designate/doc/source/admin/backends/pdns4.rst

PDNS4 Backend

PDNS4 Configuration

The version PowerDNS in Ubuntu Xenial is pdns4. This has a different DB schema, and is incompatible with the legacy PowerDNS driver. In PDNS 4 the API was marked stable, and this is what we will use.

You will need to configure PowerDNS, and its database before performing these steps.

You will need to use a database backend for PowerDNS's API to function.

See PowerDNS Docs for details.

1. Enable the API in the pdns.conf file.

webserver=yes
api=yes
api-key=changeme

2. Configure the PowerDNS Backend using this sample target snippet

sample_yaml_snippets/pdns4.yaml

3. Then update the pools in designate

$ designate-manage pool update

See designate_manage_pool for further details on the designate-manage pool command, and pools for information about the yaml file syntax

TSIG Key Configuration

Note

This is only available in PowerDNS 4.2 or newer

In some cases a deployer may need to use tsig keys to sign AXFR (zone transfer) requests. As pdns does not support a per host key setup, this needs to be set on a per zone basis, on creation.

To do this, generate a tsigkey on the PowerDNS Server:

$ pdnsutil generate-tsig-key <keyname> hmac-sha512
Create new TSIG key keyname hmac-sha512 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg==

Then insert it into Designate. Make sure the pool id is correct (the --resource-id below.)

openstack tsigkey create --name <keyname> --algorithm hmac-sha512 --secret 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg== --scope POOL --resource-id 794ccc2c-d751-44fe-b57f-8894c9f5c842

Then add it to the pools.yaml file as shown in the example. The ID used is the name of the key in the PowerDNS server.