DNS as a Service (DNSaaS)

DNS as a Service (DNSaaS) in Private Cloud Director is a multi-tenant DNS management service that provides automated DNS management using open source Designate. This service integrates with Private Cloud Director Identity service for user role authentication. It enables administrators to manage DNS records, names and zones.

Prerequisites

• At least one Physical Network
• Network connectivity between your DNS backend server and the host with DNS as a service role assigned.

Configuration

In order to configure your Private Cloud Director setup to use DNS as a Service, you need to assign the 'DNS' role to one of your hosts. You can do this while onboarding a new host or by editing assigned roles to one of your existing hosts. The host assigned the DNS role will get the DNS Node Level Services deployed on it, as described below.

Architecture

The Designate service architecture consists of two main components:

Management Plane Services

The management plane services are deployed on the PCD management plane.

1. Designate API: Provides REST API functionality, handles HTTP requests, and validates authentication tokens through Private Cloud Director Identity service before routing them to Designate
2. Designate Central: Manages RPC requests through message queue, coordinates data storage, and implements business logic
3. Designate Producer: Handles long-running and large-scale job execution

DNS Node Level Services

The following services are deployed on the hypervisor node that is assigned with a DNS role as part of hypervisor onboarding.

1. Designate Worker: Manages DNS server state and handles complex, long-running operations
2. Designate MiniDNS: Manages DNS NOTIFY operations and handles zone transfer (AXFR) requests, enabling integration with standard DNS servers

Supported DNS Server Integrations

The backend DNS server handles the DNS queries and stores the DNS records. Designate acts as a management layer that can integrate with one or more DNS server implementations to provide DNS as a Service.

Designate supports multiple DNS backend implementations, including:

• BIND 9 - BIND 9 is an open-source, flexible, full-featured DNS system.
• PowerDNS - PowerDNS is a leading provider of fast and secure open-source and commercial DNS systems.

Pool Configuration

Create and configure pools.yaml with:

• NS records configuration
• Nameserver specifications
• Target configurations for BIND9
• RNDC settings

---

- name: default

  description: Default BIND9 DNS Pool

  attributes:

    service_tier: bind

  # List the NS records to be used for zones hosted within this pool.

  ns_records:

    - hostname: ns1.designate.platform9.sys.

      priority: 1

​

  # List the nameservers for this pool. These are the secondary nameservers / Bind9 servers

  # We use these to verify changes have propagated to all nameservers.

  nameservers:

    - host: <BIND_SERVER_IP>

      port: 53

​

  # List the targets for this pool. For BIND there will be one

  # entry for each authoritative server which will be used to push changes

  # to the servers.

  targets:

    - type: bind9

      description: BIND9 Server 1

      # List the designate-mdns servers from which BIND servers should

      # request zone transfers (AXFRs) from.

      # This should be the IP of the Designate controller node.

      # If you have multiple controllers you may add multiple masters

      # by running designate-mdns on them, and adding them here.

      masters:

        - host: <DESIGNATE_HOST_IP>

          port: 5354

      # BIND Configuration options.

      # This information will be used to remotely configure the authoritative BIND

      # nameserver via RNDC.

      options:

        host: <BIND_SERVER_IP>

        port: 53

        rndc_host: <BIND_SERVER_IP>

        rndc_port: 953

        rndc_key_file: /path/to/rndc.key

Update the pool configuration:

You need to execute the following command on the host where you have assigned the DNS role.

designate-manage pool update --file <PATH_TO_POOLS.YAML>

Zone and Record Management

Core Components

• DNS Pools: These logical groupings of DNS servers provide the backbone infrastructure for hosting your DNS zones. Think of these as the physical or virtual servers from which your domain information will be stored and served.
• Zones: It represents domains or subdomains (like example.com or support.example.com) you manage through Private Cloud Director. Each zone contains all the DNS records and configurations for a specific domain.
• Records: They are the individual DNS instructions that tell the internet how to handle requests for your domain. These include address records (A/AAAA), mail server records (MX), aliases (CNAME), and more.

Managing DNS Pools

Before creating zones, you'll need to set up at least one DNS pool to host your domain information:

1. Navigate to Networking → DNS in the main navigation menu.

2. Click the “Add Pool” button in the top-right corner.

3. Complete the form with these essential details:

   1. Pool Name: Create a descriptive label to identify this group of DNS servers.
   2. Backend Type: Select the DNS server software being used (standard options include BIND9 or PowerDNS).
   3. Server IP: Enter the IP address of your backend DNS server.
   4. DNS Port: Specify the port used for DNS queries, which is typically port 53.
   5. RNDC Port: If using BIND9, enter the port for remote name daemon control commands.

4. Click Create Pool to save your configuration.

Adding a DNS Zone

Once you have at least one DNS pool configured, you can add domains or subdomains as zones:

1. Navigate to Networking → DNS in the main navigation menu.

2. Click the “Add Zone” button in the top-right corner.

3. Enter the following zone details.

   1. Zone Name: The full domain or subdomain you want to manage (e.g., example.com).

   2. Zone Type:

      1. Primary: You'll manage all the records directly through Private Cloud Director.
      2. Secondary: This zone will replicate data from a primary zone hosted elsewhere.

   3. DNS Pool: Select which of your DNS server groups should host this zone.

   4. Admin Email: Provide a contact email for the domain administrator (this appears in SOA records).

   5. Default TTL: Set the default time-to-live value for records in this zone.

4. Click Create Zone to finalize your new zone.

Adding DNS Record

After creating a zone, you'll need to add DNS records to define how your domain handles various requests:

1. Navigate to Networking → DNS in the main navigation menu.

2. Click the “Add Record” button in the top-right corner.

3. Complete the form with these record details

   1. Record Name: The specific hostname or subdomain for this record (use www for www.example.com, mail for mail service, or @ to reference the root domain itself).

   2. Record Type: Select the appropriate DNS record type:

      1. A: Maps a name to an IPv4 address (like 192.168.1.1)
      2. AAAA: Maps a name to an IPv6 address.
      3. CNAME: Creates an alias pointing to another hostname (cannot conflict with other records)
      4. MX: Defines mail exchange servers for email delivery
      5. TXT: Stores text information used for domain verification, SPF, or DKIM
      6. SRV: Service locator records for services like VoIP or chat servers
      7. PTR: Reverse DNS mapping from IP addresses to hostnames

   3. Content: The value this record points to (IP address, hostname, or text)

   4. TTL: Time to Live value that controls how long this record can be cached (in seconds)

4. Click Add Record to save your new DNS record.

Using CLI

Zone Creation

openstack zone create --email admin@example.com example.com.

Record Set Management

openstack recordset create --record '<IP_ADDRESS>' --type A example.com. hostname

VM Integration

Associate DNS domain with network:

openstack network <NETWORK_UUID> set --dns-domain example.com.

For VM creation with automatic DNS records:

1. Create your VM using the properly configured virtual network
2. Assign a public IP to the instance
3. The system will automatically create the appropriate DNS records
4. Verify the record creation through the DNS management interface

Verify Service Status

After configuration, you should check zone propagation to ensure your DNS records are being served correctly. You can use standard DNS tools like dig or nslookup to query your domain and verify the expected responses.

openstack zone list

openstack recordset list <ZONE_NAME>