DNS servers should have NS and SOA records (#8047)

this is probably the more _exciting_ part of the issues outlined in
#6944. the changes here get us to the point that for both internal and
external DNS, we have:

* A/AAAA records for the DNS servers in the internal/external group
(named `ns1.<zone>`, `ns2.<zone>`, ...)
* NS records for those servers at the zone apex, one for each of the
`ns*.<zone>` described above
* an SOA record synthesized on-demand for the zone apex for each of
`oxide.internal` (for internal DNS) and `$delegated_domain` (for
external DNS)
* the SOA's serial is updated whenever the zone is changed. serial
numbers are effectively the DNS config generation, so they start from 1
and tick upward with each change. this is different from most SOA serial
schemes (in particular the ones that would use YYYYMMDDNN numbering
schemes) but so far as i can tell this is consistent with RFC 1035
requirements.

we do _not_ support zone transfers here. i believe the SOA record here
would be reasonable to guide zone transfers if we did, but obviously
that's not something i've tested.

### SOA fields

the SOA record's `RNAME` is hardcoded to `admin@<zone_name>`. this is
out of expediency to provide *something*, but it's probably wrong most
of the time. there's no way to get an MX record installed for
`<zone_name>` in the rack's external DNS servers, so barring DNS hijinks
in the deployed environment, this will be a dead address. problems here
are:

* we would want to take in an administrative email at rack setup time,
so that would be minor plumbing
* more importantly, what to backfill this with for deployed systems?

it seems like the best answer here is to allow configuration of the
rack's delegated domain and zone after initial setup, and being able to
update an administrative email would fit in pretty naturally there. but
we don't have that right now, so `admin@` it is. configuration of
external DNS is probably more important in the context of zone transfers
and permitting a list of remote addresses to whom we're willing to
permit zone transfers. so it feels like this is in the API's future at
some point.

## bonus

one minorly interesting observation along the way is that external DNS
servers in particular are reachable at a few addresses - whichever
public address they get in the rack's internal address range, and
whichever address they get in the external address range. the public
address is what's used for A/AAAA records. so, if you're looking around
from inside a DNS zone you can get odd-looking answers like:

```
# 172.30.1.5 is the internal address that an external DNS server is bound to.
# oxide.test is the delegated domain for this local Omicron deployment.
root@oxz_external_dns_68c5e255:~# dig +short ns2.oxide.test @172.30.1.5
192.168.0.161
root@oxz_external_dns_68c5e255:~# dig +short soa oxide.test @172.30.1.5
ns1.oxide.test. admin.oxide.test. 2 3600 600 18000 150
root@oxz_external_dns_68c5e255:~# dig +short ns oxide.test @172.30.1.5
ns1.oxide.test.
ns2.oxide.test.
# 192.168.0.160 is an external address for this same server.
# there are no records referencing 172.30.1.5 here.
root@oxz_external_dns_68c5e255:~# dig +short ns oxide.test @192.168.0.160
ns1.oxide.test.
ns2.oxide.test.
root@oxz_external_dns_68c5e255:~# dig +short ns1.oxide.test @192.168.0.160
192.168.0.160
```

Author: iximeow

Cargo.lock

@@ -31,6 +31,7 @@ pub type DnsError = crate::Error<crate::types::Error>;
 pub const ERROR_CODE_UPDATE_IN_PROGRESS: &'static str = "UpdateInProgress";
 pub const ERROR_CODE_BAD_UPDATE_GENERATION: &'static str =
     "BadUpdateGeneration";
+pub const ERROR_CODE_INCOMPATIBLE_RECORD: &'static str = "IncompatibleRecord";
 
 /// Returns whether an error from this client should be retried
 pub fn is_retryable(error: &DnsError) -> bool {

clients/dns-service-client/src/lib.rs

@@ -748,6 +748,10 @@ impl Generation {
         );
         Generation(next_gen)
     }
+
+    pub const fn as_u64(self) -> u64 {
+        self.0
+    }
 }
 
 impl<'de> Deserialize<'de> for Generation {

common/src/api/external/mod.rs

@@ -6645,7 +6645,7 @@ fn print_name(
     if records.len() == 1 {
         match &records[0] {
             DnsRecord::Srv(_) => (),
-            DnsRecord::Aaaa(_) | DnsRecord::A(_) => {
+            DnsRecord::Aaaa(_) | DnsRecord::A(_) | DnsRecord::Ns(_) => {
                 println!(
                     "{}  {:50} {}",
                     prefix,
@@ -6670,6 +6670,7 @@ fn format_record(record: &DnsRecord) -> impl Display {
         DnsRecord::Srv(Srv { port, target, .. }) => {
             format!("SRV  port {:5} {}", port, target)
         }
+        DnsRecord::Ns(ns) => format!("NS   {}", ns),
     }
 }
 

dev-tools/omdb/src/bin/omdb/db.rs

@@ -28,8 +28,10 @@ DNS zone:                   oxide-dev.test (External)
 requested version:          2 (created at <REDACTED_TIMESTAMP>)
 version created by Nexus:   ..........<REDACTED_UUID>...........
 version created because:    create silo: "test-suite-silo"
-changes:                    names added: 1, names removed: 0
+changes:                    names added: 3, names removed: 0
 
++  @                                                  NS   ns1.oxide-dev.test
++  ns1                                                AAAA ::1
 +  test-suite-silo.sys                                A    127.0.0.1
 ---------------------------------------------
 stderr:
@@ -42,6 +44,8 @@ termination: Exited(0)
 stdout:
 External zone: oxide-dev.test
   NAME                                               RECORDS
+  @                                                  NS   ns1.oxide-dev.test
+  ns1                                                AAAA ::1
   test-suite-silo.sys                                A    127.0.0.1
 ---------------------------------------------
 stderr:

dev-tools/omdb/tests/successes.out

@@ -441,6 +441,8 @@ enum BlueprintEditCommands {
     },
     /// expunge a zone
     ExpungeZone { zone_id: OmicronZoneUuid },
+    /// mark an expunged zone ready for cleanup
+    MarkForCleanup { zone_id: OmicronZoneUuid },
     /// configure an SP update
     SetSpUpdate {
         /// serial number to update
@@ -1123,6 +1125,13 @@ fn cmd_blueprint_edit(
                 .context("failed to expunge zone")?;
             format!("expunged zone {zone_id} from sled {sled_id}")
         }
+        BlueprintEditCommands::MarkForCleanup { zone_id } => {
+            let sled_id = sled_with_zone(&builder, &zone_id)?;
+            builder
+                .sled_mark_expunged_zone_ready_for_cleanup(sled_id, zone_id)
+                .context("failed to mark zone ready for cleanup")?;
+            format!("marked zone {zone_id} ready for cleanup")
+        }
         BlueprintEditCommands::SetSpUpdate {
             serial,
             artifact_hash,

dev-tools/reconfigurator-cli/src/lib.rs

@@ -0,0 +1,19 @@
+# This is a legacy test; new tests shouldn't need to set a seed
+
+load-example --seed test_expunge_newly_added_external_dns
+
+blueprint-show 3f00b694-1b16-4aaa-8f78-e6b3a527b434
+blueprint-edit 3f00b694-1b16-4aaa-8f78-e6b3a527b434 expunge-zone 9995de32-dd52-4eb1-b0eb-141eb84bc739
+
+# Diff DNS to see that the expunged zone is no longer has DNS records.
+blueprint-diff 3f00b694-1b16-4aaa-8f78-e6b3a527b434 366b0b68-d80e-4bc1-abd3-dc69837847e0
+
+blueprint-show 366b0b68-d80e-4bc1-abd3-dc69837847e0
+# blueprint-plan will place a new external DNS zone, diff DNS to see the new zone has `ns<N>` and NS records.
+blueprint-plan 366b0b68-d80e-4bc1-abd3-dc69837847e0
+blueprint-diff 366b0b68-d80e-4bc1-abd3-dc69837847e0 9c998c1d-1a7b-440a-ae0c-40f781dea6e2
+
+blueprint-show 9c998c1d-1a7b-440a-ae0c-40f781dea6e2
+# expunging the new zone should work, then diff again to see the new zone also have its DNS records removed.
+blueprint-edit 9c998c1d-1a7b-440a-ae0c-40f781dea6e2 expunge-zone d786ef4a-5acb-4f5d-a732-a00addf986b5
+blueprint-diff 9c998c1d-1a7b-440a-ae0c-40f781dea6e2 2ac8c740-444d-42ff-8d66-9812a7e51288

dev-tools/reconfigurator-cli/tests/input/cmds-expunge-newly-added-external-dns.txt

@@ -0,0 +1,17 @@
+load-example
+
+blueprint-show dbcbd3d6-41ff-48ae-ac0b-1becc9b2fd21
+# Expunge an internal DNS zone
+blueprint-edit dbcbd3d6-41ff-48ae-ac0b-1becc9b2fd21 expunge-zone 5a526763-1d2b-42a5-b2ef-42f58aa8cbfa
+# Diff against the new blueprint; the zone has been expunged so its records should be removed.
+blueprint-diff dbcbd3d6-41ff-48ae-ac0b-1becc9b2fd21 8da82a8e-bf97-4fbd-8ddd-9f6462732cf1
+
+# Mark the internal DNS zone ready for cleanup.
+# This approximates sled-agent performing an inventory collection and seeing the DNS zone has gone away.
+# This zone's records were removed in the expunge before, so there are no further DNS changes.
+blueprint-edit 8da82a8e-bf97-4fbd-8ddd-9f6462732cf1 mark-for-cleanup 5a526763-1d2b-42a5-b2ef-42f58aa8cbfa
+blueprint-diff 8da82a8e-bf97-4fbd-8ddd-9f6462732cf1 58d5e830-0884-47d8-a7cd-b2b3751adeb4
+
+# Planning a new blueprint will now replace the expunged zone, with new records for its replacement.
+blueprint-plan 58d5e830-0884-47d8-a7cd-b2b3751adeb4
+blueprint-diff 58d5e830-0884-47d8-a7cd-b2b3751adeb4 af934083-59b5-4bf6-8966-6fb5292c29e1