Designate is a multi-tenant DNSaaS service for OpenStack. It provides a REST API with integrated Keystone authentication. It can be configured to auto-generate records based on Nova and Neutron actions. Designate supports a variety of DNS servers including Bind9 and PowerDNS 4.
Introduction to Designate
Designate is an Open Source DNS-as-a-Service implementation and a part of the OpenStack ecosystem of services for running clouds. In order to understand what Designate can do and how it works, its necessary to understand some of the basics of DNS.
What is DNS?
The Domain Name System (DNS) is a system for naming resources connected to a network, and works by storing various types of record, such as an IP address associated with a domain name. In practice, this is implemented by authoritative name servers which contain these records and resolvers which query name servers for records. Names are divided up into a hierarchy of zones, allowing different name servers to be responsible for separate groups of zones by delegating responsibility using records.
The root zone, which is simply ., is comprised entirely of records delegating various top level domains (TLDs) to other nameservers. The TLD name servers will contain records for domains within their TLD, such as the .com nameserver having an example.com record, as well as records that delegate zones to other nameservers, for example openstack.org might have their own nameserver so that they can then create cloud.openstack.org.
Resolvers are often formed in two parts: a stub resolver which is often merely a library on a users computer, and a recursive resolver that will perform queries against nameservers before returning the result to the user. When searching for a domain, the resolver will start at the end of the domain and work its way back to the beginning.
For example in the diagram below, when searching for cloud.openstack.org, it will start with the root nameserver ., which will reply with the location of the .org nameserver. The resolver can then contact the .org nameserver to get the openstack.org nameserver and from there finally get the cloud.openstack.org record and return it to the user.
In order to make this more efficient, the results are cached on the resolver, so after the first user has requested cloud.openstack.org, the resolver can return the cached result for subsequent requests.
Further reading on DNS and how it works is available here:
While the system itself is defined via RFCs such as this: