NS1 Backend¶
NS1 Configuration¶
Configure the NS1 Backend using this sample target snippet
targets:
- type: ns1
description: NS1 DNS Server
# List out the designate-mdns servers from which NS1 servers should
# request zone transfers (AXFRs) from.
masters:
- host: 192.0.2.1
port: 5354
# NS1 Configuration options
options:
#NS1 XFR container ip and port
host: 192.0.2.2
port: 5302
#NS1 API enpoint IP address or name (Core container). Enter only base address or name.
#Plugin will generate full api address, e.g. https://192.0.2.2/v1/zones/<zone name>
api_endpoint: 192.0.2.2
#NS1 API key
api_token: changeme
# If a tsigkey is needed, uncomment the line below and insert the key name, algorithm and value
# NOTE: TSIG key has to be set manually
#tsigkey_name: testkey
#tsigkey_hash: hmac-sha512
#tsigkey_value: 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg==
Then update the pools in designate
$ designate-manage pool update
See designate-manage pool for further details on
the designate-manage pool command, and DNS Server Pools
for information about the yaml file syntax
TSIG Key Configuration¶
In some cases a deployer may need to use tsig keys to sign AXFR (zone transfer) requests. As NS1 does not support a per host key setup, this needs to be set on a per zone basis, on creation.
To do this, generate a tsigkey using any of available utilities (e.g. tsig-keygen):
$ tsig-keygen -a hmac-sha512 testkey
key "testkey" {
algorithm hmac-sha512;
secret "vQbMI3u5QGUyRu6FWRm16eL0F0dfOOmVJjWKCTg4mIMNnba0g2PLrV+0G92WcTfJrgqZ20a4hv3RWDICKCcJhw==";
};
Then insert it into Designate. Make sure the pool id is correct
(the --resource-id below.)
openstack tsigkey create --name testkey --algorithm hmac-sha512 --secret 4EJz00m4ZWe005HjLiXRedJbSnCUx5Dt+4wVYsBweG5HKAV6cqSVJ/oem/6mLgDNFAlLP3Jg0npbg1SkP7RMDg== --scope POOL --resource-id 794ccc2c-d751-44fe-b57f-8894c9f5c842
Then add it to the pools.yaml file as shown in the example.
