalpha.org>
wrote:
>> > Hello all,
>> >
>> > I am in the process of trying to move to an external DNS
implementation for
>> > name resolution with our compute cluster. The only requirement I see
in the
>> > man page for makedns is to have one (and only one?) IP of the external
DNS
>> > server that you want to update in /etc/resolv.conf and also a valid
>> > xcat_key.
>> >
>> > Firstly, how do you specify the xcat_key to be used on the client
server
>> > that is pushing out the dns changes with makedns -e? For a local setup
the
>> > key definition in /etc/named.conf is sufficient, but since makedns -e
isn't
>> > dependent on the local config (or is it?), how is the xcat_key
specified?
>> > The local /etc/named.conf file doesn't even need to exist on the
client does
>> > it?
>> >
>> > Secondly, the server I am pushing to only has a 127.0.0 zone since it
is a
>> > fresh BIND install and I'm wanting 'makedns -e' to create the new
zones (and
>> > zone files under /var/named/) for me on the remote server. With a
local DNS
>> > setup, makedns would parse your settings and handle all the file
updates and
>> > creation for you. But when I try makedns -e I see the following but no
>> > files or zone updates (is this an xcat_key problem?):
>> >
>> > (I ran the remote DNS BIND daemon in the foreground with -d 60
verbosity)
>> >
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view
'_default'
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not
signed
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
>> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
approved
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): send
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): sendto
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): senddone
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): next
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
>> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>> > (9.101.20.10.IN-ADDR.ARPA): endrequest
>> > 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
>> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message
-3 for
>> > socket 514
>> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message
-2 for
>> > socket -1
>> > 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
>> > 0x7f0017c8c160 -> task 0x7f0017e369d0
>> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event
>> > 0x7f0017c8c160 -> task 0x7f0017e369d0
>> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
>> > 0x7f0017e369d0 got event 0x7f0017e1ec88
>> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141:
packet
>> > received correctly
>> >
>> > "9.101.20.10.IN-ADDR.ARPA/NS/IN" must be my test node definition in the
>> > client's /etc/hosts file "10.20.101.9 node0009 node0009.mydomain.org",
but I
>> > have no zone definition for 10.20 in /etc/named.conf on the external
DNS
>> > server yet.
>> >
>> > On the Cluster Name Resolution wiki page
>> > (
http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution
)
>> > under 'Option #2: Use a DNS That is Outside of the Cluster' it says:
"If you
>> > already have a DNS on your site network and you want to use that for
your
>> > cluster node names too, you can point all of the nodes to it. You must
>> > ensure that your nodes have IP connectivity to the DNS, and you must
>> > manually configure your DNS with the node hostnames and IP addresses."
>> >
>> > Does 'makedns -e' not populate the zone files for you, just like it
would if
>> > DNS were running locally on the MN itself by just parsing /etc/hosts
on the
>> > client and adding/pushing it to the (remote) DNS zone files for you?
>> >
>> > If not does this mean I need to hand configure the remote DNS server's
>> > /etc/named.conf to stub out definitions for (as of yet) empty zones,
or will
>> > makedns -e do that for me?
>> >
>> > Thanks,
>> > Josh
>>
>>
------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>
>>
>>
>>
------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>
>>
------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>
>>
>>
------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>
>
------------------------------------------------------------------------------
Slashdot TV. Videos for Nerds. Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
