The project runs authoritative DNS servers for any constituent projects that wish to use them. The servers run NSD.

At a Glance

  • ns1.openstack.org
  • ns2.openstack.org
  • ns1.opendev.org
  • ns2.opendev.org

Adding a Zone

To add a new zone, add an entry to system-config: manifests/site.pp, system-config: modules/openstack_project/manifests/master_nameserver.pp and create a new git repository to hold the contents of the zone.


dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.net

And add the resulting files to the dnssec_keys key in the group/adns.yaml private hiera file on puppetmaster.

If you need to generate DS records for the registrar, identify which of the just-created key files is the key-signing key (examine the contents of the files and read the comments therein). Then run:

dnssec-dsfromkey -2 $KEYFILE


This section will be expanded.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.