system-config/doc/source/dns.rst

title

DNS

DNS

The project runs authoritative DNS servers for any constituent projects that wish to use them. The servers run NSD.

At a Glance

Hosts

• ns1.openstack.org
• ns2.openstack.org
• ns1.opendev.org
• ns2.opendev.org

Puppet

• :cgit_file:`manifests/site.pp`

Projects

• https://github.com/icann-dns/puppet-nsd
• https://www.nlnetlabs.nl/projects/nsd/

Adding a Zone

To add a new zone, add an entry to :cgit_file:`manifests/site.pp, :cgit_file:`modules/openstack_project/manifests/master_nameserver.pp and create a new git repository to hold the contents of the zone.

Run:

dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.net

And add the resulting files to the dnssec_keys key in the group/adns.yaml private hiera file on puppetmaster.

If you need to generate DS records for the registrar, identify which of the just-created key files is the key-signing key (examine the contents of the files and read the comments therein). Then run:

dnssec-dsfromkey -2 $KEYFILE

Note

This section will be expanded.