[FR] DDNS update on container network

[arslanabbasi]

Summary

The ability to expose hostname of containers on the container Network using Dynamic DNS updates. With this feature, customers can access their containers using hostnames.

User statement(s)

Enable DDNS updates in the DHCP server which is serving IPs for container network in VIC. Once, a container comes up on the container network, you should see the IP and hostname of the container in the DNS server.

Details

Let me know if the provided information is not enough.

See also

[yuyangbj]

I did the investigation for dynamic DNS. Looks like the work flow is the DHCP client needs to set the hostname into DHCP option 12, and DHCP server configure the domain name and send the update to DNS server.

https://docs.infoblox.com/display/N83EA2/Understanding+DDNS+Updates+from+DHCP
https://docs.infoblox.com/display/N83EA2/Configuring+DHCP+for+DDNS

We use the code below to send dhcp request, so we should update the code below to set hostname, I checked the dependency code, it supports option 12.

https://github.com/vmware/vic/blob/master/lib/dhcp/packet.go#L27
https://github.com/d2g/dhcp4/blob/master/constants.go#L36

[malikkal]

We have been doing this for long time.

1. Get a delegation from corporate DNS folks. For example vic.corporate.com. This may be avoided if the corporate DNS admins allow you for direct updates. However, a delegation is still a better choice, as you are in full control and give each project its own 'namespace'. ;-)

2. Run BIND DNS server for your delegated zone. You could run another which supports update via keys. We were comfortable using BIND.

3. Create sub-domain like project1.vic.corporate.com. Create an HMAC-MD5 key for the zone using dnsscec-keygen.

4. Configure the zone to accept dynamic updates using the key.

5. Write a small shell script that uses nsudpate that can be used as a function from container entrypoint.

6. The script does an nsupdate, reading the container hostname and the primary dns server from the resolv.conf. We can share our script, should you need it.

7. Advise the project folks to include nsupdate, our script and the keyfile in their container image and call it from their entrypoint.

8. When entrypoint dies, you could trap for EXIT and call the same function with a different parameter to delete from the DNS.

With the above you can provide individual name space to each VIC project that could be dynamically updated. Please keep the zone TTL to low, else the dns propagation in your environment could take long time if you are using a different DNS server to query the updates.

Hope this helps!

[yuyangbj]

@malikkal thanks for the sharing. And please share your script if you are convenient.

[malikkal]

Here you go. Please note the TTL below.

#!/bin/bash

#Global Variable

DNS_Server=$1
DNS_Subnet=$3
DNS_KEY=/root/key.file

#Sanity Check

usage()
{
   echo "Usage: updateNS.sh <NS> <hostname> <zone> <add|del>"
   exit 1
}
if [ ! $# == 4 ]; then usage; fi

#Define Functions

AddHostToDNS () {
# First parameter : Hostname
# Second parameter : IP

local NewHost=$1
local NewIP=$2
local OutputFileTemp=$(mktemp)
cat >${OutputFileTemp} <<__TEMPEND__
server ${DNS_Server}
zone ${DNS_Subnet}
update delete ${NewHost}.${DNS_Subnet} A
send
answer
server ${DNS_Server}
zone ${DNS_Subnet}
update add ${NewHost}.${DNS_Subnet} 300 A ${NewIP}
send
answer
__TEMPEND__
echo "DNSUpdate: Generating commands on temporary file (${OutputFileTemp})"
nsupdate -k $DNS_KEY ${OutputFileTemp}
echo "DNSUpdate: NSUpdate done."
rm ${OutputFileTemp}
}

RemoveHostFromDNS () {
# First parameter : Hostname

local NewHost=$1
local OutputFileTemp=$(mktemp)
cat >${OutputFileTemp} <<__TEMPEND__
server ${DNS_Server}
zone ${DNS_Subnet}
update delete ${NewHost}.${DNS_Subnet} A
send
answer
__TEMPEND__
echo "DNSUpdate: Generating commands on temporary file (${OutputFileTemp})"
nsupdate -k $DNS_KEY ${OutputFileTemp}
echo "DNSUpdate: NSUpdate done (Entry removed)"
rm ${OutputFileTemp}
}

#Main

if [ $4 == "add" ]; then
   myIpAddress="$(ip a sh eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)"
   echo "DNSUpdate: Calling function AddHostToDNS"
   AddHostToDNS $2 $myIpAddress
elif [ $4 == "del" ]; then
   echo "DNSUpdate: Calling function RemoveHostFromDNS"
   RemoveHostFromDNS $2
else
   usage; exit 1
fi

[malikkal]

Sample lines from a typical entrypoint script. Hope this helps!

#!/bin/bash

declare -a myNS=(`cat /etc/resolv.conf |grep nameserver|awk -F" " '{print $2}'`)
myHostname=`hostname`
DNSZONE="your.dns.domain"

cleanup()
{
   echo "Cleaning A records and doing whatever you want here..."
   /usr/local/updateNS.sh ${myNS[0]} $myHostname $DNSZONE del
}

trap cleanup EXIT
/usr/local/updateNS.sh ${myNS[0]} $myHostname $DNSZONE add

[yuyangbj]

@malikkal thanks for the information! Would you like adding dynamic dns update automatically in VIC 1.5?

[arslanabbasi]

Hi,

Did this make into 1.5 release?

Also, hostname is set by default inside the container. If no name is specified, the container id is used as the hostname. Would this hostname be used in DDNS update? #8442 implies that user has to manually set the hostname, is my understanding correct? @renmaosheng @yuyangbj

[yuyangbj]

@arslanabbasi

This code is not merged into 1.5 release. For the code change, if you specified the hostname, it will be updated to DNS server. For the case using container id as hostname, we do not send the information to DNS server.

[yuyangbj]

Adding option 12 into DHCP discover packet with hostname value.