NS1 Backend

updated: 2023-04-14 11:15

NS1 Backend

NS1 Configuration

  1. Configure the NS1 Backend using this sample target snippet

  targets:
    - type: ns1
      description: NS1 DNS Server

      # List out the designate-mdns servers from which NS1 servers should
      # request zone transfers (AXFRs) from.
      masters:
        - host: 192.0.2.1
          port: 5354

      # NS1 Configuration options
      options:
        #NS1 XFR container ip and port
        host: 192.0.2.2
        port: 5302
        #NS1 API enpoint IP address or name (Core container). Enter only base address or name.
        #Plugin will generate full api address, e.g. https://192.0.2.2/v1/zones/<zone name>
        api_endpoint: 192.0.2.2
        #NS1 API key
        api_token: changeme
        # If a tsigkey is needed, uncomment the line below and insert the key name, algorithm and value
        # NOTE: TSIG key has to be set manually
        #tsigkey_name: testkey
        #tsigkey_hash: hmac-sha512
        #tsigkey_value: 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg==

  1. Then update the pools in designate

$ designate-manage pool update

See designate-manage pool for further details on the designate-manage pool command, and DNS Server Pools for information about the yaml file syntax

TSIG Key Configuration

In some cases a deployer may need to use tsig keys to sign AXFR (zone transfer) requests. As NS1 does not support a per host key setup, this needs to be set on a per zone basis, on creation.

To do this, generate a tsigkey using any of available utilities (e.g. tsig-keygen):

$ tsig-keygen -a hmac-sha512 testkey
key "testkey" {
    algorithm hmac-sha512;
    secret "vQbMI3u5QGUyRu6FWRm16eL0F0dfOOmVJjWKCTg4mIMNnba0g2PLrV+0G92WcTfJrgqZ20a4hv3RWDICKCcJhw==";
};

Then insert it into Designate. Make sure the pool id is correct (the --resource-id below.)

openstack tsigkey create --name testkey --algorithm hmac-sha512 --secret 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg== --scope POOL --resource-id 794ccc2c-d751-44fe-b57f-8894c9f5c842

Then add it to the pools.yaml file as shown in the example.

updated: 2023-04-14 11:15
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

questions?