Skip to content

Prepare for designate installation

Jump to bottom
Dave Wilde edited this page Sep 23, 2019 · 1 revision

Prepare for designate installation

Before deploying RPC Designate, you need to configure a few important components, including a DNS server, ports, and a Remote Name Daemon Control (RNDC) key. Then, create a DNS servers pool as described in :ref:`configure-dns-server-pool` and then, run the Designate deployment script.

Set up a DNS backend

Although Designate provides drivers to support different DNS backends, RPC supports BIND 9 only. You can either use an existing DNS deployment or set up new DNS nodes to work with Designate.

To set up a DNS backend, follow these steps:

  1. Enable the creation of new availability zone by configuring the following BIND 9 option:

    allow-new-zones yes;

  2. Enable Designate to communicate with BIND 9 by creating and configuring an rndc.key:

    include "/etc/bind/rndc.key";

controls {
  inet <listen address> port 953
    allow { <ip addresses of infra nodes> ; } keys {"rndc-key"; };
  inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys {"rndc-key"; };
};

    Fore more information, see :ref:`designate-rndc`.

Configure network ports

Designate must communicate bidirectionally with the infrastructure nodes that run the Designate containers and the DNS servers.

Port configuration
Server Port Description
Infrastructure nodes 5354/UDP

The 5354/UDP must be open on all infrastructure nodes to allow ingress traffic. This port is used for the answers zone transfer (AXDR) requests from the DNS servers to the designate mini DNS (designate-mdns) service.

DNS -> OpenStack infrastructure nodes.
DNS servers
  • 53/UDP
  • 53/TCP
  • 953/TCP

DNS servers need the following ports to be open:

  • 53/UDP -> Open for all traffic for DNS resolution.
  • 53/TCP -> Open for all traffic for DNS resolution.
  • 953/TCP -> Used for RNDC commands, this only needs to be open to allow communication from the OpenStack infrastructure nodes.

OpenStack Infra nodes -> DNS.

RNDC key

RNDC enables configuration for DNS servers with the BIND 9 backend. In different operating system, the RNDC key file is either created automatically or you need to manually generate it.

The following table describes RNDC files locations and procedures for different operating systems.

RNDC key file
Operating system Description
Ubuntu The BIND 9 package automatically generates an rndc.key file in the /etc/bind directory.
CentOS/RHEL

You need to generate the key file by using the rndc-confgen command. This command creates the key file and places it in the /etc directory.

rndc-confgen -a

System response:

wrote key file "/etc/rndc.key"

Copy the key file to the following location on the deployment host:

/etc/openstack_deploy/rndc.key
Clone this wiki locally