[Dnsmasq-discuss] Dynamic address config?

Petr Menšík pemensik at redhat.com
Mon Nov 28 10:23:06 UTC 2022 

On 11/26/22 14:14, Feng Shao wrote:
> Thanks for the reply Petr.
> Let me explain more about the motivation: I am a developer and our 
> testers test the code on various environments, including VMs on cloud 
> and k8s worker nodes from cloud providers. These machines and IPs are 
> not provisioned/allocated by dnsmasq. For cost reason, these 
> environments only lives for a short period of time, like one week or 
> so, and testers provision these IPs directly without awareness of 
> network administrators, that’s also why we don’t configure hostname 
> for these machines in DNS system. Also I can not know in advance the 
> list of possible IPs.
I think the best place to find a solution would be on provisioning those 
VM. Understood, they are just temporary machines. But especially for 
those hostname assigned by DHCP server would make more sense to me. I 
work on DNS and dislike having to type full IPs. Dnsmasq is used in some 
cloud technologies also. Depends on the interface available for testers 
to start a new VM. I would expect readiness to auto-register a name 
instance to DNS on most common cloud interfaces.
>
> Whenever tester find some issue or need help, they give me the IP of 
> the environments and I need to ssh to that environment. Because I will 
> probably login to that same machine several times since the testers 
> are testing my code on that machine recently, I want to setup 
> passwordless login. So I  normally ssh-copy-id -i <~/.ssh/id_rsa.work 
> <http://id_rsa.work>> <IP>first, then ssh to that machine. In order to 
> instruct ssh to use my ssh key when connecting to that IP, I have 
> below lines in my .ssh/config:
>
> Host *.mylab
> User root
> IdentityFile ~/.ssh/id_rsa.wor <http://id_rsa.work/>k

Did you know you can use also multiple patterns in ssh_config? Like:

Host *.mylab 123.123.123.*
   User root
   IdentityFile ~/.ssh/id_rsa.wor <http://id_rsa.work/>k

My point is, I would understand if you had entries like:

address=/lab-123.mylab/123.123.123.123
address=/lab-124.mylab/123.123.123.124

dynamic-host should help with such setup as DHCP server, but won't work 
in your case.

But if you have full IP in the hostname, then what is the reason for a 
hostname anyway? It is not easier to remember or type. It is longer than 
just IP. And if you wanted to use IPv6, then similar solution would 
become too inefficient.

Take a look into --synth-domain option. It does format IPs a different 
way, but may provide very similar feature you are looking for. Should 
work for both IPv4 and IPv6.

>
> And lines like below in /etc/hosts:
> address=/123.123.123.123 
> <http://123.123.123.123>.mylab/123.123.123.123 <http://123.123.123.123/>
> address=/123.123.123.12 <http://123.123.123.123>4.mylab/123.123.123.12 
> <http://123.123.123.123/>4
>
> So that I can now “ssh 123.123.123.123.mylab”
>
> As you can see, the problem here is, whenever a new IP comes, I need 
> to add a new entry in /etc/hosts. So what I want is any <IP>.mylab is 
> resolved to <IP>.
>
> A key pair can be specified when creating VM on cloud, but I can not 
> ask every tester add my ssh key pair when creating VM.
>
>
> Petr Menšík <pemensik at redhat.com>于2022年11月25日 周五19:52写道:
>
>     Did you know that dnsmasq registers all hosts by their name, if
>     they send their own hostname when requesting DHCP from dnsmasq?
>     Just use domain=mylab and have that host send hostname. It would
>     make using names possible without any additional configuration.
>
>     I do not get what is the advantage of having IP suffixed by some
>     domain. It looks like IP address, but it is even longer. Names of
>     machines should be easy to remember or use, I doubt that would be
>     the case here.
>
>     I think we have new feature conf-script, which can generate
>     dnsmasq configuration on the output. But I doubt we have a
>     possible code for what you describe. Could you please describe
>     more about intended usage? Why isn't using just hostname for each
>     host enough? Using dhcp-host seems enough for similar uses.
>
>     I think DLZ plugins for BIND9 are able to do similar things to
>     your request, but that would be very heavy-weight solution. I
>     think more motivation for your current design should be shared,
>     because I do not understand advantage of your solution.
>
>     Cheers,
>     Petr
>
>     On 11/23/22 06:47, Feng Shao wrote:
>>     There are a bunch of machines in our lab, and we normally don't
>>     have DNS records configured for them, only accessing by IP. In
>>     order to ssh to them with key auth, I have a config in my
>>     .ssh/config like
>>
>>     Host *.mylab
>>     User root
>>     IdentityFile ~/.ssh/id_rsa.work <http://id_rsa.work/>
>>
>>     and I have some "address=/123.123.123.123
>>     <http://123.123.123.123>.mylab/123.123.123.123
>>     <http://123.123.123.123/>" line in dnsmasq.conf. The problem here
>>     is I need to add an entry whenever a new IP comes.
>>
>>     Can this configuration be dynamically? For example,
>>     "address=/*.mylab/somecmd %1", where "somecmd" is a external
>>     command and %1 will be replaced by the name in A/AAAA request. So
>>     that for any DNS request to *.mylab, dnsmasq invoke this external
>>     command and pass the name as argument, the output of external
>>     command, which will be interpreted as IPv4/IPv6 addr then
>>     responsed to client?
>
-- 
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221128/3e18af3d/attachment-0001.htm>

More information about the Dnsmasq-discuss mailing list