DNS (BETA)
Introduction
Designate provides the DNS-as-a-Service implementation for Infomaniak Public Cloud platform.
Main features
- Create/Manage zones
- Create records
- Create PTR
Info
DNSaaS is currently provided as BETA version. DNS resources can be used for free during the BETA ; it might be charged after.
Basics of the Domain Name System DNS
The Domain Name System (DNS) is a naming system for resources connected to a private or a public network. A hierarchical, distributed database, associates information about resources with domain names that are organized into various groups called zones. Authoritative name servers store resources and zones information in records which can be queried by resolvers to identify and locate resources for routing network data.
Names are divided up into a hierarchy of zones which facilitates delegation. Separate name servers are responsible for a particular zone.
The root zone, which is simply . (a dot), contains records that delegate top-level domains (TLDs) to other name servers. These types of records are called name server (NS) records and identify which DNS server is authoritative for a particular domain. It is not uncommon for there to be more than one NS record to indicate a primary and a backup name server for a domain.
Beneath the root zone, various TLD name servers contain records for domains only within their TLD. These are address records and canonical name records, and are referred to as A and CNAME records, respectively.
Resolvers are often formed in two parts: a stub resolver, which is usually a library on a user’s computer, and a recursive resolver that performs queries against name servers before returning the result to the user. When searching for a domain, the resolver starts at the end of the domain and works toward the beginning of the domain.
For example, when searching for cloud.example.com, the resolver starts with the root name server .. The root replies with the location of the .com name server. The resolver then contacts the .com name server to get the example.com name server. Finally, the resolver locates the cloud.example.com record and returns it to the user.
Zones management
With the Designate service, it is possible to manage a DNS zones directly on the public cloud platform. Several cases are possible:
Installing The Client
sudo apt install python3-designateclient
Or using pip:
python3 -m pip install python-openstackclient python-designateclient
Case n°1: Manage your DNS on public cloud
Info
You can also realize all operations described below in the Horizon interface, DNS section.
It is possible to manage a DNS zone with designate. The first thing to do, is to create a new zone in an OpenStack Project:
Begining to source your credentials:
. PCU-XXXXXXX
Next create a DNS Zone:
openstack zone create --email dnsmaster@domain.tld domain.tld.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2023-02-03T08:27:24.000000 |
| description | None |
| email | dnsmaster@domain.tld |
| id | b8c5db7d-b693-4eb4-a0f1-c0a274248295 |
| masters | |
| name | domain.tld. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 12effe97895f4167a44420f8cea0bcac |
| serial | 1675412844 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
Now obtain NS records from the new DNS Zone, and add them in your registrar interface. In the case bellow NS records are:
- ns1.pub1.infomaniak.cloud
- ns2.pub1.infomaniak.cloud
openstack recordset list <DNS_ZONE_NAME>
Or
openstack recordset list <DNS_ZONE_ID>
openstack recordset list domain.tld.
+--------------------------------------+-------------+------+-------------------------------------------------------+--------+--------+
| id | name | type | records | status | action |
+--------------------------------------+-------------+------+-------------------------------------------------------+--------+--------+
| bf8484e8-207a-418f-ad22-0d992504c97b | domain.tld. | SOA | ns2.pub1.infomaniak.cloud. dnsmaster.domain.tld. | ACTIVE | NONE |
| | | | 1675412844 3558 600 86400 3600 | | |
| d95d62b3-a42b-48aa-8ebb-eab86ecf3533 | domain.tld. | NS | ns1.pub1.infomaniak.cloud. | ACTIVE | NONE |
| | | | ns2.pub1.infomaniak.cloud. | | |
+--------------------------------------+-------------+------+-------------------------------------------------------+--------+--------+
Now, create a first record (example: A record):
openstack recordset create --type A --record <IP_ADDRESS> <DNS_ZONE_NAME> <RECORD_NAME>
openstack recordset create --type A --record 192.168.10.20 domain.tld. server-a
+-------------+---------------------------------------+
| Field | Value |
+-------------+---------------------------------------+
| action | CREATE |
| created_at | 2023-02-03T08:54:17.000000 |
| description | None |
| id | 17f9a11a-6c77-47c4-b5aa-880802f1f5b5 |
| name | server-a.domain.tld. |
| project_id | 12effe97895f4167a44420f8cea0bcac |
| records | 192.168.10.20 |
| status | PENDING |
| ttl | None |
| type | A |
| updated_at | None |
| version | 1 |
| zone_id | b8c5db7d-b693-4eb4-a0f1-c0a274248295 |
| zone_name | domain.tld. |
+-------------+---------------------------------------+
Case n°2: Managing DNS Zones with cloud instances
Designate makes it possible to create directly records for instances or ports in specific DNS zone.
For example if creating a DNS zone domain.tld when creating an instance or a network port, it is possible to directly specify a record for this resource in the DNS zone. In the Infomaniak Public Cloud there are two options.
Option n°1: create an instance in ext-net1 network.
In this case all records for the resource are automatically provided by the platform. By default every resource in this network have a predefined A and PTR record.
Warning
Before creating records for an instance, the network port must be created (as per above), and it must be assigned to the instance.
It's possible to change the PTR records for some predefined use cases. For more informations contact Infomaniak support.
Option n°2: create resource in personal network with floating IP
In other scenarios, it is possible to directly create records for resources in a personal DNS zone. This option also creates the associated ptr automatically
Warning
One must have created a DNS zone in the platform before the actions bewlow
1) Create record for a floating IP
openstack floating ip create ext-floating1 --dns-domain domain.tld. --dns-name <RECORD_NAME>
2) Create record for network port
openstack port create --network <NETWORK_ID or NETWORK_NAME> --dns-domain domain.tld. --dns-name <RECORD_NAME> <PORT_NAME>
openstack port create --network 8e956933-527a-42ac-b24e-8ba881afcafc --dns-domain domain.tld. --dns-name server-a myport
+-------------------------+---------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | None |
| binding_profile | None |
| binding_vif_details | None |
| binding_vif_type | None |
| binding_vnic_type | normal |
| created_at | 2023-02-03T09:36:59Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| device_profile | None |
| dns_assignment | fqdn='server-a.dc3-a.pub1.infomaniak.cloud.', hostname='server-a', ip_address='10.10.0.103' |
| dns_domain | domain.tld. |
| dns_name | test3 |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.10.0.103', subnet_id='94405875-7c56-4193-a0ef-86b27348f52d' |
| id | 0f0b1600-6000-48ce-a4f3-172c0dadac16 |
| ip_allocation | immediate |
| mac_address | fa:16:3e:8f:6d:63 |
| name | myport |
| network_id | 8e956933-527a-42ac-b24e-8ba881afcafc |
| numa_affinity_policy | None |
| port_security_enabled | True |
| project_id | 12effe97895f4167a44420f8cea0bcac |
| propagate_uplink_status | None |
| qos_network_policy_id | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | bebaeb9e-ed22-4a9b-bdc5-ddb4e03b55d9 |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2023-02-03T09:36:59Z |
+-------------------------+---------------------------------------------------------------------------------------------+
3) Create record for instance in private network
Before creating records for an instance, the network port must be created (as per above), and it must be assigned to the instance.
openstack server create --flavor <FLAVOR-ID> --network <NETWORK_ID> --image <IMAGE_ID> --key <KEY_NAME> --port <PORT_NAME> <INSTANCE_NAME>
+-----------------------------+-------------------------------------------------------------+
| Field | Value |
+-----------------------------+-------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 7zAf7GUZUnnL |
| config_drive | |
| created | 2023-02-03T09:41:31Z |
| flavor | a1-ram2-disk20-perf1 (21aad244-a330-4e79-ba80-4c057cf742f9) |
| hostId | |
| id | bff538b1-2f02-4efd-b5e2-4ba1a7c3c112 |
| image | Alpine Linux 3.17 (a73941eb-47db-4881-a9fb-d5b67622c53e) |
| key_name | private-key |
| name | server-a |
| progress | 0 |
| project_id | 12effe97895f4167a44420f8cea0bcac |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2023-02-03T09:41:31Z |
| user_id | 7b2f1599396c410f9f3cfa80922a9052 |
| volumes_attached | |
+-----------------------------+-------------------------------------------------------------+
Create a PTR Record
Prerequisites
- One or more floating IPs defined
- A reverse lookup zone for the floating IP for which you want to create a PTR record
Setting up PTR records for floating IP addresses
1 Source your credentials file:
. PCP-XXXX.rc
2 Get the id of your floating ip:
openstack floating ip list -c ID -c "Floating IP Address"
+--------------------------------------+---------------------+
| ID | Floating IP Address |
+--------------------------------------+---------------------+
| e5d5e422-91c5-4c52-bd96-6d1c0c01ea2e | 128.65.194.73 |
+--------------------------------------+---------------------+
3 Determine region name of the neutron instance:
cat PCP-XXXX.rc | grep REGION | cut -d'=' -f 2
dc3-a
4 Create the PTR record by using the openstack ptr record set command:
41bb7f28-3540-4d2d-ba7c-58a239f9cd46 correspond to floating ID
openstack ptr record set dc3-a:e5d5e422-91c5-4c52-bd96-6d1c0c01ea2e mail.stanley.cloud.
In this example, ns1.pub1.infomaniak.cloud. is one of the DNS servers in the deployment:
dig -x 195.15.194.73 @ns1.pub1.infomaniak.cloud. +short
custom-ptr.infomaniak.cloud.
Setting up PTR records for public IP addresses in public network
Prerequisites
- The project must own the zone where to create the PTR record.
- A reverse lookup zone to store the PTR record
Warning
In public networks such as ext-net1 all records A and PTR are predefined by the platform. It's possible to request a PTR record modification, if owning the corresponding IP address. Please contact Infomaniak support for this.