« Designate with PowerDNS » : différence entre les versions

Configure Designate with a Powerdns backend.
The objective is to configure and deploy a DNS as a service.

The stack

Designate deploys its own DNS servers (designate-mdns) which will act as primary on its own managed zones.
These DNS servers are not intended to face client traffic. One or more PowerDNS servers (not deployed by Designate), configured as secondary for the zones managed by Designate, will act as the actual DNS root.
Designate will create its managed zones as secondaries in PowerDNS via the PowerDNS API. Subsequent updates (addition/deletion of records) will be managed via AXFR notifications.
It's possible (and recommanded) to put a recursor in front of this DNS root and why not a DNS load balancer such as dnsdist.

PowerDNS configuration

A complete guide to configure a PowerDNS stack is out of scope.
There are important settings to put in PowerDNS pdns.conf :

• webserver=yes
• webserver-port=<PORT>
• webserver-allow-from=<openstack_controller1_ip>,<openstack_controller2_ip>,<openstack_controller3_ip>
• api=yes
• api-key=<KEY>
• secondary=yes
• trusted-notification-proxy=<kolla_external_vip_address>
• allow-notify-from=<openstack_controller1_ip>,<openstack_controller2_ip>,<openstack_controller3_ip>

Kolla-ansible configuration and deployment

Patch to manage PowerDNS backends

Kolla-ansible manages only Bind or Infoblox backends by default.
A small patch is required to manage PowerDNS backends :

--- ./ansible/roles/designate/templates/pools.yaml.j2.orig	2024-09-25 10:56:16.610311548 +0200
+++ ./ansible/roles/designate/templates/pools.yaml.j2	2024-09-25 15:32:20.241690207 +0200
@@ -97,4 +97,38 @@
         password: {{ designate_infoblox_auth_password }}
         multi_tenant: {{ designate_infoblox_multi_tenant }}
         ns_group: {{ designate_infoblox_ns_group }}
+{% elif designate_backend == 'pdns4' %}
+- name: pdns
+  id: {{ designate_pool_id }}
+  description: Default PowerDNS4 Pool
+  attributes: {}
+  ns_records:
+{% if designate_ns_record is string %}
+    - hostname: {{ designate_ns_record }}.
+      priority: 1
+{% else %}
+{% for host in designate_ns_record %}
+    - hostname: {{ host }}.
+      priority: 1
+{% endfor %}
+{% endif %}
+  nameservers:
+    - host: {{ designate_backend_pdns4_master }}
+      port: {{ designate_bind_port }}
+  also_notifies:
+    - host: {{ designate_backend_pdns4_master }}
+      port: {{ designate_bind_port }}
+  targets:
+    - type: pdns4
+      description: Default PowerDNS4 Pool
+      masters:
+{% for mdns_host in groups['designate-mdns'] %}
+        - host: {{ 'dns' | kolla_address(mdns_host) }}
+          port: {{ designate_mdns_port }}
+{% endfor %}
+      options:
+        host: {{ designate_backend_pdns4_master }}
+        port: 53
+        api_endpoint: http://{{ designate_backend_pdns4_master }}
+        api_token: {{ designate_backend_pdns4_token }}
 {% endif %}

Configuration

Here is a globals.yml example settings for designate :

enable_designate: "yes"
designate_ns_record:
  - "ns1.example.org"
designate_backend: "pdns4"
designate_backend_pdns4_master: "192.168.4.20:<PORT>"
designate_backend_pdns4_token: "<KEY>"