Page MenuHomePhabricator

Include zone+subnet checks for DNS validation
Closed, DeclinedPublic

Description

The other day I ran into a mistake where in I94ffcf515a6 I added an A record for a subnet of mgmt.codfw.wmnet inside the mgmt.eqiad.wmnet zone. This fact didn't trigger any error or warning from dns validation AFAICS, filing this wishlist task to track if zone <-> subnet mappings should also be validated.

12:52:33 Summary of violations:
12:52:33     W001|MISSING_IP_FOR_NAME_AND_PTR: 407
12:52:33     W002|MISSING_PTR_FOR_NAME_AND_IP: 78
12:52:33     W101|MISSING_ASSET_TAG: 525
12:52:33     W103|MISSING_MGMT_FOR_NAME: 373
12:52:33     W104|TOO_FEW_MGMT_NAMES: 619
12:52:33     W105|TOO_MANY_PUBLIC_NAMES: 25
12:52:33 RESULT: 0 Errors, 2027 Warnings, 0 Ignored violations, 3 Ignored lines

Event Timeline

Restricted Application added projects: Operations, Traffic. · View Herald TranscriptNov 20 2019, 9:03 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
crusnov triaged this task as Medium priority.Nov 20 2019, 4:57 PM
crusnov added a subscriber: crusnov.
Volans added a subscriber: Volans.Nov 20 2019, 5:51 PM

@fgiunchedi I think is fair request, but given we're in process of auto-generating all mgmt and then server's DNS records this might have less benefit that in the current situation. Would be ok to treat it as lower priority?

fgiunchedi lowered the priority of this task from Medium to Low.Nov 21 2019, 9:34 AM

@fgiunchedi I think is fair request, but given we're in process of auto-generating all mgmt and then server's DNS records this might have less benefit that in the current situation. Would be ok to treat it as lower priority?

Yeah preferring DNS autogeneration seems sensible to me!

BBlack moved this task from Triage to DNS Infra on the Traffic board.Dec 6 2019, 1:21 PM
BBlack closed this task as Declined.Dec 6 2019, 2:06 PM
BBlack added a subscriber: BBlack.

Declined in favor of netbox integration ( T233183 ? ) making this problem go away.