Check out the dns repo on lockbox01:
git clone /git/dns
and look at the master/126.5.10.in-addr.arpa and master/phx2.fedoraproject.org zones. These are forward and reverse dns for our internal phx2 datacenter network.
There may well be old hosts that were not properly removed from these zones. Or there might be things where forward and reverse don't match up.
Check that all entries that exist in the two zone files answer pings and list here those that do not.
Check forward and reverse match up. List all those here that don't.
Once those are found, we can either remove them or fix the hosts to respond or fix the entries to match.
python script to check reverse dns entries rev_dns_check.py
Moving all currently open easyfix tickets to the HANDYWAVY-FUTURE milestone.
I'm clearing the assigned status on all easyfix tickets.
If you are an apprentice actively working on this ticket, feel free to reassign to yourself. Otherwise let a new apprentice have a look.
Assign to me, will look @ friday evening/weekend :).
I have worked on my script again today. It now can check that reverse and forward dns entries match.
There are: (forward host -> ip address -> reverse record) autoqa01.phx2.fedoraproject.org. -> 10.5.126.48 -> notifs-web01.stg.phx2.fedoraproject.org. insight01.phx2.fedoraproject.org. -> 10.5.126.75 -> notifs-backend01.stg.phx2.fedoraproject.org. rack51-bc01-sw1.phx2.fedoraproject.org. -> 10.5.126.136 -> rack52-bc01-sw1.phx2.fedoraproject.org. temp-install02.phx2.fedoraproject.org. -> 10.5.126.167 -> unused. insight01.stg.phx2.fedoraproject.org. -> 10.5.126.74 -> datagrepper02.stg.phx2.fedoraproject.org. dl.phx2.fedoraproject.org. -> 10.5.126.97 -> download05.phx2.fedoraproject.org. rack51-bc01-sw2.phx2.fedoraproject.org. -> 10.5.126.137 -> rack52-bc01-sw2.phx2.fedoraproject.org. app07.phx2.fedoraproject.org. -> 10.5.126.37 -> mailman02.phx2.fedoraproject.org. virthost08-mgmt.phx2.fedoraproject.org. -> 10.5.126.208 -> virhost08-mgmt.phx2.fedoraproject.org. fas-all.stg.phx2.fedoraproject.org. -> 10.5.126.86 -> fas01.stg.phx2.fedoraproject.org. fas-all.phx2.fedoraproject.org. -> 10.5.126.25 -> fas01.phx2.fedoraproject.org. * fedora-desktop01.phx2.fedoraproject.org. -> 10.5.126.110 -> bodhi01.phx2.fedoraproject.org.
version that is capable of checking dns and pinging rev_dns_check.2.py
Excellent. ;)
So, I fixed these all except for:
dl is supposed to be a duplicate A record for download servers.
fas-all is supposed to be pointing to fas01
You want to run against the 10.5.124 and 10.5.125 and 10.5.127 nets? I can look at checking in your script to ansible in the scripts repo, or we could make it available on lockbox01.
I'll run it against the other subnets, do they all use the same forward zone file?
As for checking it into ansible, I'll look into making it more robust and try to remove some of the hard coded values at the top of the script.
Yeah, 10.5.125, 126, 127 all use phx2.fedoraproject.org zone for forward. 10.5.124.x uses qa.fedoraproject.org zone.
Sounds great.
Thanks for working on this!
I've modified the script to not use hard coded values for the reverse and forward look up but rather work it out from the file names. This means I can pass all the reverse DNS records at the same time to the script.
cleaner version of my dns check script :) dns_check_script.py
ok. I cleaned up a number of these... there's a few that are correct/intended tho.
Want to do one more run? We could try and clean up those last ones so it doesn't output anything if it's all right. Then we could perhaps add it to the dns repo to run on every commit?
Patched the script a bit so that it only outputs on errors. Did a git pull and checked it on the repo, there are a few more errors.
I enabled the ping check (but this does increase the scripts running time significantly and got a lot of 256 return codes from ping, although I must admit I'm not sure that this is (yet).
I will attach both the script and the output, as they're a bit big to put in a comment.
Turns out error 256 is "Your a muppet and forgot your storing a named namedtuple in the list rather than just the hostname now".
I'm just rerunning the script and will reupload the output once it's complete.
DNS check script 3rd Aug 2014 (fixed) dns_check_script_3aug2014.py
DNS check script output 3rd Aug 2014 (fixed) dns_check_output.txt
this has been pushed to the [http://infrastructure.fedoraproject.org/cgit/ansible.git/diff/roles/ansible-server?id=3d4366ea58d6356213ec9547816d074a82cfd200&id2=475bb3949e70ea5171b24d2a09de7f40c0021458 ansible repo].
Login to comment on this ticket.