# DNS as a Service (DNSaaS)
DNS as a Service (DNSaaS) in space.vars.product\_name is a multi-tenant DNS management service that provides automated DNS management using open source Designate. This service integrates with space.vars.product\_name Identity service for user role authentication, and enables automatic DNS record generation based on space.vars.product\_acronym Compute and Networking service actions.
## Prerequisites
* Operational space.vars.product\_name environment
* At least one provider network
* Network connectivity between DNS backend server and designate host
## Configuration
In order to configure your space.vars.product\_name setup to use DNS as a Service, you need to assign 'DNS' role to one of your hypervisors. You can do that while onboarding a new hypervisor, or by editing assigned hosts to one of your existing hypervisors. The host that is assigned the DNS role will get the [DNS Node Level Services](#dns-node-level-services) deployed on it, as described below.
## Architecture
The Designate service architecture consists of two main components:
### Control Plane Services
The control plane services are deployed on the space.vars.product\_acronym management plane.
1. **Designate API**: Provides REST API functionality, handles HTTP requests, and validates authentication tokens through space.vars.product\_name Identity service before routing them to Designate Central via AMQP
2. **Designate Central**: Manages RPC requests through message queue, coordinates data storage, and implements business logic
3. **Designate Producer**: Handles long-running and large-scale job execution
### DNS Node Level Services
The following services are deployed on the hypervisor node that is assigned with a DNS role as part of hypervisor onboarding.
1. **Designate Worker**: Manages DNS server state and handles complex, long-running operations
2. **Designate MiniDNS**: Manages DNS NOTIFY operations and handles zone transfer (AXFR) requests, enabling integration with standard DNS servers
## Supported DNS Server Integrations
The backend DNS server handles the DNS queries and stores the DNS records. Designate acts as a management layer that can integrate with one or more of DNS server implementations, to provide DNS as a Service.
Designate supports multiple DNS backend implementations, including:
* **PowerDNS** - PowerDNS is a leading provider of fast and secure open source and commercial DNS system.
* **BIND 9** - BIND 9 is an open source, flexible, full featured DNS system.
* **NSD -** NSD is an open source DNS system that is performance optimized.
* **DynECT**
{% hint style="info" %}
**Info**
Private Cloud Director currently does not support configuring DNSaaS via the UI. This capability will be available soon.
{% endhint %}
## Pool Configuration
Create and configure [`pools.yaml` ](https://docs.openstack.org/designate/latest/admin/pools.html)with:
* NS records configuration
* Nameserver specifications
* Target configurations for BIND9
* RNDC settings
{% tabs %}
{% tab title="YAML" %}
```yaml
---
- name: default
description: Default BIND9 DNS Pool
attributes:
service_tier: bind
# List the NS records to be used for zones hosted within this pool.
ns_records:
- hostname: ns1.designate.platform9.sys.
priority: 1
# List the nameservers for this pool. These are the secondary nameservers / Bind9 servers
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host:
port: 53
# List the targets for this pool. For BIND there will be one
# entry for each authoritative server which will be used to push changes
# to the servers.
targets:
- type: bind9
description: BIND9 Server 1
# List the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the Designate controller node.
# If you have multiple controllers you may add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host:
port: 5354
# BIND Configuration options.
# This information will be used to remotely configure the authoritative BIND
# nameserver via RNDC.
options:
host:
port: 53
rndc_host:
rndc_port: 953
rndc_key_file: /path/to/rndc.key
```
{% endtab %}
{% endtabs %}
Update the pool configuration:
{% tabs %}
{% tab title="Bash" %}
```bash
designate-manage pool update --file
```
{% endtab %}
{% endtabs %}
## Zone and Record Management
Zone Creation
{% tabs %}
{% tab title="Bash" %}
```bash
openstack zone create --email admin@example.com example.com.
```
{% endtab %}
{% endtabs %}
Record Set Management
{% tabs %}
{% tab title="Bash" %}
```bash
openstack recordset create --record '' --type A example.com. hostname
```
{% endtab %}
{% endtabs %}
## VM Integration
Associate DNS domain with network:
{% tabs %}
{% tab title="Bash" %}
```bash
openstack network set --dns-domain example.com.
```
{% endtab %}
{% endtabs %}
VM Creation:
* Create VM using the configured virtual network
* Assign public IP
* Verify automatic DNS record creation
## Verify Service Status
Check Zone Propagation:
{% tabs %}
{% tab title="Bash" %}
```bash
openstack zone list
openstack recordset list
```
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.platform9.com/private-cloud-director/2025.2/virtualized-networking/dns-as-a-service-dnsaas.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.