Bug 2220930 - Designate DNS - enabling "DesignateBindQueryLogging" is not followed by designate_backend_bind9 restart [NEEDINFO]
Summary: Designate DNS - enabling "DesignateBindQueryLogging" is not followed by desig...
Keywords:
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-designate
Version: 17.1 (Wallaby)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z2
: 17.1
Assignee: Brent Eagles
QA Contact: Bruna Bonguardo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-06 14:45 UTC by Arkady Shtempler
Modified: 2023-08-11 13:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
ifrangs: needinfo? (beagles)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 887855 0 None NEW Fix typo in designate bind's logging.conf 2023-07-11 12:14:27 UTC
OpenStack gerrit 888300 0 None NEW Designate: add extra bind IPs to the allow notify list 2023-07-12 17:40:29 UTC
Red Hat Issue Tracker OSP-26375 0 None None None 2023-07-06 14:46:19 UTC

Description Arkady Shtempler 2023-07-06 14:45:36 UTC 
Scenario: 

### Configuration part ###
Enable DesignateBindQueryLogging
1) Create logging.yaml with:
parameter_defaults:
    DesignateBindQueryLogging: True
2) Add logging.yaml into the overcloud_deploy.sh script ... -e /home/stack/logging.yaml \ ...  
3) Update OC with: . stackrc ./overcloud_deploy.sh

Make sure 
1) OC is successfully deployed 
2) SSH To Controller and make sure you see:querylog True; in
/var/lib/config-data/ansible-generated/designate/etc/named/options.conf

### Functionality part ###
Create a zone:
openstack zone create --email stam example2.com.
Create A type recordset for previously created zone with:
openstack recordset create example2.com. --type A --record 192.0.2.21 --ttl 1000  --description example2_recordset_a support
From your Undercloud host connect to all Controllers and detect the BIND9 IP using: sudo netstat -antp | grep ":53" | grep named
Note: the above command is used to detect TCP only BIND. (-t)


Monitor Bind's logs whilr digging Bind
SSH to one of the Controllers and start:
cd /var/log/containers/designate-bind
tail -f *
From the Undercloud host execute:
dig @10.0.0.108 -p 53 +noall +answer +multiline example2.com. NS +short
dig @10.0.0.108 -p 53 +noall +answer +multiline example2.com. SOA +short
dig @10.0.0.108 -p 53 +noall +answer +multiline support.example2.com. A +short

Expected result:
You should see quary messages like this one:
"24-Mar-2022 15:52:00.178 queries: info: client @0x7f34380446a0
    10.155.105.100#54387 (www.akamai.com): query: www.akamai.com IN A +"
logged.
Note You need to log in before you can comment on or make changes to this bug.