Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Install and Configure Bind9

These steps install Bind9, and then configure integration with DNSaaS.

3.1. Basic BIND Installation
Copy link

1. Install the BIND packages: 

# yum install bind bind-utils
Copy to Clipboard Toggle word wrap

2. Configure named to listen for incoming connections: 

# cp /etc/named.conf /etc/named.conf.orig
# sed -i -e "s/listen-on port.*/listen-on port 53 { 127.0.0.1; 192.168.100.20; };/" /etc/named.conf
Copy to Clipboard Toggle word wrap

3.2. Configure BIND
Copy link

1. Write to /etc/rndc.key: 

# rndc-confgen -a
Copy to Clipboard Toggle word wrap

2. Add the following before options 

# sed -i '/^options.*/i \
include "/etc/rndc.key"; \
controls { \
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; \
};' /etc/named.conf
Copy to Clipboard Toggle word wrap

3. Remove a few existing options you will rewrite later: 

# sed -i '/allow-query.*/d' /etc/named.conf
# sed -i '/recursion.*/d' /etc/named.conf
Copy to Clipboard Toggle word wrap

4. Add the following after options: 

# sed -i '/^options.*/a \
        allow-new-zones yes; \
        allow-query { any; }; \
        recursion no;' /etc/named.conf
Copy to Clipboard Toggle word wrap

5. Create the rndc configuration. For the Compute node, the rndc configuration must point to the DNS server. For example: 

# cat << EOF > /etc/rndc.conf
include "/etc/rndc.key";
options {
        default-key "rndc-key";
        default-server 192.168.100.20;
        default-port 953;
};
EOF
Copy to Clipboard Toggle word wrap

6. Review the named configuration: 

# named-checkconf /etc/named.conf
Copy to Clipboard Toggle word wrap

7. Correct the file permissions: 

# setsebool -P named_write_master_zones on
# chmod g+w /var/named
# chown named:named /etc/rndc.conf
# chown named:named /etc/rndc.key
# chmod 600 /etc/rndc.key
Copy to Clipboard Toggle word wrap

8. Enable and start the named service: 

# systemctl enable named
# systemctl start named
Copy to Clipboard Toggle word wrap

9. Validate named and rndc: 

# dig @localhost localhost
# rndc status
Copy to Clipboard Toggle word wrap

3.3. Configure the DNSaaS Pool Target for BIND
Copy link

1. Set the pool target configuration: 

$ crudini --set /etc/designate/designate.conf pool_target:$target_id type bind9
$ crudini --set /etc/designate/designate.conf pool_target:$target_id options "rndc_host: 192.168.100.20, rndc_port: 953, rndc_config_file: /etc/rndc.conf, rndc_key_file: /etc/rndc.key"
$ crudini --set /etc/designate/designate.conf pool_target:$target_id masters 192.168.100.20:5354
Copy to Clipboard Toggle word wrap

2. Restart DNSaaS to apply your pool changes: 

# systemctl restart designate-api
# systemctl restart designate-central
# systemctl restart designate-mdns
# systemctl restart designate-pool-manager
# systemctl restart designate-sink
Copy to Clipboard Toggle word wrap

3.4. Test BIND
Copy link

1. Perform the diagnostic commands below: 

# netstat -tap | grep named
# netstat -tulpn | grep 53
# dig @192.168.100.20
Copy to Clipboard Toggle word wrap

2. Check the DNSaaS Logs for errors. Ignore errors in Sink for now, as you have not modified its configuration. 

# cd /var/log/designate
# tail api.log
# tail central.log
# tail mdns.log
# tail pool-manager.log
# tail sink.log
Copy to Clipboard Toggle word wrap

3.5. Test DNSaaS integration with BIND9
Copy link

1. Create an entry for your server: 

# designate server-create --name $(hostname).
Copy to Clipboard Toggle word wrap

2. Verify your DNS server record was previously created: 

# designate server-list
Copy to Clipboard Toggle word wrap

3. Create a domain (don’t forget the . at the end of the --name option) 

# designate domain-list
# designate domain-create --name example.com. --email root@example.com
# DOMAINID=$(designate domain-list | grep example.com | awk '{print $2}')
Copy to Clipboard Toggle word wrap
Note

When creating a domain from designate against BIND, it is basically running a command similiar to this: 

# rndc -s 192.168.122.41 -p 953 -c /etc/rndc.conf -k /etc/rndc.key addzone example.com '{ type slave; masters { 192.168.122.41 port 5354; }; file "slave.example.com.ff532e15-55a9-4966-8f1e-b3eddb2891ba"; };'
Copy to Clipboard Toggle word wrap

4. Create a record and test lookup (don’t forget the . at the end of the --name option) 

# designate record-create --name server1.example.com. --type A --data 1.2.3.4 $DOMAINID
# dig +short -p 53 @192.168.100.20 server1.example.com A
Copy to Clipboard Toggle word wrap

1. Modify the DNSaaS configuration for the example domain: 

$ crudini --set /etc/designate/designate.conf handler:nova_fixed domain_id $DOMAINID
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip domain_id $DOMAINID
# systemctl restart designate-api
# systemctl restart designate-central
# systemctl restart designate-mdns
# systemctl restart designate-pool-manager
# systemctl restart designate-sink
Copy to Clipboard Toggle word wrap

2. Test OpenStack Compute (nova) record creation: 

# glance image-list
# neutron net-list
# nova boot testserver --flavor m1.tiny --image cirros-0.3.4-x86_64 --key-name yourkey --security-groups default --nic net-id=<Private Net ID>
Copy to Clipboard Toggle word wrap

3. Check the Sink log:

Once the instance is up, you should see a create_record entry, if it has picked up the notification correctly: 

# tail /var/log/designate/sink.log
Copy to Clipboard Toggle word wrap

Check in BIND 

# dig +short @192.168.100.20 testserver.example.com
Copy to Clipboard Toggle word wrap

If this doesn’t work, you can also check the files in /var/named.

1. Perform the diagnostic commands below (replace pubnet1 with a name appropriate for your environment): 

# FLOATINGIP=$(neutron floatingip-create pubnet1 | grep floating_ip_address | awk '{print $4}')
# nova add-floating-ip testserver $FLOATINGIP
# DNSRESULT=$(echo $FLOATINGIP |sed 's/\./-/g').example.com
# dig +short @192.168.100.20 $DNSRESULT
Copy to Clipboard Toggle word wrap

2. You should see a create_record event in the log file: 

# tail /var/log/designate/sink.log
Copy to Clipboard Toggle word wrap

1. Remove the test floating IP created previously: 

# nova remove-floating-ip testserver $FLOATINGIP
Copy to Clipboard Toggle word wrap

2. You should see a delete_record event in the log file: 

# tail /var/log/designate/sink.log
Copy to Clipboard Toggle word wrap

And the record should now be removed.

3. Remove the testserver created previously: 

# designate record-list $DOMAINID
# nova delete testserver
Copy to Clipboard Toggle word wrap

You should see another delete_record entry in the log file: 

# tail /var/log/designate/sink.log
Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat