[SOLVED] VNETs, phpIPAM and PowerDNS - errors about DNS zones creating subnet

[kmorwath]

I'm trying to understand how to use an external IPAM and DNS integration, to assign IPs to VMs and have them registered in the DNS. I'm trying phpIPAM because Netbox looks to be a far larger and more complex solution. Uisng Proxmox 8.3.3.

I have installed PowerDNS 4.9.3 and phpIPAM 1.7.3, the latest stable available. Both configured to use a MySQL backend. I have also integrated phpIPAM itself with PowerDNS, and the integration looks to work - when I create a domain in phpIPAM it does appear in PowerDNS.

I have created a Zone (VLAN type), and assigned to it the phpIPAM server, and the PowerDNS server for both the forward and reverse DNS zones, and assigned a domain (test.internal) to it. The domain is already created in phpIPAM/PowerDNS.

Next, I create a VNET in such zone, and then tried to create a subnet (using the CGNAT subnet 100.64.0.0/10) and a range within it. This lead to errors. The subnet is actually created in phpIPAM, but the creation returns errors it can't find the forward or reverse zones (i.e. "test.internal", or "0.64.100.in-addr.arpa").

create sdn subnet object failed: can't read zone test.internal: Invalid response from server: 404 Not Found (500)

Maybe Proxomox handles itself both phpIMAP and PowerDNS, thereby I should remove their direct integration? It's not clear from the documenation. Also, since these operations are managed at the clusert levels, in which logs can I find more details about the encountered errors?

 

[kmorwath]

I investigated through curl and it looks the PowerDNS API doesn't return zones created in PowerDNS itself, so it's not a Proxmox issue - altough maybe a more helpful error message could be returned:

sysadmin@daedalus:~$ sudo -u pdns pdnsutil create-zone test.internal

Jan 29 13:50:37 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed

Creating empty zone 'test.internal'


[Other zones settings...]


sysadmin@daedalus:~$ sudo -u pdns pdnsutil list-zone test.internal

Jan 29 13:56:16 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed

$ORIGIN .

test.internal    3600    IN      NS      ns1.test.internal.

cyberrange.internal     3600    IN      SOA     ns1.test.internal mail.test.internal 2 10800 3600 604800 3600

ns1.test.internal 3600    IN      A       1.2.3.4


sysadmin@daedalus:~$ sudo -u pdns pdnsutil show-zone test.internal 

Jan 29 13:56:26 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed

This is a Master zone

Last SOA serial number we notified: 0 != 2 (serial in the database)

Zone is not actively secured

Metadata items: None

No keys for zone 'test.internal '.

But, from one of the Proxmox nodes:

root@sphinx:~# curl -v -H 'X-API-Key: <redacted>' http://daedalus.olympos.lan:8081/api/v1/servers/localhost/zones | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.168.10.27:8081...

* Connected to daedalus.olympos.lan (192.168.10.27) port 8081 (#0)

> GET /api/v1/servers/localhost/zones HTTP/1.1

> Host: daedalus.olympos.lan:8081

> User-Agent: curl/7.88.1

> Accept: */*

> X-API-Key: <redacted>

>

< HTTP/1.1 200 OK

< Access-Control-Allow-Origin: *

< Connection: close

< Content-Length: 2

< Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'

< Content-Type: application/json

< X-Content-Type-Options: nosniff

< X-Frame-Options: deny

< X-Permitted-Cross-Domain-Policies: none

< X-Xss-Protection: 1; mode=block

<

{ [2 bytes data]

100     2  100     2    0     0    308      0 --:--:-- --:--:-- --:--:--   333

* Closing connection 0

[]

 

[kmorwath]

Setting PowerDNS server to "Primary" resolved the issue. It has to explictly set as such in the pnds.conf file, by default it is not a primary server.