Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Apr 09 15:18
    jhg03a commented #1039
  • Apr 09 13:55
    remerle commented #1038
  • Apr 09 13:37
    remerle commented #1039
  • Apr 09 00:51
    jhg03a opened #1039
  • Apr 09 00:46
    jhg03a opened #1038
  • Mar 30 19:46

    pauljamescleary on gh-pages

    updated site updated site updated site and 9 more (compare)

  • Mar 30 19:37

    remerle on v0.9.9

    (compare)

  • Mar 30 19:34

    remerle on master

    Update version for v0.9.9 relea… (compare)

  • Mar 30 19:34
    remerle closed #1037
  • Mar 30 19:33
    remerle opened #1037
  • Mar 30 19:33

    remerle on remerle-update-version

    Update version for v0.9.9 relea… (compare)

  • Mar 04 13:10

    pauljamescleary on gh-pages

    updated site updated site updated site and 9 more (compare)

  • Mar 04 12:58

    pauljamescleary on master

    Drop warning for dotted hosts o… (compare)

  • Mar 04 12:58
    pauljamescleary closed #1036
  • Mar 04 12:58
    pauljamescleary closed #1034
  • Mar 03 21:35
    codecov[bot] commented #1036
  • Mar 03 21:27
    pauljamescleary commented #1036
  • Mar 03 21:27
    pauljamescleary closed #1035
  • Mar 03 21:26
    pauljamescleary opened #1036
  • Mar 03 19:16
    codecov[bot] commented #1035
David Carmean
@dlcarmean
have to think about tsig keys if doing that... they have a table with separate keys for axfr and update for each zone. it's optional; there can be a global key. but the 'domainmetadata' can be used for per-zone access control..
so for example for each new zone I'd create with their utility I have to run two more queries to add the appropriate key
I haven't checked the api for that
Paul Cleary
@pauljamescleary
nice, ok, maybe I can add non-terminal support in for new records, and then add create zone support for powerdns-http. There is more than "just" create zone support like incorporating it into batch, but step one shouldn't be too big
David Carmean
@dlcarmean
:thumbsup:
Paul Cleary
@pauljamescleary
heh, so their API allows creating tsig keys too
Paul Cleary
@pauljamescleary
Admittedly, I am a bit out of my element. Anything you discover would be helpful as far as create zone. Here is the create zone payload...

id (string) – Opaque zone id (string), assigned by the server, should not be interpreted by the application. Guaranteed to be safe for embedding in URLs.
name (string) – Name of the zone (e.g. “example.com.”) MUST have a trailing dot
type (string) – Set to “Zone”
url (string) – API endpoint for this zone
kind (string) – Zone kind, one of “Native”, “Master”, “Slave”
rrsets ([RRSet]) – RRSets in this zone (for zones/{zone_id} endpoint only; omitted during GET on the …/zones list endpoint)
serial (integer) – The SOA serial number
notified_serial (integer) – The SOA serial notifications have been sent out for
edited_serial (integer) – The SOA serial as seen in query responses. Calculated using the SOA-EDIT metadata, default-soa-edit and default-soa-edit-signed settings
masters ([string]) – List of IP addresses configured as a master for this zone (“Slave” type zones only)
dnssec (boolean) – Whether or not this zone is DNSSEC signed (inferred from presigned being true XOR presence of at least one cryptokey with active being true)
nsec3param (string) – The NSEC3PARAM record
nsec3narrow (boolean) – Whether or not the zone uses NSEC3 narrow
presigned (boolean) – Whether or not the zone is pre-signed
soa_edit (string) – The SOA-EDIT metadata item
soa_edit_api (string) – The SOA-EDIT-API metadata item
api_rectify (boolean) – Whether or not the zone will be rectified on data changes via the API
zone (string) – MAY contain a BIND-style zone file when creating a zone
account (string) – MAY be set. Its value is defined by local policy
nameservers ([string]) – MAY be sent in client bodies during creation, and MUST NOT be sent by the server. Simple list of strings of nameserver names, including the trailing dot. Not required for slave zones.
master_tsig_key_ids ([string]) – The id of the TSIG keys used for master operation in this zone
slave_tsig_key_ids ([string]) – The id of the TSIG keys used for slave operation in this zone
It would be pretty sweet if there were a "master" tsig key used for all zones on the same server, could be rotated or what not
David Carmean
@dlcarmean
there might be.
I can annotate that list and get back to you. The zone 'kind' refers to replication, where 'Native' is the back-end db native replication and the other two refer to the usual DNS AXFR roles
have a good evening...
Amey Bhide
@abhide
for SQS should the queue type be standard or FIFO? I see standard mentioned in the docs: https://www.vinyldns.io/operator/setup-sqs but in code its FIFO
looks like FIFO queues aren't supported
slandry90
@slandry90
@pauljamescleary do you have documentation on what metrics are posted from vinyldns and what they mean?
Paul Cleary
@pauljamescleary
@slandry90 not presently, although there are a lot. We export all metrics to prometheus and log the same to the log file (there isn't that much traffic typically so it isn't a ton of data). There are a lot of metrics though.
Anything in particular you are looking for?
we have error rate, latency, including count in several places. The web api, database calls, etc.
There is also a /health endpoint exposed for general system health
slandry90
@slandry90
Yea, I can see all of it and that quite a bit, was really just wondering if it was documented what was what
no problem though, we'll figure it out :)
Paul Cleary
@pauljamescleary
If you have anything in particular you are looking for let me know. To be honest the system has been running for years now and is super fast and stable. The metrics at one point helped us out but now we only pay attention to the health check which is rather robust
Not that that’s an excuse, but it is part of the reason we didn’t prioritize metrics
slandry90
@slandry90
Is the health check a page we can view? Not sure I remember seeing that in the docs either
Paul Cleary
@pauljamescleary
It is a simple Json check. Not authenticated on the api under /health
Paul Cleary
@pauljamescleary
Returns a 200; anything else indicates a problem
slandry90
@slandry90
+1 thanks
Paul Cleary
@pauljamescleary
fwiw, all API endpoints start with Endpoint
for metrics
All db calls start with repo for metrics
so for metrics, you will have Endpoint.createZone.latency and Endpoint.createZone.errorRate
Those all use standard codeahale / dropwizard metrics. Latency is a histogram, errorRate is a meter
There is more info on the metrics in general, but should give you a better idea of what each metric means
slandry90
@slandry90
@pauljamescleary do you have any examples of using the python package to create a multi value NS record in vinyldns? Can't seem to get the syntax right and can't find any usage examples
Paul Cleary
@pauljamescleary
What issue are you seeing?
Paul Cleary
@pauljamescleary
https://github.com/vinyldns/vinyldns-python/blob/0e49e2faf636ede752e7a8b3e8a3aa212b5b7150/tests/sampledata.py#L48 - shows creating an NS record, adding multiple records in the array should be fine
if you are using batch changes (dns requests) instead of creating the recordsets directly, this is an example in python of creating the batch change (you would need to replace AData with NSData) - https://github.com/vinyldns/vinyldns-python/blob/0e49e2faf636ede752e7a8b3e8a3aa212b5b7150/tests/test_batch_change.py#L70
batch changes are a little tricky, as you need multiple AddRecord, each with a single NSData
slandry90
@slandry90
That was helpful! I got the add working now.. for others reference this is my code block, (DEFAULT_NAMESERVERS is a list of ns strings)..
for record in DEFAULT_NAMESERVERS:
       record_list.append(NSData(record))
record_set = RecordSet(parent_zone_object.id, zone_name, RecordType.NS, 3600,records=record_list)
VINYLDNS_CLIENT.create_record_set(record_set)
Paul Cleary
@pauljamescleary
Nice!
slandry90
@slandry90
Ok, next question, how do I go about deleting a record when I only have the record name?
slandry90
@slandry90
@pauljamescleary I was thinking about using the search function for python but it doesn't exist in the release of vinyldns-python
Paul Cleary
@pauljamescleary
Right, general search hasn't been moved to all the clients yet. If you are interested, feel free to open an issue there or even a PR
For delete recordset, you can get the record set to get the ID and then issue the delete https://github.com/vinyldns/vinyldns-python/blob/0e49e2faf636ede752e7a8b3e8a3aa212b5b7150/src/vinyldns/client.py#L505
Paul Cleary
@pauljamescleary
deleting a record set by FQDN+RRType should be low-hanging fruit but is not there yet
slandry90
@slandry90
Thank Paul, I got it sorted by using the list function and filtering by the record name to get a record set list.
Paul Cleary
@pauljamescleary
tbh there is now FQDN in the database, so adding an endpoint like DELETE /recordsets/<typ>/<name> or something like that