Chapter 6. Viewing and managing quotas on DNS resources

Red Hat OpenStack Platform (RHOSP) provides a set of DNS resource quotas that cloud administrators can modify using the DNS service (designate). Using DNS quotas can help you to secure your RHOSP site from events like denial-of-service attacks, by setting a limit on projects' DNS resources. Using DNS quotas can also help you to track your users' DNS resource consumption. Cloud administrators can set DNS quota values that apply to all projects, or configure one or more quotas on a project-by-project basis.

The topics included in this section are:

6.1. Viewing quotas for DNS resources

You can view resource quotas for Red Hat OpenStack Platform (RHOSP) projects by using the DNS service (designate).

Prerequisites

  • You must be a member of the project whose quotas you want to view.
  • A RHOSP user with the admin role can view quotas for any project.

Procedure

  1. Source your credentials file.

    Example

    $ source ~/overcloudrc

  2. View the DNS resource quotas set for your project: 

    $ openstack dns quota list

    Sample output

    +-------------------+-------+
| Field             | Value |
+-------------------+-------+
| api_export_size   | 1000  |
| recordset_records | 20    |
| zone_records      | 500   |
| zone_recordsets   | 500   |
| zones             | 10    |
+-------------------+-------+

  3. A RHOSP user with the admin role can query the quotas for other projects:

    1. Obtain the ID for the project whose quotas you want to modify.

      Remember the ID, because you need it for a later step. 

      $ openstack project list

    2. Using the project ID, view the DNS resource quotas set for the project.

      Example

      In this example, the DNS quotas for project ID ecd4341280d645e5959d32a4b7659da1 are displayed: 

      $ openstack dns quota list --project-id ecd4341280d645e5959d32a4b7659da1

      Sample output

      +-------------------+-------+
| Field             | Value |
+-------------------+-------+
| api_export_size   | 2500  |
| recordset_records | 25    |
| zone_records      | 750   |
| zone_recordsets   | 750   |
| zones             | 25    |
+-------------------+-------+

Additional resources

6.2. Modifying quotas for DNS resources

You can change DNS resource quotas for Red Hat OpenStack Platform (RHOSP) projects by using the DNS service (designate).

Prerequisites

  • You must be a RHOSP user with the admin role.

Procedure

  1. As a cloud administrator, source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Obtain the ID for the project whose quotas you want to modify.

    Remember the ID, because you need it for a later step. 

    $ openstack project list

  3. Using the project ID, modify a DNS resource quota for a project. For a list of available quotas, see Section 6.4, “DNS service quotas and their default values”.

    Example

    In this example, the zones quota has been modified. The total number of zones that project ID ecd4341280d645e5959d32a4b7659da1 can contain is 30: 

    $ openstack dns quota set --project-id ecd4341280d645e5959d32a4b7659da1 --zones 30

    Sample output

    +-------------------+-------+
| Field             | Value |
+-------------------+-------+
| api_export_size   | 1000  |
| recordset_records | 20    |
| zone_records      | 500   |
| zone_recordsets   | 500   |
| zones             | 30    |
+-------------------+-------+

Additional resources

6.3. Resetting DNS resource quotas to their default values

You can reset DNS resource quotas for Red Hat OpenStack Platform (RHOSP) projects to their default values by using the DNS service (designate).

Prerequisites

  • You must be a RHOSP user with the admin role.

Procedure

  1. As a cloud administrator, source your credentials file.

    Example

    $ source ~/overcloudrc

  2. Obtain the ID for the project whose quotas you want to reset.

    Remember the ID, because you need it for a later step. 

    $ openstack project list

  3. Using the project ID, reset the DNS resource quotas for a project.

    Example

    In this example, the quotas for a project whose ID is ecd4341280d645e5959d32a4b7659da1 are being reset to the default values: 

    $ openstack dns quota reset --project-id ecd4341280d645e5959d32a4b7659da1

    There is no output from a successful openstack dns quota reset command.

Verification

  • Confirm that the DNS resource quotas for the project have been reset:

    Example

    $ openstack dns quota list --project-id ecd4341280d645e5959d32a4b7659da1

    Sample output

    +-------------------+-------+
| Field             | Value |
+-------------------+-------+
| api_export_size   | 1000  |
| recordset_records | 20    |
| zone_records      | 500   |
| zone_recordsets   | 500   |
| zones             | 10    |
+-------------------+-------+

Additional resources

6.4. DNS service quotas and their default values

The Red Hat OpenStack Platform (RHOSP) DNS service (designate) has quotas that a cloud administrator can set to limit DNS resource consumption by cloud users in one or in all RHOSP projects.

Table 6.1. Zone quotas

QuotaDefaultDescription

zones

10

The number of zones allowed per project.

Table 6.2. Records and record set quotas

QuotaDefaultDescription

zone_recordsets

500

The number of record sets allowed per zone.

zone_records

500

The number of records allowed per zone.

recordset_records

20

The number of records allowed per record set.

Table 6.3. Zone export quotas

QuotaDefaultDescription

api_export_size

1000

The number of record sets allowed in a zone export.