Designate provides DNS as a Service in OpenStack

Central Register

User's Cooperation

The user's cooperation is required as soon as the provider provides the Designate infrastructure for the cloud as described. This much is clear: For Designate to work for a domain, the domain needs to be configured with the responsible registry so that its NS records actually point to the Designate name servers. Designate therefore assumes control over the domain in this scenario. Anyone who wants to avoid this can, of course, also work using sub-delegations: DNS for the subdomain could be delegated to Designate while the normal name servers take care of the rest of the domain, for example.

The setup of domains by users with the Designate command-line client provided is simple. Using

designate domain-create --name example. com. --email

the user can create a domain (Figure 2). The tool output then displays an ID, which is important. The user needs this domain ID to create DNS entries for VMs:

designate record-create 5849251B-832E-4521-94ED-92EB3D191DC4 --name --type A --data
Figure 2: As soon as Designate is working, domains can be created using the Designate CLI.

This example shows that the domain name receives an A record for the address . To set the PTR record for a cloud floating IP, an ID is required – specifically, that of the floating IP. This ID is displayed on either the dashboard or the command line. The command is

openstack ptr record set <ID> <PTR record>

where <ID> and <PTR record> must be replaced with the appropriate values.

If necessary, the user can adjust the network to automate the process. When setting up the domain, the parameter for neutron can be used to define the DNS domain to which the network is to be connected.

Discover the Possibilities

Designate's scope of functions goes far beyond creating DNS and PTR records. One example is controlling zone transfers: Anyone who wants to execute an AXFR transfer for a specific domain can do so for the respective zone with:

designate zone axfr

The blacklist zones are also interesting. Using regular expressions, you can define strings that must not appear in domain names.

Anyone who wants to prevent their own cloud websites from having obscene words in the DNS name can enter them in the Designate blacklist. An attempt to create a domain that matches a pattern on the blacklist will fail with an HTTP 400 error, and the corresponding error message will appear. Only admins can create or manage blacklist domains.

A GUI for Designate

In this article, I have shown how to create entries both for host names and IP addresses from the command line using the Designate API. What hasn't been mentioned thus far is the plugin that Designate needs to integrate into the OpenStack dashboard, Horizon. Unfortunately, integrating Designate into the central OpenStack GUI is not a notable tale: The first work began in 2014, and an abandoned merge request in the OpenStack project review system [3] indicates that for more than two years Designate should have been familiar with Horizon.

However, the merge request was blocked because of various errors, and the original author probably hasn't found the time to start on it again. The good news is that work is continuing on the Designate dashboard, although it currently only exists as an out-of-tree development on GitHub [4].

The installation instructions that can be found there mention installing the plugin with the script. That is a level of tinkering that nobody wants to take responsibility for in production environments. However, anyone using Ubuntu has little choice: Canonical only packages those OpenStack items that are officially a part of OpenStack.

Annoyed admins have little choice but to build the package themselves. Nevertheless, the developers should see that the Designate plugin soon becomes part of Horizon to eliminate the need for this kind of tinkering (Figure 3).

Figure 3: Although there might be a Horizon plugin for Designate, it still hasn't found its way into Horizon, requiring manual work.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus