Bind9 Backend

This page documents using the Bind 9 backend. The backend uses the rndc utility to create and delete zones remotely.

The traffic between rndc and Bind is authenticated with a key.

Designate Configuration

Example configuration required for Bind9 operation. One section for each pool target

  targets:
    - type: bind9
      description: BIND9 Server 1

      # List out the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      masters:
        - host: 192.0.2.1
          port: 5354

      # BIND Configuration options
      options:
        host: 192.0.2.2
        port: 53
        rndc_host: 192.0.2.2
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key
        clean_zonefile: false

The key and config files are relative to the host running Designate (and can be different from the hosts running Bind)

Then update the pools in designate - see designate-manage pool for further details on the designate-manage pool command

$ designate-manage pool update

Bind9 Configuration

Ensure Bind can access the /etc/bind/rndc.conf and /etc/bind/rndc.key files and receive rndc traffic from Designate.

Enable rndc addzone/delzone functionality by editing named.conf.options or named.conf and add this line under options

allow-new-zones yes;

Example configuration of /etc/bind/rndc.key

key "rndc-key" {
    algorithm hmac-md5;
    secret "<b64-encoded string>";
};