dns: integrate PTR support for 2a02:ec80:a100::/48
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• aborrero
	Oct 4 2024, 10:52 AM

Description

This ticket is to integrate the PTR support between netbox and the DNS for the 2a02:ec80:a100::/48 prefix.

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Add INCLUDEs for newly-assigned IPv6 networks WMCS Codfw	operations/dns	master	+19 -0

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T53494 Use Beta cluster as a true canary for code deployments (epic)
Declined	None	T87220 Minimize infrastructure differences between Beta Cluster and production
Open	None	T211677 Support IPv6 in beta
Open	None	T404466 Support IPv6-only VMs
Open	None	T392688 Enable IPv6 on Cloud VPS infrastructure services
Resolved	taavi	T379175 Enable IPv6 for the Cloud VPS web proxy
Open	None	T270694 CloudVPS: introduce tenant networks
Resolved	• aborrero	T364725 Migrate Cloud VPS instances to VXLAN based networks
Open	None	T392509 Enable IPv6 for Toolforge services
Resolved	taavi	T392506 Enable IPv6 for tools.wmflabs.org / *.toolserver.org legacy redirector service
Resolved	taavi	T211575 Enable IPv6 on toolforge.org
Resolved	None	T209460 CloudVPS: network architecture
Resolved	None	T244727 CloudVPS: networking improvements
Open	None	T220306 Add IPv6 monitoring
Resolved	• aborrero	T37947 Enable IPv6 on CloudVPS
Resolved	• aborrero	T245495 CloudVPS: IPv6 in codfw1dev
Resolved	• aborrero	T187929 Cloud IPv6 subnets
Resolved	• aborrero	T374712 netbox: create IPv6 entries for Cloud VPS
Resolved	• aborrero	T376462 dns: integrate PTR support for 2a02:ec80:a100::/48
Resolved	• aborrero	T374715 openstack: work out IPv6 and designate integration
Resolved	• aborrero	T377740 neutron: clarify why DNS extension is not enabled
Resolved	• aborrero	T378192 openstack: wmf sink: extend it to support IPv6
Resolved	• aborrero	T378995 openstack codfw1dev: API endpoints errors 2024-11-04

Event Timeline

• aborrero created this task.Oct 4 2024, 10:52 AM

Restricted Application removed a subscriber: taavi. · View Herald TranscriptOct 4 2024, 10:52 AM

This patch covers the delegation for the openstack-managed ranges, I think it's correct?

https://gerrit.wikimedia.org/r/c/operations/dns/+/1076713

Assuming that is the right server to delegate to, it would need to allow DNS requests from resolvers (everywhere I've tried so far it just gives me REFUSED status back). And this needs to work before we merge:

dig SOA 0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org.

I'll create another patch shortly for the reverse ranges we will set DNS for in Netbox (currently the 4 subnets assigned 2a02:ec80:a100:fc00::/55).

• aborrero renamed this task from dns/netbox: integrate PTR support for 2a02:ec80:a100::/48 to dns: integrate PTR support for 2a02:ec80:a100::/48.Oct 4 2024, 11:14 AM

To be more clear, you need to make sure these two zones are working on the openstack authdns:

0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa.
0.0.1.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa.

The server should respond to an SOA request for these similar to how it does for the v4 reverse zone:

cmooney@cloudnet2005-dev:~$ dig +short SOA 16.172.in-addr.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org. 
ns0.openstack.codfw1dev.wikimediacloud.org. root.wmcloud.org. 1728040484 3505 600 86400 3600

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/85

codfw1dev: dns: add reverse zones for 2a02:ec80:a100::/48

aborrero merged https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/85

codfw1dev: dns: add reverse zones for 2a02:ec80:a100::/48

before and after merging the tofu-infra patch above:

arturo@nostromo:~ $ dig SOA 0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org.

; <<>> DiG 9.20.2-1-Debian <<>> SOA 0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 61354
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. IN SOA

;; Query time: 160 msec
;; SERVER: 185.15.57.25#53(ns0.openstack.codfw1dev.wikimediacloud.org.) (UDP)
;; WHEN: Fri Oct 04 13:14:52 CEST 2024
;; MSG SIZE  rcvd: 69


arturo@nostromo:~ $ dig SOA 0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org.

; <<>> DiG 9.20.2-1-Debian <<>> SOA 0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. @ns0.openstack.codfw1dev.wikimediacloud.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17164
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. IN SOA

;; ANSWER SECTION:
0.0.0.0.0.0.1.a.0.8.c.e.2.0.a.2.ip6.arpa. 3600 IN SOA ns0.openstack.codfw1dev.wikimediacloud.org. root.wmcloud.org. 1728042767 3587 600 86400 3600

;; Query time: 152 msec
;; SERVER: 185.15.57.25#53(ns0.openstack.codfw1dev.wikimediacloud.org.) (UDP)
;; WHEN: Fri Oct 04 13:53:12 CEST 2024
;; MSG SIZE  rcvd: 160

• aborrero changed the task status from Open to In Progress.Oct 4 2024, 11:54 AM

• aborrero triaged this task as Medium priority.

• aborrero moved this task from Backlog to Doing on the User-aborrero board.

Maintenance_bot removed a project: Patch-For-Review.Oct 4 2024, 12:31 PM

• aborrero moved this task from Doing to Blocked/waiting on the User-aborrero board.Oct 7 2024, 11:26 AM

Change #1078972 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] Add INCLUDEs for newly-assigned IPv6 networks WMCS Codfw

https://gerrit.wikimedia.org/r/1078972

gerritbot added a project: Patch-For-Review.Oct 9 2024, 3:17 PM

Change #1078972 merged by Cathal Mooney:

[operations/dns@master] Add INCLUDEs for newly-assigned IPv6 networks WMCS Codfw

https://gerrit.wikimedia.org/r/1078972

The delegations for the 4 subnets used so far on the infra-side are working also:

cmooney@cumin1002:~$ dig +short +noall +answer -x 2a02:ec80:a100:fe01::2 
xe-0-0-46-1001.cloudsw1-b1-codfw.wikimedia.org.
cmooney@cumin1002:~$ dig +short +noall +answer -x 2a02:ec80:a100:fe02::2 
xe-0-0-47-1001.cloudsw1-b1-codfw.wikimedia.org.
cmooney@cumin1002:~$ dig +short +noall +answer -x 2a02:ec80:a100:fe03::1 
irb-1120.cloudsw1-b1-codfw.wikimedia.org.
cmooney@cumin1002:~$ dig +short +noall +answer -x 2a02:ec80:a100:fe04::2:1 
cloudinstances2b-gw.openstack.codfw1dev.wikimediacloud.org.

Maintenance_bot removed a project: Patch-For-Review.Oct 9 2024, 4:30 PM

cmooney added a subtask: T374715: openstack: work out IPv6 and designate integration.Oct 16 2024, 3:55 PM

• aborrero changed the status of subtask T374715: openstack: work out IPv6 and designate integration from Open to In Progress.Oct 21 2024, 12:43 PM

• aborrero changed the status of subtask T374715: openstack: work out IPv6 and designate integration from In Progress to Stalled.Oct 23 2024, 12:32 PM

taavi moved this task from Unsorted to DNS (Designate + pdns-recursor) on the Cloud-VPS board.Nov 1 2024, 7:00 PM

• aborrero closed subtask T374715: openstack: work out IPv6 and designate integration as Resolved.Nov 15 2024, 12:47 PM

• aborrero closed this task as Resolved.Nov 15 2024, 12:51 PM