dns 3.4 spec

Table of Contents DNS Evaluation dig ping host Setup Steps Enable Experimental nameserveraddress System and Instance Domains Enable DNS DNS Types Service/Component Resolver Component Name Resolution Regular Single Service A Query Partitioned Single Service A Query Partitioned Multiple Service A Query Failed Service A Query Recursive Resolver Split Horizon Resolver instance-data Resolver A PTR

DNS

NOTE: through out this document the following naming assumptions are used:

• • DNSDOMAIN.COM is the public subdomain which is delegated to Eucalyptus
  • ${system.dns.dnsdomain} refers to the system property of the same name
  • ${cloud.vmstate.} refers to the system property of the same name
  • INSTANCESUBDOMAIN is the subdomain used for instance DNS
  • 10.111.1.2 is the example Eucalyptus CLC host

Evaluation

dig

• For evaluation dig is primarily used as it does not have any behaviour -- it only implements the DNS protocol
• The following can be assumed as the dig command used throughout
  • 10.111.1.2 is the DNS server, when ommitted dig will resort to resolv.conf and use only the first server
  • A is the query type
  • DNSDOMAIN.COM is our query domain
• The rest of the command cleans output

function check() {
> dig @10.111.1.2 $1 $2 +retries=0 +timeout=1 | awk '/^$/{getline} $2 == "flags:" {print} /^;[^ ;].*A$/ {print} /^[^;][^ ;]/'
> }

• The output includes:
  • The flags set on the response
  • The question sent
  • The answers recieved (all sections; answer, additional, and authority)

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;eucalyptus.DNSDOMAIN.COM.	IN	A
eucalyptus.DNSDOMAIN.COM. 60	IN	A	10.111.1.2

ping

• Ping has behaviours which are important to verify work
  • Sends multiple variants of the initial A lookup query (domain searching)
  • Sends PTR requests in order to print the pretty header line

host

• Host best reflects the default behaviour of gethostbyname()

Setup Steps

Enable Experimental

• Set all the experimental DNS resolvers to be enabled='true'

 clc 17599 > euca-describe-properties experimental.dns
PROPERTY	experimental.dns.enabled	true
PROPERTY	experimental.dns.instancedata.enabled	true
PROPERTY	experimental.dns.ns.enabled	true
PROPERTY	experimental.dns.recursive.enabled	true
PROPERTY	experimental.dns.services.enabled	true
PROPERTY	experimental.dns.split_horizon.enabled	true

nameserveraddress

• Set the nameserveraddress given out to instances to be the same as the CLC
• THIS IS NOT RIGHT! The 'nameserveraddress' needs to be dynamic for HA!

euca-modify-property -p system.dns.nameserveraddress=10.111.1.2
PROPERTY	system.dns.nameserveraddress	10.111.1.2 was 127.0.0.1

System and Instance Domains

• Set the public facing domain name -- the cloud internal domain is always 'internal'

 clc 17595 > euca-modify-property -p system.dns.dnsdomain=DNSDOMAIN.COM
PROPERTY	system.dns.dnsdomain	DNSDOMAIN.COM was localhost

• Set the sub-domain name used for instances

 clc 17597 > euca-modify-property -p cloud.vmstate.instance_subdomain=.INSTANCESUBDOMAIN
PROPERTY	cloud.vmstate.instance_subdomain	.INSTANCESUBDOMAIN was .eucalyptus

Enable DNS

 clc 17610 > euca-modify-property -p bootstrap.webservices.use_dns_delegation=true
PROPERTY	bootstrap.webservices.use_dns_delegation	true was false

 clc 17610 > euca-modify-property -p bootstrap.webservices.use_instance_dns=true
PROPERTY	bootstrap.webservices.use_instance_dns	true was false

DNS Types

Responds To	Description
Service/Component Resolver	${component.name()}.${system.dns.dnsdomain}	Resolves the address of the currently ENABLED service indicated by the first label in the request.
Recursive Resolver	not *.${system.dns.dnsdomain}	Handles resolution of address which are not in domains managed by Eucalyptus.
Split Horizon Resolver	euca-(.+{3})-(.+{3})-(.+{3})-(.+{3}).${cloud.vmstate.instance_subdomain}.${system.dns.dnsdomain}	euca-(.+{3})-(.+{3})-(.+{3})-(.+{3}).${cloud.vmstate.instance_subdomain}.internal	Resolves instance addresses based on the requestor's source address; internal source addresses always get internal ip address responses.
instance-data Resolver	instance-data instance-data.internal instance-data.${cloud.vmstate.instance_subdomain}.internal	hi

Service/Component Resolver

• A records for components & services
• Components:
  • All have a short-name (column 2 of euca-describe-services)
  • May have a partition which deteremines their subdomain (column 3 of euca-describe-services)
  • May be strictly internal (e.g., reporting) and have no DNS name associated as a result

Component Name Resolution

• Component name lookups are:
  • Global services: ${componentId.name()}.DNSDOMAIN.COM
  • Partitioned services: ${componentId.name()}.${partition}.DNSDOMAIN.COM
• This resolver is authoritative
• Examples of its behaviour can be seen using the following command:

euca-describe-services --all  |  
awk '$3 == "PARTI00" {print $2"."$3".DNSDOMAIN.COM"} $3 != "PARTI00" {print $2".DNSDOMAIN.COM"}' |
sort | uniq |  
xargs -i dig @10.111.1.2 A {}  +retries=0 +timeout=1 | 
awk '/^$/{getline} $2 == "flags:" {print} /^;[^ ;].*A$/ {print}'

Regular Single Service A Query

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;autoscaling.DNSDOMAIN.COM.	IN	A
autoscaling.DNSDOMAIN.COM. 60	IN	A	10.111.1.2

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;walrus.DNSDOMAIN.COM.		IN	A
walrus.DNSDOMAIN.COM.	60	IN	A	10.111.1.2

Partitioned Single Service A Query

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;cluster.PARTI00.DNSDOMAIN.COM.	IN	A
cluster.PARTI00.DNSDOMAIN.COM. 60 IN	A	10.111.1.2

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;storage.PARTI00.DNSDOMAIN.COM.	IN	A
storage.PARTI00.DNSDOMAIN.COM. 60 IN	A	10.111.1.2

Partitioned Multiple Service A Query

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;node.PARTI00.DNSDOMAIN.COM.	IN	A
node.PARTI00.DNSDOMAIN.COM. 60	IN	A	10.111.1.66
node.PARTI00.DNSDOMAIN.COM. 60	IN	A	10.111.1.16

Failed Service A Query

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;reporting.DNSDOMAIN.COM.	IN	A
DNSDOMAIN.COM.		604800	IN	SOA	root.DNSDOMAIN.COM. b-02.qa1.eucalyptus-systems.com.DNSDOMAIN.COM. 1 86400 604800 2419200 600

Recursive Resolver

• Resolves names outside of the eucalyptus controlled domain names

Split Horizon Resolver

instance-data Resolver

• Responds to:
  • A record queries for 'instance-data' and possible subdomain variants, always returning 169.254.169.254
  • PTR querires for 169.254.169.254 returning instance-data

;; QUESTION SECTION:
;instance-data.			IN	A
;; ANSWER SECTION:
instance-data.		60	IN	A	169.254.169.254

;; QUESTION SECTION:
;instance-data.internal.		IN	A
;; ANSWER SECTION:
instance-data.		60	IN	A	169.254.169.254

;; QUESTION SECTION:
;instance-data.eucalyptus.internal. IN	A
;; ANSWER SECTION:
instance-data.		60	IN	A	169.254.169.254

A

root@euca-1-106-32-141:~# dig A instance-data
169.254.169.254
Using domain server:
Name: 10.111.1.66
Address: 10.111.1.66#53
Aliases: 

instance-data has address 169.254.169.254

PTR

;; QUESTION SECTION:
;254.169.254.169.in-addr.arpa.	IN	PTR
;; ANSWER SECTION:
254.169.254.169.in-addr.arpa. 60 IN	PTR	instance-data.

---

tag:rls-3.4