Exposing Mesos Zones Outside

Exposing Mesos zones outside of DC/OS

There are cases where you may want to have services outside of DC/OS that use DNS records inside of the DC/OS cluster. However, the .mesos domain name that DC/OS uses to expose records does not support this. To enable this capability, you can put a BIND server in front of your cluster.

Each DC/OS cluster has a unique cryptographic identifier. The zbase32 encoded version of the identifier can be found in the UI under Cluster > Overview.

In the following example, the cryptographic cluster ID yor6tqhiag39y6cjkdd4w9uzo45qhku6ra8hl7hpr6d9ukjaz3jo is used.

  1. Install a BIND server in front of your cluster.

  2. Create a forwarding entry for your DC/OS master that resembles this.

    1. zone "yor6tqhiag39y6cjkdd4w9uzo45qhku6ra8hl7hpr6d9ukjaz3jo.dcos.directory" {
    2.         type forward;
    3.         forward only;
    4.         forwarders { 10.0.4.173; };  // <Master-IP-1;Master-IP-2;Master-IP-3>
    5. };

  3. Replace the master IP (<Master-IP>) with a semicolon-separated list of your own master IPs.

  4. Replace the example cryptographic cluster ID with your own.

Making a zone

Now you can create the zone that you would like to alias to this. You can also skip this step and use an existing zone.

  1. Create a zone entry in the named.conf file. For this example, contoso.com is used:

    1. zone "contoso.com" {
    2.         type master;
    3.         file "/etc/bind/db.contoso.com";
    4. };

  2. Populate the zone file:

    1. $TTL    604800
    2. @       IN      SOA     localhost. root.localhost. (
    3.                               1         ; Serial
    4.                               1         ; Refresh
    5.                               1         ; Retry
    6.                               1         ; Expire
    7.                               1 )       ; Negative Cache TTL
    8. ;
    9. @       IN      NS      localhost.
    10. @       IN      DNAME   mesos.yor6tqhiag39y6cjkdd4w9uzo45qhku6ra8hl7hpr6d9ukjaz3jo.dcos.directory.

Using an existing zone

  • To use an existing zone, add a DNAME record:

    1. @       IN      DNAME   mesos.yor6tqhiag39y6cjkdd4w9uzo45qhku6ra8hl7hpr6d9ukjaz3jo.dcos.directory.

    The @ aliases the top level of the zone, for example contoso.com.

  • To alias a high level domain, specify that value in the DNAME record. In this example, foo aliases foo.contoso.com:

    1. foo       IN      DNAME   mesos.yor6tqhiag39y6cjkdd4w9uzo45qhku6ra8hl7hpr6d9ukjaz3jo.dcos.directory.