DNS as a Service (DNSaaS)

DNS as a Service (DNSaaS) in Private Cloud Director is a multi-tenant DNS management service that provides automated DNS management using open source Designate. This service integrates with Private Cloud Director Identity service for user role authentication, and enables automatic DNS record generation based on PCD Compute and Networking service actions.

Prerequisites

Operational Private Cloud Director environment
At least one provider network
Network connectivity between DNS backend server and designate host

Configuration

In order to configure your Private Cloud Director setup to use DNS as a Service, you need to assign 'DNS' role to one of your hypervisors. You can do that while onboarding a new hypervisor, or by editing assigned hosts to one of your existing hypervisors. The host that is assigned the DNS role will get the DNS Node Level Services deployed on it, as described below.

Architecture

The Designate service architecture consists of two main components:

Control Plane Services

The control plane services are deployed on the PCD management plane.

Designate API: Provides REST API functionality, handles HTTP requests, and validates authentication tokens through Private Cloud Director Identity service before routing them to Designate Central via AMQP
Designate Central: Manages RPC requests through message queue, coordinates data storage, and implements business logic
Designate Producer: Handles long-running and large-scale job execution

DNS Node Level Services

The following services are deployed on the hypervisor node that is assigned with a DNS role as part of hypervisor onboarding.

Designate Worker: Manages DNS server state and handles complex, long-running operations
Designate MiniDNS: Manages DNS NOTIFY operations and handles zone transfer (AXFR) requests, enabling integration with standard DNS servers

Supported DNS Server Integrations

The backend DNS server handles the DNS queries and stores the DNS records. Designate acts as a management layer that can integrate with one or more of DNS server implementations, to provide DNS as a Service.

Designate supports multiple DNS backend implementations, including:

PowerDNS - PowerDNS is a leading provider of fast and secure open source and commercial DNS system.
BIND 9 - BIND 9 is an open source, flexible, full featured DNS system.
NSD - NSD is an open source DNS system that is performance optimized.
DynECT

Info

Private Cloud Director currently does not support configuring DNSaaS via the UI. This capability will be available soon.

Pool Configuration

Create and configure pools.yaml with:

NS records configuration
Nameserver specifications
Target configurations for BIND9
RNDC settings

---
- name: default
  description: Default BIND9 DNS Pool
  attributes:
    service_tier: bind
  # List the NS records to be used for zones hosted within this pool.
  ns_records:
    - hostname: ns1.designate.platform9.sys.
      priority: 1

  # List the nameservers for this pool. These are the secondary nameservers / Bind9 servers
  # We use these to verify changes have propagated to all nameservers.
  nameservers:
    - host: <bind-server-IP>
      port: 53

  # List the targets for this pool. For BIND there will be one
  # entry for each authoritative server which will be used to push changes
  # to the servers.
  targets:
    - type: bind9
      description: BIND9 Server 1
      # List the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      # This should be the IP of the Designate controller node.
      # If you have multiple controllers you may add multiple masters
      # by running designate-mdns on them, and adding them here.
      masters:
        - host: <designate-host-IP>
          port: 5354
      # BIND Configuration options.
      # This information will be used to remotely configure the authoritative BIND
      # nameserver via RNDC.
      options:
        host: <bind-server-IP>
        port: 53
        rndc_host: <bind-server-IP>
        rndc_port: 953
        rndc_key_file: /path/to/rndc.key

Update the pool configuration:

designate-manage pool update --file <path/to/pools.yaml>

Zone and Record Management

Zone Creation

openstack zone create --email [email protected] example.com.

Record Set Management

openstack recordset create --record '<IP_ADDRESS>' --type A example.com. hostname

VM Integration

Associate DNS domain with network:

openstack network <uuid> set --dns-domain example.com.

VM Creation:

Create VM using the configured virtual network
Assign public IP
Verify automatic DNS record creation

Verify Service Status

Check Zone Propagation:

openstack zone list
openstack recordset list <zone_name>

PreviousLoad Balancer as a Service (LBaaS)NextOverview

Last updated 2 months ago

Was this helpful?

Good afternoon

hashtagPrerequisites

hashtagConfiguration

hashtagArchitecture

hashtagControl Plane Services

hashtagDNS Node Level Services

hashtagSupported DNS Server Integrations

hashtagPool Configuration

hashtagZone and Record Management

hashtagVM Integration

hashtagVerify Service Status