Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-8113

Should we use the designate network attachment for service-mdns-bind9 communication

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • octavia-operator
    • None
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • OSPRH-4410 - Designate support for RHOSO Greenfield Deployment (Target 18.0 FR3)
    • ?
    • ?
    • 2
    • VANS-001
    • 2023Q3
    • Important

      The designate services communicate with the bind9 instances two ways: rndc calls from the producer and zone transfers with the miniDNS server. Should we simply use the designate network attachment for this for the managed bind configuration? This would  make the miniDNS only listen on that network, securing it from outside access. We can also configure the DNS servers ACLs to allow access by CIDR instead of individual IPs for this kind of access.

              rhn-engineering-beagles Brent Eagles
              rhn-engineering-beagles Brent Eagles
              rhos-dfg-networking-squad-vans
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: