PDNS4 Backend

PDNS4 Backend

PDNS4 Configuration

The version PowerDNS in Ubuntu Xenial is pdns4. This has a different DB schema, and is incompatible with the legacy PowerDNS driver. In PDNS 4 the API was marked stable, and this is what we will use.

You will need to configure PowerDNS, and its database before performing these steps.

You will need to use a database backend for PowerDNS’s API to function.

See PowerDNS Docs for details.

  1. Enable the API in the pdns.conf file.

webserver=yes
api=yes
api-key=changeme
  1. Configure the PowerDNS Backend using this sample target snippet

  targets:
    - type: pdns4
      description: PowerDNS4 DNS Server

      # List out the designate-mdns servers from which PowerDNS servers should
      # request zone transfers (AXFRs) from.
      masters:
        - host: 192.0.2.1
          port: 5354

      # PowerDNS Configuration options
      options:
        host: 192.0.2.1
        port: 53
        api_endpoint: http://127.0.0.1:8081
        api_token: changeme
        api_ca_cert: /etc/ssl/certs/ca-certificates.crt
        # If a tsigkey is needed, uncomment the line below and insert the name
        # tsigkey_name: <keyname>
  1. Then update the pools in designate

$ designate-manage pool update

See designate-manage pool for further details on the designate-manage pool command, and DNS Server Pools for information about the yaml file syntax

TSIG Key Configuration

Note

This is only available in PowerDNS 4.2 or newer

In some cases a deployer may need to use tsig keys to sign AXFR (zone transfer) requests. As pdns does not support a per host key setup, this needs to be set on a per zone basis, on creation.

To do this, generate a tsigkey on the PowerDNS Server:

$ pdnsutil generate-tsig-key <keyname> hmac-sha512
Create new TSIG key keyname hmac-sha512 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg==

Then insert it into Designate. Make sure the pool id is correct (the --resource-id below.)

openstack tsigkey create --name <keyname> --algorithm hmac-sha512 --secret 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg== --scope POOL --resource-id 794ccc2c-d751-44fe-b57f-8894c9f5c842

Then add it to the pools.yaml file as shown in the example. The ID used is the name of the key in the PowerDNS server.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.