DNS integration
This page serves as a guide for how to use the DNS integration
functionality of the Networking service and its interaction with the
Compute service.
The integration of the Networking service with an external DNSaaS
(DNS-as-a-Service) is described in config-dns-int-ext-serv.
Users can control the behavior of the Networking service in regards
to DNS using two attributes associated with ports, networks, and
floating IPs. The following table shows the attributes available for
each one of these resources:
| Resource | dns_name | dns_domain |
|---|---|---|
| Ports | Yes | Yes |
| Networks | No | Yes |
| Floating IPs | Yes | Yes |
Note
The DNS Integration extension enables all the attribute
and resource combinations shown in the previous table, except for
dns_domain for ports, which requires the
dns_domain for ports extension.
Note
Since the DNS Integration extension is a subset of
dns_domain for ports, if dns_domain
functionality for ports is required, only the latter extension has to be
configured.
Note
When the dns_domain for ports extension is configured,
DNS Integration is also included when the Neutron server
responds to a request to list the active API extensions. This preserves
backwards API compatibility.
The Networking service internal
DNS resolution
The Networking service enables users to control the name assigned to
ports by the internal DNS. To enable this functionality, do the
following:
-
Edit the
/etc/neutron/neutron.conffile and assign a
value different toopenstacklocal(its default value) to
thedns_domainparameter in the[default]
section. As an example:dns_domain = example.org. -
Add
dns(for theDNS Integration
extension) ordns_domain_ports(for the
dns_domain for portsextension) to
extension_driversin the[ml2]section of
/etc/neutron/plugins/ml2/ml2_conf.ini. The following is an
example:[ml2] extension_drivers = port_security,dns_domain_ports
After re-starting the neutron-server, users will be able
to assign a dns_name attribute to their ports.
Note
The enablement of this functionality is prerequisite for the
enablement of the Networking service integration with an external DNS
service, which is described in detail in config-dns-int-ext-serv.
The following illustrates the creation of a port with
my-port in its dns_name attribute.
Note
The name assigned to the port by the Networking service internal DNS
is now visible in the response in the dns_assignment
attribute.
$ openstack port create --network my-net --dns-name my-port test
+-----------------------+-------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2016-02-05T21:35:04Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | fqdn='my-port.example.org.', hostname='my-port', ip_address='192.0.2.67' |
| dns_domain | None |
| dns_name | my-port |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.0.2.67', subnet_id='6141b474-56cd-430f-b731-71660bb79b79' |
| id | fb3c10f4-017e-420c-9be1-8f8c557ae21f |
| mac_address | fa:16:3e:aa:9b:e1 |
| name | test |
| network_id | bf2802a0-99a0-4e8c-91e4-107d03f158ea |
| port_security_enabled | True |
| project_id | d5660cb1e6934612a01b4fb2fb630725 |
| qos_policy_id | None |
| revision_number | 1 |
| security_group_ids | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2016-02-05T21:35:04Z |
+-----------------------+-------------------------------------------------------------------------------+When this functionality is enabled, it is leveraged by the Compute
service when creating instances. When allocating ports for an instance
during boot, the Compute service populates the dns_name
attributes of these ports with the hostname attribute of
the instance, which is a DNS sanitized version of its display name. As a
consequence, at the end of the boot process, the allocated ports will be
known in the dnsmasq associated to their networks by their instance
hostname.
The following is an example of an instance creation, showing how its
hostname populates the dns_name attribute of
the allocated port:
$ openstack server create --image cirros --flavor 42 \
--nic net-id=37aaff3a-6047-45ac-bf4f-a825e56fd2b3 my_vm
+--------------------------------------+----------------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | dB45Zvo8Jpfe |
| config_drive | |
| created | 2016-02-05T21:35:04Z |
| flavor | m1.nano (42) |
| hostId | |
| id | 66c13cb4-3002-4ab3-8400-7efc2659c363 |
| image | cirros-0.3.5-x86_64-uec(b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) |
| key_name | - |
| locked | False |
| metadata | {} |
| name | my_vm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | d5660cb1e6934612a01b4fb2fb630725 |
| updated | 2016-02-05T21:35:04Z |
| user_id | 8bb6e578cba24e7db9d3810633124525 |
+--------------------------------------+----------------------------------------------------------------+
$ openstack port list --device-id 66c13cb4-3002-4ab3-8400-7efc2659c363
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| b3ecc464-1263-44a7-8c38-2d8a52751773 | | fa:16:3e:a8:ce:b8 | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7' | ACTIVE |
| | | | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4' | |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
$ openstack port show b3ecc464-1263-44a7-8c38-2d8a52751773
+-----------------------+------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | vultr.guest |
| binding_profile | |
| binding_vif_details | datapath_type='system', ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2016-02-05T21:35:04Z |
| data_plane_status | None |
| description | |
| device_id | 66c13cb4-3002-4ab3-8400-7efc2659c363 |
| device_owner | compute:None |
| dns_assignment | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='203.0.113.8' |
| | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='2001:db8:10::8' |
| dns_domain | example.org. |
| dns_name | my-vm |
| extra_dhcp_opts | |
| fixed_ips | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7' |
| | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4' |
| id | b3ecc464-1263-44a7-8c38-2d8a52751773 |
| mac_address | fa:16:3e:a8:ce:b8 |
| name | |
| network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 |
| port_security_enabled | True |
| project_id | d5660cb1e6934612a01b4fb2fb630725 |
| qos_policy_id | None |
| revision_number | 1 |
| security_group_ids | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2016-02-05T21:35:04Z |
+-----------------------+------------------------------------------------------------------------------------------------------------+In the above example notice that:
- The name given to the instance by the user,
my_vm, is
sanitized by the Compute service and becomesmy-vmas the
port’sdns_name. - The port’s
dns_assignmentattribute shows that its FQDN
ismy-vm.example.org.in the Networking service internal
DNS, which is the result of concatenating the port’s
dns_namewith the value configured in the
dns_domainparameter inneutron.conf, as
explained previously. - The
dns_assignmentattribute also shows that the port’s
hostnamein the Networking service internal DNS is
my-vm. - Instead of having the Compute service create the port for the
instance, the user might have created it and assigned a value to its
dns_nameattribute. In this case, the value assigned to the
dns_nameattribute must be equal to the value that Compute
service will assign to the instance’shostname, in this
examplemy-vm. Otherwise, the instance boot will fail.
Note
When the Networking service integration with an external DNS service
is enabled, a port’s FQDN in the dns_assignment attribute
will not be calculated as described above in some well defined cases.
For a description of these cases please see config-dns-int-ext-dns-assignment.