On 09/05/2016 21:48, Mike Spreitzer wrote: > "Hayes, Graham" <graham.ha...@hpe.com> wrote on 05/09/2016 04:08:07 PM: > > > ... > > On 09/05/2016 20:55, Mike Spreitzer wrote: > > ... > > > Oh, right, the network gets to specify the rest of the FQDN. In my > case > > > I am interested in Neutron Ports on tenant networks. So with a > per-port > > > "hostname" (first label) and per-network "domain" (rest of the labels), > > > I would get separation between tenants --- at least in the sense that > > > there is no overlap in FQDNs. Will this work for private tenant > networks? > > > > Yes, you could publish the records to Designate for this, or using the > > internal dns resolution side of the integration. > > > > Pushing the records to designate would make them viewable globally > > (anywhere the DNS servers are accessible) > > > > > > > The other part of separation is that I do not want one tenant to > even be > > > able to look up FQDNs that belong to another tenant. Is this > > > prohibition possible today? If not, is anyone else interested in it? > > > > Do you want to limit this to inside the tenant private network? if so, > > just allowing users to set the dns_domain on a network, and not enabling > > the external DNS plugin will work fine. > > Ah, that may be what I want. BTW, I am not planning to use Nova. I am > planning to use Swarm and Kubernetes to create containers attached to > Neutron private tenant networks. What DNS server would I configure > those containers to use?
Not sure what happened with that last reply - it seems to have dropped my content. The DNSMasq instance running on the neutron network would have these records - they should be sent as part of the DHCP lease, so leaving the DNS set to automatic should pick them up. -- Graham > Thanks, > Mike > > > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
