Loading...

XML

Word

Printable

Type: Spike
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: octavia-operator
Labels:
None

Story Points:
2
Epic Link:
OSPNET-1155
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
Feature Link:
OSPRH-4410 - Designate support for RHOSO (Target 18.0 FR1)
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

Original story points:
2
Sprint:
VANS-001
Planning Target:

2023Q3
Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The designate services communicate with the bind9 instances two ways: rndc calls from the producer and zone transfers with the miniDNS server. Should we simply use the designate network attachment for this for the managed bind configuration? This would make the miniDNS only listen on that network, securing it from outside access. We can also configure the DNS servers ACLs to allow access by CIDR instead of individual IPs for this kind of access.

is related to

OSPRH-8109 Generate basic backend related configurations for relevant designate services

Refinement

relates to

OSPRH-411 Designate miniDNS and bind9 addressing

Backlog

Assignee:: Brent Eagles

Reporter:: Brent Eagles

Team:: rhos-dfg-networking-squad-vans

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/06/28 3:27 PM

Updated:: 2024/07/02 1:39 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

PagerDuty