[Pdns-users] PDNS and Isilon Smartconnect Delegation

Kenneth Marshall ktm at rice.edu
Thu Dec 13 19:54:52 UTC 2018 

On Thu, Dec 13, 2018 at 02:17:23PM -0500, Ian Easter wrote:
> Recently switched from BIND9.7.3 to PowerDNS and working through some
> adjustments.
> 
> We previously followed the guidelines for DNS based on the documentation:
> https://www.emc.com/collateral/hardware/white-papers/h8316-wp-smartconnect.pdf
> and everything worked without issue.
> 
> Translating that to PowerDNS seems to be a bit more challenging at the
> moment.
> 
> Adding the same records to PowerDNS are just returning the Isilon SIP A
> address record IP rather then the round robin IP address from the Isilon
> SIP.
> 
> At this point, I'm either looking in the wrong place, wrong keywords, or
> just simply not understanding why this isn't working.
> 
> I did find an old thread regarding this matter but it did not seem to end
> with a resolution.  I had also ran down another thread regarding a similar
> matter which started leading me toward needing to look at configuring
> pdns-recursor for this but I can't get anything to work on either front.
> 
> Greatly appreciate any assistance.
> 
> Current records set on PowerDNS (as they worked on BIND)
> isilon-nfs              NS      isilon-nfs-sip
> isilon-nfs-sip          A       192.168.64.70
> 
> What dig reports
> 
> ; <<>> DiG 9.10.6 <<>> isilon-nfs.teve.inc @10.1.90.52
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15456
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1680
> ;; QUESTION SECTION:
> ;isilon-nfs.teve.inc.           IN      A
> 
> ;; AUTHORITY SECTION:
> isilon-nfs.teve.inc.    3600    IN      NS      isilon-nfs-sip.teve.inc.
> 
> ;; ADDITIONAL SECTION:
> isilon-nfs-sip.teve.inc. 3600   IN      A       192.168.64.70
> 
> ;; Query time: 18 msec
> ;; SERVER: 10.1.90.52#53(10.1.90.52)
> ;; WHEN: Thu Dec 13 14:14:02 EST 2018
> ;; MSG SIZE  rcvd: 93
> 

Hi Ian,

Using the pdns-recursor, you simply forward-zone the domain to the IP address
of the Isilon DNS service. One nuance that we had to address was that
the AAAA lookups caused problems since we do not have IPv6 so we added a
LUA script to the function preresolve (). Here is what we have:

function preresolve ( remoteip, domain, qtype )

        -- Stop bad AAAA record cache problem with Isilon.
        if qtype == pdns.AAAA and domain == "file-nfs.isilon." then
                ret={}
                -- pdnslog ("fixing AAAA query for: " .. domain)
                -- ret[1]={qtype=pdns.AAAA, content=""}
                return 0, ret
        end
end

Once we had that piece everything worked well.

Regards,
Ken
> 
> 
> *Thank you,*
> *Ian Easter*

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list