James E. Blair 4ccf277850 Add an authoritative hidden master

This runs bind as a hidden master nameserver so we can do all the
keysigning there, and then use nsd (or bind) as public authoritative
slaves.

Change-Id: Ifb2ad109103051fa13c4af1c7be1ca0ae98bb1a1

2017-12-19 08:57:33 -08:00

860 B

Raw Blame History

title: DNS

DNS

The project runs authoritative DNS servers for any constituent projects that wish to use them. The servers run NSD.

At a Glance

Hosts

ns1.openstack.org
ns2.openstack.org

Puppet

manifests/site.pp

Projects

Adding a Zone

To add a new zone, add an entry to manifests/site.pp, modules/openstack_project/manifests/master_nameserver.pp and create a new git repository to hold the contents of the zone.

Run:

dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.net

And add the resulting files to the dnssec_keys key in the group/adns.yaml private hiera file on puppetmaster.

Note

This section will be expanded.

860 B Raw Blame History

DNS

At a Glance

Adding a Zone

860 B

Raw Blame History