Table of Contents
————————————————————————-
DNS (Designate) is one of the well known open source services in OpenStack. This project offers DNS as a Service also known as DNSaaS and also offers common, open API for programming DNS.
Same as all the OpenStack APIs, the Designate is proposed by and combines with the authorization method of Keystone authentication. The third party DNS providers like PowerDNS, Infoblox, etc. supply power to the API. The multicast DNS also referred to as mDNS, which have batteries included, are implemented by OpenStack.
There are many benefits of incorporating DNS Designate into your cloud:
It is possible for you to install Designate inside your configuration in addition to the several other OpenStack Services, and you can also set it up in such a way that its configuration will use your own DNS backend. Designate supports users in creating their personal DNS records at the same time makes it sure that these DNS records will not collapse with each other or run into each other.
There is a networking service in OpenStack known as Neutron, with which DNS Designate can integrate very well. Inside a DNS Designate, it is possible for a user to allocate DNS names to distinct dynamic IPs which are developed inside Neutron and then these dynamic IPs can be connected with any event. At the same time, it is possible to assign those DNS names or domain names to the various networks inside the Neutron, thereby all the actions taking place on the specific network can use the subdomains for directing/addressing. In other words, we can say that the entire virtual machines which are linked to that network will get a distinct DNS name on the basis of the domain name which has been allocated previously to that network.
The Managed OpenStack of the Platform9 includes various services and Designate is one of those services. In this case, users of the Platform9 just only set up their DNS backend and then link it to the DNS API of the Platform9. Simply a onetime setup is performed by the administrators for connecting their DNS to the OpenStack of platform9 and it can also encourage their development teams to use it instantly. Then the Platform9 manages the upgrades and scrutinizing of the OpenStack services. As a result of this preplanning, a DNS name or domain becomes as easy as preplanning a work share network with the help of Neutron along with OpenStack Platform9.
As discussed earlier, DNS Designate is a multi-project DNS-as-a-Service which involves a REST API for management of domain and record, it is also a framework for integrating with Neutron.
In this section, we are going to explain how to install and configure the current version of Designate service on CentOS or on Red Hat Enterprise Linux7. But it is also possible to use the same process of configuration on other types of distributions.
Note:
We have Ansible roles for bind and Designate which shows the setup in our GitHub repository. This setup assumes that bind is an external service on the controller node of the OpenStack, still, if you want, you can locally install bind.
# yum install openstack-designate-* bind bind-utils -y
MariaDB
[(none)]> CREATE DATABASE designate CHARACTER SET utf8 COLLATE
utf8_general_ci;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO \
‘designate’@’localhost’ IDENTIFIED BY ‘rhlab123’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO ‘designate’@’%’ \
IDENTIFIED BY ‘rhlab123’;
Important Note:
For the RNDC or Remote Name Daemon Control to work appropriately, it is important to install Bind packages on the controller side.
rndc-confgen
-a -k designate -c /etc/rndc.key -r /dev/urandom
cat <<EOF> etcrndc.conf
include “/etc/rndc.key”;
options {
default-key “designate”;
default-server {{ DNS_SERVER_IP }};
default-port 953;
};
EOF
include “/etc/rndc.key”; controls { inet {{ DNS_SERVER_IP }} allow { localhost;{{ CONTROLLER_SERVER_IP }}; } keys { “designate”; }; };
In the option section, add:
options
{
…
allow-new-zones yes;
request-ixfr no;
listen-on port 53 { any; };
recursion no;
allow-query { 127.0.0.1; {{ CONTROLLER_SERVER_IP }}; };
};
chown
named:named /etc/rndc.key
chown named:named /etc/rndc.conf
chmod 600 /etc/rndc.key
chown -v root:named /etc/named.conf
chmod g+w /var/named
# systemctl restart named
# setsebool named_write_master_zones 1
# scp -r /etc/rndc* {{ CONTROLLER_SERVER_IP }}:/etc/
Enter:
#
openstack user create –domain default –password-prompt designate
# openstack role add –project services –user designate admin
# openstack service create –name designate –description “DNS” dns
# openstack endpoint create –region RegionOne dns public http://{{
CONTROLLER_SERVER_IP }}:9001/
# openstack endpoint create –region RegionOne dns internal http://{{
CONTROLLER_SERVER_IP }}:9001/
# openstack endpoint create –region RegionOne dns admin http://{{
CONTROLLER_SERVER_IP }}:9001/
Also read,
Configure Designate service:
Modify/edit /etc/designate/designate.conf as follows:
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
api_base_uri = http://{{ CONTROLLER_SERVER_IP }}:9001/
enable_api_v2 = True
enabled_extensions_v2 = quotas, reports
[keystone_authtoken]
auth_type = password
username = designate
password = rhlab123
project_name = service
project_domain_name = Default
user_domain_name = Default
www_authenticate_uri = http://{{ CONTROLLER_SERVER_IP }}:5000/
auth_url = http://{{ CONTROLLER_SERVER_IP }}:5000/
enabled
= True
notify = True
[storage:sqlalchemy]
connection = mysql+pymysql://designate:rhlab123@{{ CONTROLLER_SERVER_IP
}}/designate
# su -s /bin/sh -c “designate-manage database sync” designate
Edit /etc/designate/pools.yaml:
– name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designated, that
# points to the public IP of the controller node.
ns_records:
– hostname: {{Controller_FQDN}}. # This is mDNS
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
– host: {{ DNS_SERVER_IP }}
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run an rndc command on each server
targets:
– type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
– host: {{ CONTROLLER_SERVER_IP }}
port: 5354
# BIND Configuration options
options:
host: {{ DNS_SERVER_IP }}
port: 53
rndc_host: {{ DNS_SERVER_IP }}
rndc_port: 953
rndc_key_file: /etc/rndc.key
rndc_config_file: /etc/rndc.conf
– Again populate the pools of Designate as follows:
su -s /bin/sh -c “designate-manage pool update” designate
systemctl enable –now designate-central designate-api
# openstack dns service list
+————–+——–+——-+————–+
| service_name | status | stats | capabilities |
+————–+——–+——-+————–+
| central | UP | – | – |
| api | UP | – | – |
| mdns | UP | – | – |
| worker | UP | – | – |
| producer | UP | – | – |
+————–+——–+——-+————–+
Configure OpenStack Neutron with external DNS
#
iptables -I INPUT -p tcp -m multiport –dports 9001 -m comment –comment
“designate incoming” -j ACCEPT
# iptables -I INPUT -p tcp -m multiport –dports 5354 -m comment –comment
“Designate mdns incoming” -j ACCEPT
# iptables -I INPUT -p tcp -m multiport –dports 53 -m comment –comment
“bind incoming” -j ACCEPT
# iptables -I INPUT -p udp -m multiport –dports 53 -m comment –comment
“bind/powerdns incoming” -j ACCEPT
# iptables -I INPUT -p tcp -m multiport –dports 953 -m comment –comment
“rndc incoming – bind only” -j ACCEPT
# service iptables save; service iptables restart
# setsebool named_write_master_zones 1
external_dns_driver = designate
[designate]
url = http://{{ CONTROLLER_SERVER_IP }}:9001/v2 ## This end point of
designate
auth_type = password
auth_url = http://{{ CONTROLLER_SERVER_IP }}:5000
username = designate
password = rhlab123
project_name = services
project_domain_name = Default
user_domain_name = Default
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116
dns_domain
= rhlab.dev.
# systemctl restart neutron-*
extension_drivers=port_security,qos,dns
# openstack zone create –email=admin@rhlab.dev rhlab.dev.
# openstack recordset create –record ‘192.168.1.230’ –type A rhlab.dev. Test
Now the Designate must be installed and configured.
Summary:
Today we have tried to get the information about a new component of OpenStack i.e. DNS (Designate) and how does Designate works as SaaS using Platform9 and how to install and configure DNS-as-a-service with OpenStack Designate. I think you find this information helpful. Thank you for reading the blog and if you have any queries related to today’s topic, please do not hesitate to ask in the comment section below. If you want to suggest anything, you are always welcome! Please leave a comment in the comment section below. See you soon with another interesting blog!
Due to growing digitalization, Email Communication has become the backbone of professional interactions. Yet, surprisingly, many professionals struggle to craft…
As the digital landscape continues to evolve, securing your website has never been more crucial. SSL, or Secure Sockets Layer,…
As a web designer and web developer your experience must have reached to new height, right? Further, you need to…
In today's digital landscape, timing is everything. Whether you're a social media manager, business owner, or content creator, the success…
Are you a website owner? Maintaining the website is the prime concern for any website owner. Yes, it’s equally important…