Blacklisting Domain Names

Zone and recordset names can be blacklisted in Designate, disallowing the creation of certain names, specified by regular expressions.

The simple use case here could be “I don’t want anyone to be able to create anything with in it!”, or maybe disallowing subzones on a certain zone. Or simply disallowing the creation of a single zone, like

If wanted to blacklist and all of it’s subdomains, we could make the following API calls.

POST /v2/blacklists/ HTTP/1.1
Accept: application/json
Content-Type: application/json

  "pattern" : "^([A-Za-z0-9_\\-]+\\.)*example\\.com\\.$",
  "description" : "This blacklists \*"


Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db

   "description": "This blacklists \*",
   "links": {
     "self": ""
   "pattern": "^([A-Za-z0-9_\\-]+\\.)*example\\.com\\.$",
   "created_at": "2016-05-20 06:15:42",
   "updated_at": null,
   "id": "af91edb5-ede8-453f-af13-feabdd088f9c"

Now, if someone were to try and create, or they would encounter an error:

Content-Type: application/json
X-Openstack-Request-Id: req-b7be7770-ec4f-4573-b4db-70f95475f691

  "message": "Blacklisted zone name",
  "code": 400,
  "type": "invalid_zone_name",
   "request_id": "req-b7be7770-ec4f-4573-b4db-70f95475f691"

Blacklists can be deleted, just like an other resource in the API, DELETE /v2/blacklists/<id>.

Regular Expressions

The regular expressions used here can be a bit difficult to wrap your mind around at first. Try using a tool like

It’s important to note that the regular expressions we enter are similar to Python regular expressions, but we need to escape certain characters when we make HTTP calls.

This means that if you wanted to debug this regex:


you’re really working with this regex: