Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 3. Install and Configure Bind9
These steps install Bind9, and then configure integration with DNSaaS.
3.1. Basic BIND Installation
1. Install the BIND packages:
# yum install bind bind-utils2. Configure named to listen for incoming connections:
# cp /etc/named.conf /etc/named.conf.orig
# sed -i -e "s/listen-on port.*/listen-on port 53 { 127.0.0.1; 192.168.100.20; };/" /etc/named.conf3.2. Configure BIND
1. Write to /etc/rndc.key:
# rndc-confgen -a
2. Add the following before options
# sed -i '/^options.*/i \
include "/etc/rndc.key"; \
controls { \
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; \
};' /etc/named.conf3. Remove a few existing options you will rewrite later:
# sed -i '/allow-query.*/d' /etc/named.conf
# sed -i '/recursion.*/d' /etc/named.conf
4. Add the following after options:
# sed -i '/^options.*/a \
allow-new-zones yes; \
allow-query { any; }; \
recursion no;' /etc/named.conf5. Create the rndc configuration. For the Compute node, the rndc configuration must point to the DNS server. For example:
# cat << EOF > /etc/rndc.conf
include "/etc/rndc.key";
options {
default-key "rndc-key";
default-server 192.168.100.20;
default-port 953;
};
EOF6. Review the named configuration:
# named-checkconf /etc/named.conf7. Correct the file permissions:
# setsebool -P named_write_master_zones on
# chmod g+w /var/named
# chown named:named /etc/rndc.conf
# chown named:named /etc/rndc.key
# chmod 600 /etc/rndc.key8. Enable and start the named service:
# systemctl enable named
# systemctl start named9. Validate named and rndc:
# dig @localhost localhost
# rndc status3.3. Configure the DNSaaS Pool Target for BIND
1. Set the pool target configuration:
$ crudini --set /etc/designate/designate.conf pool_target:$target_id type bind9
$ crudini --set /etc/designate/designate.conf pool_target:$target_id options "rndc_host: 192.168.100.20, rndc_port: 953, rndc_config_file: /etc/rndc.conf, rndc_key_file: /etc/rndc.key"
$ crudini --set /etc/designate/designate.conf pool_target:$target_id masters 192.168.100.20:53542. Restart DNSaaS to apply your pool changes:
# systemctl restart designate-api
# systemctl restart designate-central
# systemctl restart designate-mdns
# systemctl restart designate-pool-manager
# systemctl restart designate-sink3.4. Test BIND
1. Perform the diagnostic commands below:
# netstat -tap | grep named
# netstat -tulpn | grep 53
# dig @192.168.100.202. Check the DNSaaS Logs for errors. Ignore errors in Sink for now, as you have not modified its configuration.
# cd /var/log/designate
# tail api.log
# tail central.log
# tail mdns.log
# tail pool-manager.log
# tail sink.log3.5. Test DNSaaS integration with BIND9
1. Create an entry for your server:
# designate server-create --name $(hostname).2. Verify your DNS server record was previously created:
# designate server-list
3. Create a domain (don’t forget the . at the end of the --name option)
# designate domain-list
# designate domain-create --name example.com. --email root@example.com
# DOMAINID=$(designate domain-list | grep example.com | awk '{print $2}')When creating a domain from designate against BIND, it is basically running a command similiar to this:
# rndc -s 192.168.122.41 -p 953 -c /etc/rndc.conf -k /etc/rndc.key addzone example.com '{ type slave; masters { 192.168.122.41 port 5354; }; file "slave.example.com.ff532e15-55a9-4966-8f1e-b3eddb2891ba"; };'
4. Create a record and test lookup (don’t forget the . at the end of the --name option)
# designate record-create --name server1.example.com. --type A --data 1.2.3.4 $DOMAINID
# dig +short -p 53 @192.168.100.20 server1.example.com A3.6. Configure auto-generation of DNS records (nova fixed and neutron floating)
1. Modify the DNSaaS configuration for the example domain:
$ crudini --set /etc/designate/designate.conf handler:nova_fixed domain_id $DOMAINID
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip domain_id $DOMAINID
# systemctl restart designate-api
# systemctl restart designate-central
# systemctl restart designate-mdns
# systemctl restart designate-pool-manager
# systemctl restart designate-sink2. Test OpenStack Compute (nova) record creation:
# glance image-list
# neutron net-list
# nova boot testserver --flavor m1.tiny --image cirros-0.3.4-x86_64 --key-name yourkey --security-groups default --nic net-id=<Private Net ID>3. Check the Sink log:
Once the instance is up, you should see a create_record entry, if it has picked up the notification correctly:
# tail /var/log/designate/sink.logCheck in BIND
# dig +short @192.168.100.20 testserver.example.com
If this doesn’t work, you can also check the files in /var/named.
3.7. Test OpenStack Networking floating IP record creation
1. Perform the diagnostic commands below (replace pubnet1 with a name appropriate for your environment):
# FLOATINGIP=$(neutron floatingip-create pubnet1 | grep floating_ip_address | awk '{print $4}')
# nova add-floating-ip testserver $FLOATINGIP
# DNSRESULT=$(echo $FLOATINGIP |sed 's/\./-/g').example.com
# dig +short @192.168.100.20 $DNSRESULT
2. You should see a create_record event in the log file:
# tail /var/log/designate/sink.log3.8. Cleanup OpenStack Networking and Compute DNS entries
1. Remove the test floating IP created previously:
# nova remove-floating-ip testserver $FLOATINGIP
2. You should see a delete_record event in the log file:
# tail /var/log/designate/sink.logAnd the record should now be removed.
3. Remove the testserver created previously:
# designate record-list $DOMAINID
# nova delete testserver
You should see another delete_record entry in the log file:
# tail /var/log/designate/sink.log
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}