2.7 KiB
PDNS4 Backend
PDNS4 Configuration
The version PowerDNS in Ubuntu Xenial is pdns4. This has a different DB schema, and is incompatible with the legacy PowerDNS driver. In PDNS 4 the API was marked stable, and this is what we will use.
You will need to configure PowerDNS, and its database before performing these steps.
You will need to use a database backend for PowerDNS's API to function.
See PowerDNS Docs for details.
- Enable the API in the
pdns.conf
file.
webserver=yes
api=yes
api-key=changeme
- Configure the PowerDNS Backend using this sample target snippet
sample_yaml_snippets/pdns4.yaml
- Then update the pools in designate
$ designate-manage pool update
See designate_manage_pool
for further details on the
designate-manage pool
command, and pools
for information about
the yaml file syntax
TSIG Key Configuration
Note
This is only available in PowerDNS 4.2 or newer
In some cases a deployer may need to use tsig keys to sign AXFR (zone transfer) requests. As pdns does not support a per host key setup, this needs to be set on a per zone basis, on creation.
To do this, generate a tsigkey on the PowerDNS Server:
$ pdnsutil generate-tsig-key <keyname> hmac-sha512
Create new TSIG key keyname hmac-sha512 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg==
Then insert it into Designate. Make sure the pool id is correct (the
--resource-id
below.)
openstack tsigkey create --name <keyname> --algorithm hmac-sha512 --secret 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg== --scope POOL --resource-id 794ccc2c-d751-44fe-b57f-8894c9f5c842
Then add it to the pools.yaml
file as shown in the
example. The ID used is the name of the key in the PowerDNS server.