Chapter 9. Managing pointer records (PTRs)

A step in configuring the Red Hat OpenStack Platform (RHOSP) DNS service (designate) is to set up IP address-to-domain-name-lookups, also referred to as reverse lookups. The DNS resource, pointer (PTR) records, contain the address-to-name mapping data and are stored in reverse lookup zones. The DNS service also enables you to manage reverse lookups for floating IP addresses.

The topics included in this section are:

9.1. PTR record basics

In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you use pointer (PTR) records to create a number to name mapping (reverse mapping) from a single IP or set of IP addresses to a fully qualified domain name (FQDN). Because the Domain Name System (DNS) looks up addresses as names, you create a PTR record that contains a name for the IP address. You form this name by following a particular convention: reverse the IP address and append a special string: in-addr.arpa for IPv4 addresses, and ip6.arpa for IPv6 addresses.

For example, if the IP address for my-server.example.com is 198.51.100.42, then you name the corresponding node in the reverse lookup zone, 42.100.51.198.in-addr.arpa. Listing the name of the IP address backwards facilitates its lookup, because like standard fully qualified domain names (FQDNs), a reversed IP address gets less specific as you move from its left side to its right side.

The DNS service writes the contents of the PTR record to a special zone called a reverse lookup zone, whose sole purpose is to provide address-to-name lookups. Because the PTR record contains data that is structured similar to standard FQDNs, you can delegate child zones of the reverse lookup zone in the same way as you delegate other zones. In the earlier example, the host, 198.51.100.42, is a node in the 198.in-addr.arpa zone, and this zone can be delegated to the administrators of the network, 198.51.100.0/8.

The DNS service manages PTR records for floating IP addresses differently than for standard IP addresses, because of the requirement that the user’s RHOSP project owns the zone that contains the IP address. In most use cases involving reverse name lookups, this requirement is easily met. When managing reverse lookups for standard IP addresses, you use the openstack recordset command as you do when managing the other DNS resource record types.

However, when working with floating IP addresses, it is common for multiple projects to share a pool of floating IP addresses. To solve the project ownership issue of a shared pool of addresses, you must use a different command when managing reverse lookups for floating IPs, the openstack ptr record command.

9.2. Creating reverse lookup zones

To properly configure the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you must have a reverse lookup zone. A reverse lookup zone contains PTR records that are required for you to perform address-to-name lookups. You must name reverse lookup zones following this convention: <backward_IP_address>.in-addr.arpa for IPv4 addresses, and <backward_IP_address>.ip6.arpa for IPv6 addresses.

Typically, you align the zones in your RHOSP deployment to your subnet plan. For example, if you have a /24 subnet for your external network, you create a /24 subnet reverse lookup zone to contain your PTR records.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Create a reverse lookup zone by using the openstack zone create command and specifying these required arguments:

    --email <email_address>
    a valid email address for the person responsible (owner) for the zone.
    <name>

    a name for the reverse lookup zone that conforms to the convention: <backward_IP_address>.in-addr.arpa for IPv4 addresses, and <backward_IP_address>.ip6.arpa for IPv6 addresses.

    Example

    In this example, the reverse lookup zone is designed for one PTR record, for the 198.51.100.42 address:

    $ openstack zone create --email admin@example.com \
      42.100.51.198.in-addr.arpa.

    Sample output

    +----------------+------------------------------------------+
    | Field          | Value                                    |
    +----------------+------------------------------------------+
    | action         | CREATE                                   |
    | attributes     |                                          |
    | created_at     | 2022-02-02T17:32:47.000000               |
    | description    | None                                     |
    | email          | admin@example.com                        |
    | id             | f5546034-b27e-4326-bf9d-c53ed879f7fa     |
    | masters        |                                          |
    | name           | 42.100.51.198.in-addr.arpa.              |
    | pool_id        | 794ccc2c-d751-44fe-b57f-8894c9f5c842     |
    | project_id     | 123d51544df443e790b8e95cce52c285         |
    | serial         | 1591119166                               |
    | status         | PENDING                                  |
    | transferred_at | None                                     |
    | ttl            | 3600                                     |
    | type           | PRIMARY                                  |
    | updated_at     | None                                     |
    | version        | 1                                        |
    +----------------+------------------------------------------+

    Example

    In another example for a reverse zone that is for a 198.51.100.0/24 subnet, you would create the zone:

    $ openstack zone create --email admin@example.com \
      100.51.198.in-addr.arpa.

    Sample output

    +----------------+------------------------------------------+
    | Field          | Value                                    |
    +----------------+------------------------------------------+
    | action         | CREATE                                   |
    | attributes     |                                          |
    | created_at     | 2022-02-02T17:40:23.000000               |
    | description    | None                                     |
    | email          | admin@example.com                        |
    | id             | 5669caad86a04256994cdf755df4d3c1         |
    | masters        |                                          |
    | name           | 100.51.198.in-addr.arpa.                 |
    | pool_id        | 794ccc2c-d751-44fe-b57f-8894c9f5c842     |
    | project_id     | 123d51544df443e790b8e95cce52c285         |
    | serial         | 1739276248                               |
    | status         | PENDING                                  |
    | transferred_at | None                                     |
    | ttl            | 3600                                     |
    | type           | PRIMARY                                  |
    | updated_at     | None                                     |
    | version        | 1                                        |
    +----------------+------------------------------------------+

Verification

  1. Confirm that the reverse lookup zone that you created exists:

    $ openstack zone list -c id -c name -c status

    Sample output

    +--------------------------------------+-----------------------------+--------+
    | id                                   | name                        | status |
    +--------------------------------------+-----------------------------+--------+
    | f5546034-b27e-4326-bf9d-c53ed879f7fa | 42.100.51.198.in-addr.arpa. | ACTIVE |
    +--------------------------------------+-----------------------------+--------+

  2. For the address-to-name mapping to be complete, the forward zone—​the zone that contains the IP address—​must exist. If the forward zone does not exist, create that now.

Additional resources

9.3. Creating a PTR record

In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you create PTR records to enable reverse lookups (address-to-name mappings). Enabling reverse lookups is a part of properly configuring the DNS service on your RHOSP deployment.

Prerequisites

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Create a PTR record by using the openstack recordset create command and specifying these required arguments:

    --record <domain_name>
    the target, the domain name, that should be returned when a reverse lookup is performed.
    --type PTR
    the kind of record, PTR, that you are creating.
    <zone_name>
    the name of the zone, the reverse lookup zone, where the record resides.
    <record_name>

    the name of the PTR record.

    The record name must match the <zone_name> or be a member of the zone. For example, for the reverse lookup zone 100.51.198.in-addr.arpa., these are valid PTR record names: 1.100.51.198.in-addr.arpa., 2.100.51.198.in-addr.arpa., and any other reversed IP addresses in the 198.51.100.0/24 subnet.

    Example

    openstack recordset create --record www.example.com. --type PTR \
    42.100.51.198.in-addr.arpa. 42.100.51.198.in-addr.arpa.

    Sample output

    +-------------+--------------------------------------+
    | Field       | Value                                |
    +-------------+--------------------------------------+
    | action      | CREATE                               |
    | created_at  | 2022-02-02T19:55:50.000000           |
    | description | None                                 |
    | id          | ca604f72-83e6-421f-bf1c-bb4dc1df994a |
    | name        | 42.100.51.198.in-addr.arpa.          |
    | project_id  | 123d51544df443e790b8e95cce52c285     |
    | records     | www.example.com.                     |
    | status      | PENDING                              |
    | ttl         | 3600                                 |
    | type        | PTR                                  |
    | updated_at  | None                                 |
    | version     | 1                                    |
    | zone_id     | f5546034-b27e-4326-bf9d-c53ed879f7fa |
    | zone_name   | 42.100.51.198.in-addr.arpa.          |
    +-------------+--------------------------------------+

Verification

  • Perform a reverse lookup to confirm that the IP address (198.51.100.42) is mapped to the domain name (www.example.com).

    Example

    In this example, 203.0.113.5 is one of the DNS servers in the deployment:

    $ dig @203.0.113.5 -x 198.51.100.42 +short

    Sample output

    www.example.com.

Additional resources

  • recordset create in the Command line interface reference
  • dig command man page.

9.4. Creating multiple PTR records

In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can add many PTR records to a larger subnet by using a more broadly defined reverse lookup zone.

Prerequisites

  • Your RHOSP project must own the zone in which you create the PTR record.
  • A reverse lookup zone to store the PTR record that is more broadly defined. For example, a 198.51.100.0/24 reverse lookup zone, 100.51.198.in-addr-arpa. For more information, see Section 9.2, “Creating reverse lookup zones”.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Create the PTR record by using the openstack recordset create command and specifying these required arguments:

    --record <domain_name>
    the domain name of the lookup.
    --type PTR
    the kind of record, PTR, that you are creating.
    <zone_name>
    the name of the reverse lookup zone where the record resides.
    <record_name>

    the name of the PTR record.

    The record name must match the <zone_name> or be a member of the zone. For example, for the reverse lookup zone 100.51.198.in-addr.arpa., these are valid PTR record names: 1.100.51.198.in-addr.arpa., 2.100.51.198.in-addr.arpa., and any other reversed IP addresses in the 198.51.100.0/24 subnet.

    Example

    In this example, the reverse lookup zone is more broadly defined, For example, a 100.51.198.0/24 reverse lookup zone, 100.51.198.in-addr-arpa:

    $ openstack recordset create --record cats.example.com. --type PTR \
    --ttl 3600 100.51.198.in-addr.arpa. 3.100.51.198.in-addr.arpa.

    Sample output

    +-------------+--------------------------------------+
    | Field       | Value                                |
    +-------------+--------------------------------------+
    | action      | CREATE                               |
    | created_at  | 2022-02-02T20:10:54.000000           |
    | description | None                                 |
    | id          | c843729b-7aaf-4f99-a40a-d9bf70edf271 |
    | name        | 3.100.51.198.in-addr.arpa.           |
    | project_id  | 123d51544df443e790b8e95cce52c285     |
    | records     | cats.example.com.                    |
    | status      | PENDING                              |
    | ttl         | 3600                                 |
    | type        | PTR                                  |
    | updated_at  | None                                 |
    | version     | 1                                    |
    | zone_id     | e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d |
    | zone_name   | 100.51.198.in-addr.arpa.             |
    +-------------+--------------------------------------+

Verification

  1. Perform a reverse lookup to confirm that the IP address (198.51.100.3) is mapped to the domain name (cats.example.com).

    Example

    In this example, 203.0.113.5 is one of the DNS servers in the deployment:

    $ dig @203.0.113.5 -x 198.51.100.3 +short

    Sample output

    cats.example.com.

  2. Perform a reverse lookup to confirm that any other IP address (198.51.100.0/24) is mapped to the domain name (example.com).

    Example

    In this example, 203.0.113.5 is one of the DNS servers in the deployment:

    $ dig @203.0.113.5 -x 198.51.100.10 +short

    Sample output

    example.com.

Additional resources

  • recordset create in the Command line interface reference
  • dig command man page.

9.5. Setting up PTR records for floating IP addresses

In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can create PTR records for floating IP addresses to allow reverse lookups.

Prerequisites

  • One or more floating IPs defined.
  • A reverse lookup zone for the floating IP for which you want to create a PTR record.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Determine the ID of the floating IP address for which you want to delete a PTR record. You need this information in a later step.

    $ openstack floating ip list -c ID -c "Floating IP Address"

    Sample output

    +--------------------------------------+---------------------+
    | ID                                   | Floating IP Address |
    +--------------------------------------+---------------------+
    | 5c02c519-4928-4a38-bd10-c748c200912f | 192.0.2.11          |
    | 89532684-13e1-4af3-bd79-f434c9920cc3 | 192.0.2.12          |
    | ea3ebc6d-a146-47cd-aaa8-35f06e1e8c3d | 192.0.2.13          |
    +--------------------------------------+---------------------+

  3. Determine the RHOSP region name of the neutron instance that hosts the floating IP. You need this information in a later step.

    $ openstack endpoint list -c ID -c Region -c "Service Name"

    Sample output

    +----------------------------------+-----------+--------------+
    | ID                               | Region    | Service Name |
    +----------------------------------+-----------+--------------+
    | 16526452effd467a915155ceccf79dae | RegionOne | placement    |
    | 21bf826a62a14456a61bd8f39648e849 | RegionOne | keystone     |
    | 9cb1956999c54001a39d11ea14e037a1 | RegionOne | nova         |
    | bdeec4e2665d4605bb89e16a8b1bc50d | RegionOne | glance       |
    | ced05a1c03ab44caa1a351ace95429e6 | RegionOne | neutron      |
    | e79e3113ea544d039b3a6378e60bdf3f | RegionOne | nova         |
    | f91ee44123954b6c82162dcd2d4fc965 | RegionOne | designate    |
    +----------------------------------+-----------+--------------+

  4. Create the PTR record by using the openstack ptr record set command and specifying these required arguments:

    <floating_IP_ID>
    the floating IP ID in the format: <region_name>:<floating_IP_ID>.
    <ptrd_name>

    the target, the domain name, that should be returned when a reverse lookup is performed.

    Example

    $ openstack ptr record set RegionOne:5c02c519-4928-4a38-bd10-c748c200912f ftp.example.com.

    Sample output

    +-------------+------------------------------------------------+
    | Field       | Value                                          |
    +-------------+------------------------------------------------+
    | action      | CREATE                                         |
    | address     | 192.0.2.11                                     |
    | description | None                                           |
    | id          | RegionOne:5c02c519-4928-4a38-bd10-c748c200912f |
    | ptrdname    | ftp.example.com.                               |
    | status      | PENDING                                        |
    | ttl         | 3600                                           |
    +-------------+------------------------------------------------+

Verification

  • Perform a reverse lookup to confirm that the floating IP address (192.0.2.11) is mapped to the domain name (ftp.example.com).

    Example

    In this example, 203.0.113.5 is one of the DNS servers in the deployment:

    $ dig @203.0.113.5 -x 192.0.2.11 +short

    Sample output

    ftp.example.com.

Additional resources

  • ptr record set in the Command line interface reference
  • dig command man page.

9.6. Unsetting PTR records for floating IP addresses

In the Red Hat OpenStack Platform (RHOSP) DNS service (designate) you can remove PTR records associated with floating IP addresses.

Prerequisites

  • A PTR record for a floating IP.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Determine the ID of the floating IP address for which you want to delete a PTR record. You need this information in a later step.

    $ openstack floating ip list -c ID -c "Floating IP Address"

    Sample output

    +--------------------------------------+---------------------+
    | ID                                   | Floating IP Address |
    +--------------------------------------+---------------------+
    | 5c02c519-4928-4a38-bd10-c748c200912f | 192.0.2.11          |
    | 89532684-13e1-4af3-bd79-f434c9920cc3 | 192.0.2.12          |
    | ea3ebc6d-a146-47cd-aaa8-35f06e1e8c3d | 192.0.2.13          |
    +--------------------------------------+---------------------+

  3. Determine the name of your RHOSP region. You need this information in a later step.

    $ openstack endpoint list -c ID -c Region -c "Service Name"

    Sample output

    +----------------------------------+-----------+--------------+
    | ID                               | Region    | Service Name |
    +----------------------------------+-----------+--------------+
    | 16526452effd467a915155ceccf79dae | RegionOne | placement    |
    | 21bf826a62a14456a61bd8f39648e849 | RegionOne | keystone     |
    | 9cb1956999c54001a39d11ea14e037a1 | RegionOne | nova         |
    | bdeec4e2665d4605bb89e16a8b1bc50d | RegionOne | glance       |
    | ced05a1c03ab44caa1a351ace95429e6 | RegionOne | neutron      |
    | e79e3113ea544d039b3a6378e60bdf3f | RegionOne | nova         |
    | f91ee44123954b6c82162dcd2d4fc965 | RegionOne | designate    |
    +----------------------------------+-----------+--------------+

  4. Delete the PTR record by using the openstack ptr record unset command and specifying these required arguments:

    <floating_IP_ID>

    the floating IP ID in the format: <region>:<floating_IP_ID>.

    Example

    $ openstack ptr record unset RegionOne:5c02c519-4928-4a38-bd10-c748c200912f

Verification

  • Confirm that you removed the PTR record.

    $ openstack ptr record list

Additional resources