# DNS as a Service (DNSaaS)

DNS as a Service (DNSaaS) in <code class="expression">space.vars.product\_name</code> is a multi-tenant DNS management service that provides automated DNS management using open source Designate. This service integrates with <code class="expression">space.vars.product\_name</code> Identity service for user role authentication, and enables automatic DNS record generation based on <code class="expression">space.vars.product\_acronym</code> Compute and Networking service actions.

## Prerequisites

* Operational <code class="expression">space.vars.product\_name</code> environment
* At least one provider network
* Network connectivity between DNS backend server and designate host

## Configuration

In order to configure your <code class="expression">space.vars.product\_name</code> setup to use DNS as a Service, you need to assign 'DNS' role to one of your hypervisors. You can do that while onboarding a new hypervisor, or by editing assigned hosts to one of your existing hypervisors. The host that is assigned the DNS role will get the [DNS Node Level Services](#dns-node-level-services) deployed on it, as described below.

## Architecture

The Designate service architecture consists of two main components:

### Control Plane Services

The control plane services are deployed on the <code class="expression">space.vars.product\_acronym</code> management plane.

1. **Designate API**: Provides REST API functionality, handles HTTP requests, and validates authentication tokens through <code class="expression">space.vars.product\_name</code> Identity service before routing them to Designate Central via AMQP
2. **Designate Central**: Manages RPC requests through message queue, coordinates data storage, and implements business logic
3. **Designate Producer**: Handles long-running and large-scale job execution

### DNS Node Level Services

The following services are deployed on the hypervisor node that is assigned with a DNS role as part of hypervisor onboarding.

1. **Designate Worker**: Manages DNS server state and handles complex, long-running operations
2. **Designate MiniDNS**: Manages DNS NOTIFY operations and handles zone transfer (AXFR) requests, enabling integration with standard DNS servers

## Supported DNS Server Integrations

The backend DNS server handles the DNS queries and stores the DNS records. Designate acts as a management layer that can integrate with one or more of DNS server implementations, to provide DNS as a Service.

Designate supports multiple DNS backend implementations, including:

* **PowerDNS** - PowerDNS is a leading provider of fast and secure open source and commercial DNS system.
* **BIND 9** - BIND 9 is an open source, flexible, full featured DNS system.
* **NSD -** NSD is an open source DNS system that is performance optimized.
* **DynECT**

{% hint style="info" %}
**Info**

Private Cloud Director currently does not support configuring DNSaaS via the UI. This capability will be available soon.
{% endhint %}

## Pool Configuration

Create and configure [`pools.yaml` ](https://docs.openstack.org/designate/latest/admin/pools.html)with:

* NS records configuration
* Nameserver specifications
* Target configurations for BIND9
* RNDC settings

{% tabs %}
{% tab title="YAML" %}

```yaml
---
- name: default
  description: Default BIND9 DNS Pool
  attributes:
    service_tier: bind
  # List the NS records to be used for zones hosted within this pool.
  ns_records:
    - hostname: ns1.designate.platform9.sys.
      priority: 1

  # List the nameservers for this pool. These are the secondary nameservers / Bind9 servers
  # We use these to verify changes have propagated to all nameservers.
  nameservers:
    - host: <bind-server-IP>
      port: 53

  # List the targets for this pool. For BIND there will be one
  # entry for each authoritative server which will be used to push changes
  # to the servers.
  targets:
    - type: bind9
      description: BIND9 Server 1
      # List the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      # This should be the IP of the Designate controller node.
      # If you have multiple controllers you may add multiple masters
      # by running designate-mdns on them, and adding them here.
      masters:
        - host: <designate-host-IP>
          port: 5354
      # BIND Configuration options.
      # This information will be used to remotely configure the authoritative BIND
      # nameserver via RNDC.
      options:
        host: <bind-server-IP>
        port: 53
        rndc_host: <bind-server-IP>
        rndc_port: 953
        rndc_key_file: /path/to/rndc.key
```

{% endtab %}
{% endtabs %}

Update the pool configuration:

{% tabs %}
{% tab title="Bash" %}

```bash
designate-manage pool update --file <path/to/pools.yaml>
```

{% endtab %}
{% endtabs %}

## Zone and Record Management

Zone Creation

{% tabs %}
{% tab title="Bash" %}

```bash
openstack zone create --email admin@example.com example.com.
```

{% endtab %}
{% endtabs %}

Record Set Management

{% tabs %}
{% tab title="Bash" %}

```bash
openstack recordset create --record '<IP_ADDRESS>' --type A example.com. hostname
```

{% endtab %}
{% endtabs %}

## VM Integration

Associate DNS domain with network:

{% tabs %}
{% tab title="Bash" %}

```bash
openstack network <uuid> set --dns-domain example.com.
```

{% endtab %}
{% endtabs %}

VM Creation:

* Create VM using the configured virtual network
* Assign public IP
* Verify automatic DNS record creation

## Verify Service Status

Check Zone Propagation:

{% tabs %}
{% tab title="Bash" %}

```bash
openstack zone list
openstack recordset list <zone_name>
```

{% endtab %}
{% endtabs %}