Current Series Release Notes

22.0.0-30

New Features

  • TLSA recordset type has been added. All users can now create and manage TLSA records via the API and the OpenStack client. This enables DANE-based certificate validation directly through Designate.

  • The worker can now optionally sign NOTIFY and SOA poll messages with a TSIG key. In split-horizon deployments where the DNS server routes queries based on TSIG keys, this ensures that NOTIFY and serial polling reach the correct view regardless of the worker’s source IP.

    To enable, set tsigkey_id on pool nameservers and/or pool targets in pools.yaml, referencing a TSIG key created via the Designate API. When not set, the worker sends unsigned queries as before.

  • The zone import endpoint (POST /v2/zones/tasks/imports) now accepts application/json as a content type in addition to text/dns. When using JSON, the request body can include a zonefile field containing the zonefile content and an optional attributes field with zone attributes (e.g. pool_id). This allows imported zones to be scheduled to a specific pool, which was previously not possible. The existing text/dns behavior is unchanged.

Known Issues

  • Only standard TLSA parameters are supported (usage, selector, matching type, certificate data). Arbitrary extensions or non-standard formats are not currently supported.

Upgrade Notes

  • A new tsigkey_id column has been added to the pool_nameservers table. Run designate-manage database upgrade to apply the migration. The column is nullable and defaults to NULL, so no action is required for existing deployments.

  • A database migration adds STOPPED to the service_statuses enum.

  • Python 3.10 support has been dropped. The minimum version of Python now supported is Python 3.11.

Bug Fixes

  • Zone export now validates the api_export_size quota synchronously before accepting the async export job. Previously, users would receive a 202 Accepted response, then discover the quota violation only after polling the export status, which showed an ERROR state. With this fix, users receive an immediate 413 Request Entity Too Large error when attempting to export a zone that exceeds the quota limit.

    This provides better user experience by giving immediate feedback and prevents wasted resources on doomed async jobs. The implementation uses the same quota validation pattern already employed by zone and recordset creation operations.

    See bug 1960495 for more information.

  • Services now report a STOPPED status on shutdown, fixing duplicate service_status entries when a service restarts on a different host (bug 1998906).

  • Added two periodic producer tasks: one to mark services as DOWN when their heartbeat exceeds a configurable threshold, and another to clean up STOPPED service entries. These tasks are auto-enabled by default when enabled_tasks is not explicitly configured. To exclude them, set enabled_tasks in the [producer] section of your configuration.

  • The periodic cleanup producer task now also deletes stale DOWN service entries whose last heartbeat exceeds a configurable time_threshold (default 7 days). This prevents indefinite accumulation of DOWN entries, particularly in container deployments with randomized hostnames. Set time_threshold to 0 in the [producer_task:periodic_cleanup_stopped_service_status] section to disable cleanup of DOWN entries.

  • Fixed the backend-multipool-bind9 devstack plugin to work with bind9 1:9.20.5-1 and later (Ubuntu 26.04+), where legacy configuration files (zones.rfc1918, named.conf.default-zones, and db.*) were removed in favor of BIND’s native empty-zones-enable directive. The plugin now guards these file copies with existence checks and also copies the new named.conf.root-hints file introduced as a replacement. See bug 2158627 for more information.

  • Fixed mDNS _handle_record_query to use TSIG-based pool scoping when looking up SOA and other record queries. Previously, when the same zone name existed in multiple pools (e.g. split-horizon DNS), the handler would find multiple matching recordsets and return REFUSED. The handler now resolves the zone first using the TSIG key’s pool_id, then looks up the recordset within that zone.

  • Fixed the backend-pdns4 devstack plugin to work with PowerDNS Authoritative Server 5.0+ (Ubuntu 26.04+), where the master and slave configuration settings were removed (deprecated since 4.5.0, removed in 4.9.0). The generated pdns.conf now uses the replacement primary and secondary settings.

  • [bug 1934120] Fixed an issue where TSIG keys could be created with mismatched scope and resource_id values. Previously, it was possible to create a TSIG key with scope='ZONE' but provide a pool UUID in resource_id, or vice versa. This could cause operational issues where TSIG authentication would fail with confusing “Zone not found” errors.

    TSIG key creation and updates now validate that the resource_id matches the specified scope type. If scope='ZONE', the resource_id must be a valid zone UUID. If scope='POOL', the resource_id must be a valid pool UUID. Invalid combinations are rejected with a clear error message at creation/update time.

  • Fixed a bug that didn’t allow zones to be moved from non-default pools to default pools.

Other Notes

  • TLSA records follow RFC 6698. Clients and resolvers must support DANE to fully utilize these records. Ensure your DNS server software is updated to support TLSA queries and responses correctly.