Chapter 9. Managing pointer records (PTRs)
A step in configuring the Red Hat OpenStack Platform (RHOSP) DNS service (designate) is to set up IP address-to-domain-name-lookups, also referred to as reverse lookups. The DNS resource, pointer (PTR) records, contain the address-to-name mapping data and are stored in reverse lookup zones. The DNS service also enables you to manage reverse lookups for floating IP addresses.
The topics included in this section are:
9.1. PTR record basics
In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you use pointer (PTR) records to create a number to name mapping (reverse mapping) from a single IP or set of IP addresses to a fully qualified domain name (FQDN). Because the Domain Name System (DNS) looks up addresses as names, you create a PTR record that contains a name for the IP address. You form this name by following a particular convention: reverse the IP address and append a special string: in-addr.arpa
for IPv4 addresses, and ip6.arpa
for IPv6 addresses.
For example, if the IP address for my-server.example.com
is 198.51.100.42
, then you name the corresponding node in the reverse lookup zone, 42.100.51.198.in-addr.arpa
. Listing the name of the IP address backwards facilitates its lookup, because like standard fully qualified domain names (FQDNs), a reversed IP address gets less specific as you move from its left side to its right side.
The DNS service writes the contents of the PTR record to a special zone called a reverse lookup zone, whose sole purpose is to provide address-to-name lookups. Because the PTR record contains data that is structured similar to standard FQDNs, you can delegate child zones of the reverse lookup zone in the same way as you delegate other zones. In the earlier example, the host, 198.51.100.42
, is a node in the 198.in-addr.arpa
zone, and this zone can be delegated to the administrators of the network, 198.51.100.0/8
.
The DNS service manages PTR records for floating IP addresses differently than for standard IP addresses, because of the requirement that the user’s RHOSP project owns the zone that contains the IP address. In most use cases involving reverse name lookups, this requirement is easily met. When managing reverse lookups for standard IP addresses, you use the openstack recordset
command as you do when managing the other DNS resource record types.
However, when working with floating IP addresses, it is common for multiple projects to share a pool of floating IP addresses. To solve the project ownership issue of a shared pool of addresses, you must use a different command when managing reverse lookups for floating IPs, the openstack ptr record
command.
9.2. Creating reverse lookup zones
To properly configure the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you must have a reverse lookup zone. A reverse lookup zone contains PTR records that are required for you to perform address-to-name lookups. You must name reverse lookup zones following this convention: <backward_IP_address>.in-addr.arpa
for IPv4 addresses, and <backward_IP_address>.ip6.arpa
for IPv6 addresses.
Typically, you align the zones in your RHOSP deployment to your subnet plan. For example, if you have a /24 subnet for your external network, you create a /24 subnet reverse lookup zone to contain your PTR records.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Create a reverse lookup zone by using the
openstack zone create
command and specifying these required arguments:--email <email_address>
- a valid email address for the person responsible (owner) for the zone.
<name>
a name for the reverse lookup zone that conforms to the convention:
<backward_IP_address>.in-addr.arpa
for IPv4 addresses, and<backward_IP_address>.ip6.arpa
for IPv6 addresses.Example
In this example, the reverse lookup zone is designed for one PTR record, for the 198.51.100.42 address:
$ openstack zone create --email admin@example.com \ 42.100.51.198.in-addr.arpa.
Sample output
+----------------+------------------------------------------+ | Field | Value | +----------------+------------------------------------------+ | action | CREATE | | attributes | | | created_at | 2022-02-02T17:32:47.000000 | | description | None | | email | admin@example.com | | id | f5546034-b27e-4326-bf9d-c53ed879f7fa | | masters | | | name | 42.100.51.198.in-addr.arpa. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 123d51544df443e790b8e95cce52c285 | | serial | 1591119166 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+------------------------------------------+
Example
In another example for a reverse zone that is for a 198.51.100.0/24 subnet, you would create the zone:
$ openstack zone create --email admin@example.com \ 100.51.198.in-addr.arpa.
Sample output
+----------------+------------------------------------------+ | Field | Value | +----------------+------------------------------------------+ | action | CREATE | | attributes | | | created_at | 2022-02-02T17:40:23.000000 | | description | None | | email | admin@example.com | | id | 5669caad86a04256994cdf755df4d3c1 | | masters | | | name | 100.51.198.in-addr.arpa. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 123d51544df443e790b8e95cce52c285 | | serial | 1739276248 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+------------------------------------------+
Verification
Confirm that the reverse lookup zone that you created exists:
$ openstack zone list -c id -c name -c status
Sample output
+--------------------------------------+-----------------------------+--------+ | id | name | status | +--------------------------------------+-----------------------------+--------+ | f5546034-b27e-4326-bf9d-c53ed879f7fa | 42.100.51.198.in-addr.arpa. | ACTIVE | +--------------------------------------+-----------------------------+--------+
- For the address-to-name mapping to be complete, the forward zone—the zone that contains the IP address—must exist. If the forward zone does not exist, create that now.
Additional resources
- Creating a zone
- zone create in the Command Line Interface Reference
9.3. Creating a PTR record
In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you create PTR records to enable reverse lookups (address-to-name mappings). Enabling reverse lookups is a part of properly configuring the DNS service on your RHOSP deployment.
Prerequisites
- Your RHOSP project must own the zone in which you create the PTR record.
- A reverse lookup zone to store the PTR record. For more information, see Section 9.2, “Creating reverse lookup zones”.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Create a PTR record by using the
openstack recordset create
command and specifying these required arguments:--record <domain_name>
- the target, the domain name, that should be returned when a reverse lookup is performed.
--type PTR
-
the kind of record,
PTR
, that you are creating. <zone_name>
- the name of the zone, the reverse lookup zone, where the record resides.
<record_name>
the name of the PTR record.
The record name must match the <zone_name> or be a member of the zone. For example, for the reverse lookup zone
100.51.198.in-addr.arpa.
, these are valid PTR record names:1.100.51.198.in-addr.arpa.
,2.100.51.198.in-addr.arpa.
, and any other reversed IP addresses in the198.51.100.0/24
subnet.Example
openstack recordset create --record www.example.com. --type PTR \ 42.100.51.198.in-addr.arpa. 42.100.51.198.in-addr.arpa.
Sample output
+-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2022-02-02T19:55:50.000000 | | description | None | | id | ca604f72-83e6-421f-bf1c-bb4dc1df994a | | name | 42.100.51.198.in-addr.arpa. | | project_id | 123d51544df443e790b8e95cce52c285 | | records | www.example.com. | | status | PENDING | | ttl | 3600 | | type | PTR | | updated_at | None | | version | 1 | | zone_id | f5546034-b27e-4326-bf9d-c53ed879f7fa | | zone_name | 42.100.51.198.in-addr.arpa. | +-------------+--------------------------------------+
Verification
Perform a reverse lookup to confirm that the IP address (
198.51.100.42
) is mapped to the domain name (www.example.com
).Example
In this example,
203.0.113.5
is one of the DNS servers in the deployment:$ dig @203.0.113.5 -x 198.51.100.42 +short
Sample output
www.example.com.
Additional resources
- recordset create in the Command Line Interface Reference
-
dig
command man page.
9.4. Creating multiple PTR records
In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can add many PTR records to a larger subnet by using a more broadly defined reverse lookup zone.
Prerequisites
- Your RHOSP project must own the zone in which you create the PTR record.
-
A reverse lookup zone to store the PTR record that is more broadly defined. For example, a
198.51.100.0/24
reverse lookup zone,100.51.198.in-addr-arpa
. For more information, see Section 9.2, “Creating reverse lookup zones”.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Create the PTR record by using the
openstack recordset create
command and specifying these required arguments:--record <domain_name>
- the domain name of the lookup.
--type PTR
-
the kind of record,
PTR
, that you are creating. <zone_name>
- the name of the reverse lookup zone where the record resides.
<record_name>
the name of the PTR record.
The record name must match the <zone_name> or be a member of the zone. For example, for the reverse lookup zone
100.51.198.in-addr.arpa.
, these are valid PTR record names:1.100.51.198.in-addr.arpa.
,2.100.51.198.in-addr.arpa.
, and any other reversed IP addresses in the198.51.100.0/24
subnet.Example
In this example, the reverse lookup zone is more broadly defined, For example, a
100.51.198.0/24
reverse lookup zone,100.51.198.in-addr-arpa
:$ openstack recordset create --record cats.example.com. --type PTR \ --ttl 3600 100.51.198.in-addr.arpa. 3.100.51.198.in-addr.arpa.
Sample output
+-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2022-02-02T20:10:54.000000 | | description | None | | id | c843729b-7aaf-4f99-a40a-d9bf70edf271 | | name | 3.100.51.198.in-addr.arpa. | | project_id | 123d51544df443e790b8e95cce52c285 | | records | cats.example.com. | | status | PENDING | | ttl | 3600 | | type | PTR | | updated_at | None | | version | 1 | | zone_id | e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d | | zone_name | 100.51.198.in-addr.arpa. | +-------------+--------------------------------------+
Verification
Perform a reverse lookup to confirm that the IP address (
198.51.100.3
) is mapped to the domain name (cats.example.com
).Example
In this example,
203.0.113.5
is one of the DNS servers in the deployment:$ dig @203.0.113.5 -x 198.51.100.3 +short
Sample output
cats.example.com.
Perform a reverse lookup to confirm that any other IP address (
198.51.100.0/24
) is mapped to the domain name (example.com
).Example
In this example,
203.0.113.5
is one of the DNS servers in the deployment:$ dig @203.0.113.5 -x 198.51.100.10 +short
Sample output
example.com.
Additional resources
- recordset create in the Command Line Interface Reference
-
dig
command man page.
9.5. Setting up PTR records for floating IP addresses
In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can create PTR records for floating IP addresses to allow reverse lookups.
Prerequisites
- One or more floating IPs defined.
- A reverse lookup zone for the floating IP for which you want to create a PTR record.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Determine the ID of the floating IP address for which you want to delete a PTR record. You need this information in a later step.
$ openstack floating ip list -c ID -c "Floating IP Address"
Sample output
+--------------------------------------+---------------------+ | ID | Floating IP Address | +--------------------------------------+---------------------+ | 5c02c519-4928-4a38-bd10-c748c200912f | 192.0.2.11 | | 89532684-13e1-4af3-bd79-f434c9920cc3 | 192.0.2.12 | | ea3ebc6d-a146-47cd-aaa8-35f06e1e8c3d | 192.0.2.13 | +--------------------------------------+---------------------+
Determine the RHOSP region name of the neutron instance that hosts the floating IP. You need this information in a later step.
$ openstack endpoint list -c ID -c Region -c "Service Name"
Sample output
+----------------------------------+-----------+--------------+ | ID | Region | Service Name | +----------------------------------+-----------+--------------+ | 16526452effd467a915155ceccf79dae | RegionOne | placement | | 21bf826a62a14456a61bd8f39648e849 | RegionOne | keystone | | 9cb1956999c54001a39d11ea14e037a1 | RegionOne | nova | | bdeec4e2665d4605bb89e16a8b1bc50d | RegionOne | glance | | ced05a1c03ab44caa1a351ace95429e6 | RegionOne | neutron | | e79e3113ea544d039b3a6378e60bdf3f | RegionOne | nova | | f91ee44123954b6c82162dcd2d4fc965 | RegionOne | designate | +----------------------------------+-----------+--------------+
Create the PTR record by using the
openstack ptr record set
command and specifying these required arguments:<floating_IP_ID>
- the floating IP ID in the format: <region_name>:<floating_IP_ID>.
<ptrd_name>
the target, the domain name, that should be returned when a reverse lookup is performed.
Example
$ openstack ptr record set RegionOne:5c02c519-4928-4a38-bd10-c748c200912f ftp.example.com.
Sample output
+-------------+------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------+ | action | CREATE | | address | 192.0.2.11 | | description | None | | id | RegionOne:5c02c519-4928-4a38-bd10-c748c200912f | | ptrdname | ftp.example.com. | | status | PENDING | | ttl | 3600 | +-------------+------------------------------------------------+
Verification
Perform a reverse lookup to confirm that the floating IP address (
192.0.2.11
) is mapped to the domain name (ftp.example.com
).Example
In this example,
203.0.113.5
is one of the DNS servers in the deployment:$ dig @203.0.113.5 -x 192.0.2.11 +short
Sample output
ftp.example.com.
Additional resources
- ptr record set in the Command Line Interface Reference
-
dig
command man page.
9.6. Unsetting PTR records for floating IP addresses
In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can remove PTR records associated with floating IP addresses.
Prerequisites
- A PTR record for a floating IP.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Determine the ID of the floating IP address for which you want to delete a PTR record. You need this information in a later step.
$ openstack floating ip list -c ID -c "Floating IP Address"
Sample output
+--------------------------------------+---------------------+ | ID | Floating IP Address | +--------------------------------------+---------------------+ | 5c02c519-4928-4a38-bd10-c748c200912f | 192.0.2.11 | | 89532684-13e1-4af3-bd79-f434c9920cc3 | 192.0.2.12 | | ea3ebc6d-a146-47cd-aaa8-35f06e1e8c3d | 192.0.2.13 | +--------------------------------------+---------------------+
Determine the name of your RHOSP region. You need this information in a later step.
$ openstack endpoint list -c ID -c Region -c "Service Name"
Sample output
+----------------------------------+-----------+--------------+ | ID | Region | Service Name | +----------------------------------+-----------+--------------+ | 16526452effd467a915155ceccf79dae | RegionOne | placement | | 21bf826a62a14456a61bd8f39648e849 | RegionOne | keystone | | 9cb1956999c54001a39d11ea14e037a1 | RegionOne | nova | | bdeec4e2665d4605bb89e16a8b1bc50d | RegionOne | glance | | ced05a1c03ab44caa1a351ace95429e6 | RegionOne | neutron | | e79e3113ea544d039b3a6378e60bdf3f | RegionOne | nova | | f91ee44123954b6c82162dcd2d4fc965 | RegionOne | designate | +----------------------------------+-----------+--------------+
Delete the PTR record by using the
openstack ptr record unset
command and specifying these required arguments:<floating_IP_ID>
the floating IP ID in the format: <region>:<floating_IP_ID>.
Example
$ openstack ptr record unset RegionOne:5c02c519-4928-4a38-bd10-c748c200912f
Verification
Confirm that you removed the PTR record.
$ openstack ptr record list
Additional resources
- ptr record unset in the Command Line Interface Reference