# Working with Designate The OpenStack Designate project is the DNS-as-a-Service (DNSaaS) component offered by OpenStack. Designate integrates with DNS servers such as BIND9, PowerDNS, Infoblox in order to provide management of DNS information via REST APIs which are secured by Keystone authentication. Let us walk through the process of enabling and configuring Designate within a Platform9 Managed OpenStack environment. ### Prerequisites 1. You must have administrative access to a Platform9-managed OpenStack (KVM) environment. 2. You must have access and required privileges to operate a [Supported](https://docs.openstack.org/designate/newton/support-matrix.html) Designate DNS backend. {% hint style="info" %} **Note** Designate is an optional infrastructure feature which is not enabled by default within Platform9 environments. Please contact [Platform9 support](http://support.pf9.io/) if you would like to enable Designate within your environment. {% endhint %} ## Configuring OpenStack Designate You may configure OpenStack Designate within your Managed OpenStack by completing the following steps. ### Step 1: Authorize host with DNS role In order to integrate Designate with your DNS infrastructure, you must first configure an on-premises compute node to run the Designate software (*designate-mdns* and *designate-worker*). 1. Log in to Platform9 as an administrator. 2. Click Infrastructure. 3. Select a compute node on which to install Designate. Click Configure Host > DNS > Make this host a Designate node. 4. Click Update Designate details. Designate will now be installed on the selected compute node. ### Step 2: Configure Designate backends After authorizing a Designate host in your environment, you must then configure Designate to interface with one or more DNS servers by modifying Designate's Pools configuration file, **pools.yaml**. 1. Login to the compute node running Designate. 2. Create the directory **/etc/designate/**. 3. Create and edit **/etc/designate/pools.yaml**. A sample **pools.yaml** configuration which integrates with BIND9 is shown below. {% tabs %} {% tab title="Bash" %} ```bash --- - name: default # The name is immutable. There will be no option to change the name after # creation and the only way will to change it will be to delete it # (and all zones associated with it) and recreate it. description: Default BIND9 DNS Pool # Attributes are key:value pairs that describe the pool. for example the # level of service (i.e. service_tier:GOLD), capabilities (i.e. anycast: # true) or other metadata. Users may use this information to point their # zones to the correct pool attributes: {} # List the NS records to be used for zones hosted within this pool. ns_records: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 # List the nameservers for this pool. These are the secondary nameservers. # We use these to verify changes have propagated to all nameservers. nameservers: - host: 192.0.2.2 port: 53 - host: 192.0.2.3 port: 53 # List the targets for this pool. For BIND there will be one # entry for each authoritative server which will be used to push changes # to the servers. targets: - type: bind9 description: BIND9 Server 1 # List the designate-mdns servers from which BIND servers should # request zone transfers (AXFRs) from. # This should be the IP of the Designate controller node. # If you have multiple controllers you may add multiple masters # by running designate-mdns on them, and adding them here. masters: - host: 203.0.113.10 port: 5354 # BIND Configuration options. # This information will be used to remotely configure the authoritative BIND # nameserver via RNDC. options: host: 203.0.113.10 port: 53 rndc_host: 203.0.113.10 rndc_port: 953 rndc_key_file: /etc/bind/rndc.key # Optional list of additional IP/Port's for which designate-mdns will send # DNS NOTIFY packets to #also_notifies: # - host: 203.0.113.55 # port: 53 ``` {% endtab %} {% endtabs %} After saving this file, update Designate's pool configuration with these changes using the *designate-manage* utility. {% tabs %} {% tab title="Bash" %} ```bash designate-manage pool update ``` {% endtab %} {% endtabs %} ## Verifying Designate integration Once you have configured Designate, verify that it has been properly configured and you are able to successfully provision DNS zones and DNS records. {% hint style="info" %} **Note** The following steps require a workstation with the [OpenStack CLI](https://docs.platform9.com/managed-openstack/5.8/cli-access/cli-access-cli-overview) tools installed. {% endhint %} ### Step 1: Create DNS zone In order to test proper integration of Designate with the authoritative name server, let us create an example DNS zone called **corp.example.org.** {% tabs %} {% tab title="Bash" %} ```bash $ openstack zone create --email admin@example.org corp.example.org. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | CREATE | | attributes | | | created_at | 2017-11-14T05:53:44.000000 | | description | None | | email | admin@example.org | | id | 243c9415-c0a9-4271-865d-008cd47ce02c | | masters | | | name | corp.example.org. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 5b9f80bc8c0c4944a6243d37ab18f1d6 | | serial | 1510638823 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+--------------------------------------+ ``` {% endtab %} {% endtabs %} If Designate is properly configured, the zone status should transition to 'ACTIVE' state. {% tabs %} {% tab title="Bash" %} ```bash $ openstack zone show corp.example.org. -c name -c status +--------+-------------------+ | Field | Value | +--------+-------------------+ | name | corp.example.org. | | status | ACTIVE | +--------+-------------------+ ``` {% endtab %} {% endtabs %} ### Step 2: Create DNS record Let us create a DNS 'A' record for [**www.corp.example.org**](http://www.corp.example.org) that points to **198.51.100.10**. {% tabs %} {% tab title="Bash" %} ```bash $ openstack recordset create corp.example.org. www --type A --records '198.51.100.10' +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2017-11-14T05:58:16.000000 | | description | None | | id | 56bfe172-a220-4527-bfbc-5a1a8d7c701d | | name | www.corp.example.org. | | project_id | 5b9f80bc8c0c4944a6243d37ab18f1d6 | | records | 198.51.100.10 | | status | PENDING | | ttl | None | | type | A | | updated_at | None | | version | 1 | | zone_id | 243c9415-c0a9-4271-865d-008cd47ce02c | | zone_name | corp.example.org. | +-------------+--------------------------------------+ ``` {% endtab %} {% endtabs %} ### Step 3: Verify record existence Finally, let us verify our DNS record was successfully created. {% tabs %} {% tab title="Bash" %} ```bash $ dig www.corp.example.org +short 198.51.100.10 ``` {% endtab %} {% endtabs %} The process of configuring OpenStack Designate for your Platform9 Managed OpenStack Cloud is now complete. For more information on using and configuring Designate, refer to the OpenStack Designate official [documentation](https://docs.openstack.org/designate/latest/).