openstack
/
charm-designate-bind
Code Issues Proposed changes
charm-designate-bind/src
History
Alex Kavanagh 9c6ea51484 Test bundles for focal-wallaby and hirsute-wallaby 
These are the test bundles (and any associated changes) for
focal-wallaby and hirsute-wallaby support.

hisute-wallaby test is disabled (moved to dev) due to [1].

[1] https://github.com/juju-solutions/layer-basic/issues/194

Change-Id: I51d16d692b1456f157b54d35eec892c14946ea4d
 		2021-05-06 09:56:20 +00:00
..
files Sync charm/ceph helpers, tox, and requirements 2019-10-01 12:58:02 -05:00
lib/charm/openstack Allow access from remote designate units 2020-07-21 10:04:11 +01:00
reactive Add functional tests 2016-07-13 14:07:13 +00:00
templates Allow access from remote designate units 2020-07-21 10:04:11 +01:00
tests Test bundles for focal-wallaby and hirsute-wallaby 2021-05-06 09:56:20 +00:00
README.md Minor tweak to README wording. 2019-10-30 17:05:52 +00:00
config.yaml Allow disabling dnssec-validation 2018-08-14 20:50:35 +09:00
icon.svg Add charm icon with Designate project logo 2016-08-03 14:59:12 -05:00
layer.yaml Rebuild for sync layer-openstack 2019-08-22 09:00:19 +02:00
metadata.yaml Add hirsute and remove trusty from metadata.yaml 2021-03-02 20:55:15 +00:00
test-requirements.txt Updates to flip all libraries back to master 2021-05-03 16:04:28 +01:00
tox.ini Sync release-tools 2020-12-11 13:55:49 +01:00
wheelhouse.txt Updates to flip all libraries back to master 2021-05-03 16:04:28 +01:00

README.md

Overview

This charm provides a bind server to store DNS records generated by designate.

Usage

The designate-bind charm relies on the designate charm.

juju deploy designate-bind
juju deploy designate
juju add-relation designate designate-bind

Recursion and forwarders

By default, this charm only resolves names in zones managed by Designate. You can optionally enable recursion or forwarders to resolve names outside of Designate, such as google.com or archive.ubuntu.com.

Recursion and forwarders should be enabled with extra care. You should also enable ACLs with allowed_nets and/or allowed_recursion_nets. Otherwise, the DNS server may be open for anyone which could be used for some attacks as an open resolver.

For example, when you want to allow DNS clients in local networks only, and use 8.8.8.8 and 8.8.4.4 as upstream DNS servers, You can set charm options like:

juju config designate-bind allowed_nets='10.0.0.0/8;172.16.0.0/12;192.168.0.0/16'
juju config designate-bind forwarders='8.8.8.8;8.8.4.4'

Or if you want to use BIND9 set up by the charm as a full-service resolver, set the following options for example:

juju config designate-bind allowed_nets='10.0.0.0/8;172.16.0.0/12;192.168.0.0/16'
juju config designate-bind recursion=true

Network Space support

This charm supports the use of Juju Network Spaces, allowing the charm to be bound to network space configurations managed directly by Juju. This is only supported with Juju 2.0 and above.

A network space to be used for communication with Designate can be specified by "dns-backend" binding.

Extra binding can be specified with "dns-frontend" binding for an additional network space to bind DNS server for clients outside of the Juju model.

To use this feature, use the --bind option when deploying the charm:

juju deploy designate-bind --bind "default-space dns-frontend=public-space dns-backend=internal-space"

alternatively these can also be provided as part of a juju native bundle configuration:

designate-bind:
  charm: cs:designate-bind
  num_units: 1
  bindings:
    '': default-space
    dns-frontend: public-space
    dns-backend: internal-space

NOTE: Spaces must be configured in the underlying provider prior to attempting to use them.

Bugs

Please report bugs on Launchpad.

For general questions please refer to the OpenStack Charm Guide.