diff --git a/Puppetfile b/Puppetfile
index 32d5a51a2..0f20ef3b3 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -212,7 +212,7 @@ mod 'python',
 
 mod 'dns',
   :git => 'https://github.com/theforeman/puppet-dns',
-  :ref => '3.4.0'
+  :ref => '3.4.1'
 
 mod 'corosync',
   :git => 'https://github.com/voxpupuli/puppet-corosync',
diff --git a/README.md b/README.md
index eb346b5bf..e6a888a46 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ scenario](#all-in-one).
 | cinder     |     rbd     |     iscsi   |             |    iscsi     |
 | ceilometer |      X      |             |             |              |
 | aodh       |      X      |             |             |              |
+| designate  |             |             |     bind    |              |
 | gnocchi    |     rbd     |             |             |              |
 | heat       |             |             |       X     |              |
 | swift      |             |       X     |             |              |
diff --git a/fixtures/scenario003.pp b/fixtures/scenario003.pp
index a41892dcd..f37099b42 100644
--- a/fixtures/scenario003.pp
+++ b/fixtures/scenario003.pp
@@ -70,12 +70,14 @@ include ::openstack_integration::heat
 # enable when we figure why mistral tempest tests are so unstable
 # include ::openstack_integration::mistral
 include ::openstack_integration::sahara
+include ::openstack_integration::designate
 include ::openstack_integration::provision
 
 class { '::openstack_integration::tempest':
-  trove   => $trove_enabled,
-  mistral => $mistral_enabled,
-  sahara  => true,
-  horizon => true,
-  heat    => true,
+  designate => true,
+  trove     => $trove_enabled,
+  mistral   => $mistral_enabled,
+  sahara    => true,
+  horizon   => true,
+  heat      => true,
 }
diff --git a/manifests/bind.pp b/manifests/bind.pp
new file mode 100644
index 000000000..03efce513
--- /dev/null
+++ b/manifests/bind.pp
@@ -0,0 +1,49 @@
+# Configures the BIND service for use with Designate's BIND backend
+#
+
+class openstack_integration::bind {
+
+  include ::openstack_integration::config
+  include ::openstack_integration::params
+
+  # Need some particular options that aren't default in ::dns when using
+  # designate with bind9 backend. Set them up.
+  $controls = {
+    "${::openstack_integration::config::host}" => {
+      'port'              => 953,
+      'allowed_addresses' => [ $::openstack_integration::config::host ],
+      'keys'              => [ 'rndc-key' ]
+    },
+  }
+  # NOTE (dmsimard): listen_on_v6 is false and overridden due to extended port
+  # configuration in additional_options
+  class { '::dns':
+    recursion          => 'no',
+    allow_recursion    => [],
+    controls           => $controls,
+    listen_on_v6       => false,
+    additional_options => {
+      'listen-on'     => 'port 5322 { any; }',
+      'listen-on-v6'  => 'port 5322 { any; }',
+      'auth-nxdomain' => 'no',
+    }
+  }
+
+  # /var/named is root:named on RedHat and /var/cache/bind is root:bind on
+  # Debian. Both groups only have read access but require write permission in
+  # order to be able to use rndc addzone/delzone commands that Designate uses.
+  file { $::dns::params::vardir:
+    mode    => 'g+w',
+    require => Package[$dns::params::dns_server_package]
+  }
+
+  # ::dns creates the rndc key but not a rndc.conf.
+  # Contribute this in upstream ::dns ?
+  file { '/etc/rndc.conf':
+    ensure  => present,
+    owner   => $::dns::params::owner,
+    group   => $::dns::params::group,
+    content => template("${module_name}/rndc.conf.erb"),
+    require => Package[$dns::params::dns_server_package]
+  }
+}
diff --git a/manifests/designate.pp b/manifests/designate.pp
new file mode 100644
index 000000000..ea160b1a8
--- /dev/null
+++ b/manifests/designate.pp
@@ -0,0 +1,116 @@
+# Configure the Designate service
+#
+
+class openstack_integration::designate {
+
+  include ::openstack_integration::config
+  include ::openstack_integration::params
+  include ::openstack_integration::bind
+
+  rabbitmq_user { 'designate':
+    admin    => true,
+    password => 'an_even_bigger_secret',
+    provider => 'rabbitmqctl',
+    require  => Class['::rabbitmq'],
+  }
+  rabbitmq_user_permissions { 'designate@/':
+    configure_permission => '.*',
+    write_permission     => '.*',
+    read_permission      => '.*',
+    provider             => 'rabbitmqctl',
+    require              => Class['::rabbitmq'],
+  }
+
+  class { '::designate::db::mysql':
+    password => 'designate',
+  }
+
+  class { '::designate':
+    rabbit_userid   => 'designate',
+    rabbit_password => 'an_even_bigger_secret',
+    rabbit_host     => $::openstack_integration::config::ip_for_url,
+    rabbit_port     => $::openstack_integration::config::rabbit_port,
+    rabbit_use_ssl  => $::openstack_integration::config::ssl,
+    debug           => true,
+  }
+
+  class { '::designate::db':
+    database_connection => 'mysql+pymysql://designate:designate@127.0.0.1/designate?charset=utf8'
+  }
+
+  include '::designate::client'
+
+  # TODO: Support SSL
+  class { '::designate::keystone::auth':
+    password     => 'a_big_secret',
+    public_url   => "http://${::openstack_integration::config::ip_for_url}:9001",
+    internal_url => "http://${::openstack_integration::config::ip_for_url}:9001",
+    admin_url    => "http://${::openstack_integration::config::ip_for_url}:9001",
+  }
+  class { '::designate::keystone::authtoken':
+    password            => 'a_big_secret',
+    user_domain_name    => 'Default',
+    project_domain_name => 'Default',
+    auth_url            => $::openstack_integration::config::keystone_admin_uri,
+    auth_uri            => $::openstack_integration::config::keystone_auth_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
+  }
+
+  class { '::designate::api':
+    api_host         => $::openstack_integration::config::host,
+    api_base_uri     => "http://${::openstack_integration::config::ip_for_url}:9001",
+    auth_strategy    => 'keystone',
+    enable_api_v2    => true,
+    enable_api_admin => true
+  }
+
+  # IPv6 doesn't work for mdns ? https://bugs.launchpad.net/designate/+bug/1501396
+  class { '::designate::mdns':
+    host => '127.0.0.1',
+    port => '5354',
+  }
+
+  class { '::designate::central':
+    backend_driver => 'bind9',
+  }
+
+  class { '::designate::pool_manager':
+    pool_id => '794ccc2c-d751-44fe-b57f-8894c9f5c842',
+  }
+
+  class { '::designate::pool_manager_cache::memcache':
+    memcached_servers => $::openstack_integration::config::memcached_servers,
+  }
+
+  class { '::designate::backend::bind9':
+    rndc_host        => $::openstack_integration::config::host,
+    rndc_config_file => '/etc/rndc.conf',
+    rndc_key_file    => $::dns::params::rndckeypath,
+  }
+
+  # TODO: Implement pools.yaml management in puppet-designate
+  file { '/etc/designate/pools.yaml':
+    ensure  => present,
+    content => template("${module_name}/pools.yaml.erb"),
+    require => Package['designate-common'],
+  }
+
+  # Validate that designate-central is ready for pool update
+  $command = "openstack --os-auth-url ${::openstack_integration::config::keystone_auth_uri} \
+--os-project-name services --os-username designate --os-password a_big_secret zone list"
+  openstacklib::service_validation { 'designate-central':
+    command     => $command,
+    timeout     => '15',
+    refreshonly => true,
+    require     => Service['designate-central']
+  }
+
+  exec { 'Update designate pools':
+    command     => 'designate-manage pool update --file /etc/designate/pools.yaml',
+    path        => '/usr/bin',
+    refreshonly => true,
+    logoutput   => 'on_failure',
+    subscribe   => File['/etc/designate/pools.yaml'],
+    require     => Openstacklib::Service_validation['designate-central']
+  }
+}
diff --git a/manifests/tempest.pp b/manifests/tempest.pp
index 62c44f8fe..bb8049287 100644
--- a/manifests/tempest.pp
+++ b/manifests/tempest.pp
@@ -12,6 +12,10 @@
 #   (optional) Define if Cinder needs to be tested.
 #   Default to false.
 #
+# [*designate*]
+#   (optional) Define if Designate needs to be tested.
+#   Default to false.
+#
 # [*glance*]
 #   (optional) Define if Glance needs to be tested.
 #   Default to true.
@@ -68,6 +72,7 @@ class openstack_integration::tempest (
   $aodh                    = false,
   $ceilometer              = false,
   $cinder                  = false,
+  $designate               = false,
   $glance                  = true,
   $gnocchi                 = false,
   $heat                    = false,
@@ -116,6 +121,7 @@ class openstack_integration::tempest (
     image_name              => 'cirros',
     image_name_alt          => 'cirros_alt',
     cinder_available        => $cinder,
+    designate_available     => $designate,
     glance_available        => $glance,
     horizon_available       => $horizon,
     nova_available          => $nova,
diff --git a/templates/pools.yaml.erb b/templates/pools.yaml.erb
new file mode 100644
index 000000000..62a9eb13f
--- /dev/null
+++ b/templates/pools.yaml.erb
@@ -0,0 +1,29 @@
+---
+- name: default
+  description: Puppet BIND Pool
+  attributes: {}
+
+  ns_records:
+    - hostname: ns1.example.org.
+      priority: 1
+
+  nameservers:
+    - host: <%= scope.lookupvar("openstack_integration::config::host") %>
+      port: 5322
+
+  targets:
+    - type: bind9
+      description: BIND Instance
+
+      masters:
+        # mdns doesn't support ipv6
+        - host: 127.0.0.1
+          port: 5354
+
+      options:
+        host: <%= scope.lookupvar("openstack_integration::config::host") %>
+        port: 5322
+        rndc_host: <%= scope.lookupvar("openstack_integration::config::host") %>
+        rndc_port: 953
+        rndc_config_file: /etc/rndc.conf
+        rndc_key_file: /etc/rndc.key
diff --git a/templates/rndc.conf.erb b/templates/rndc.conf.erb
new file mode 100644
index 000000000..ce1d3c6b0
--- /dev/null
+++ b/templates/rndc.conf.erb
@@ -0,0 +1,6 @@
+include "/etc/rndc.key";
+options {
+        default-key "rndc-key";
+        default-server <%= scope.lookupvar("openstack_integration::config::host") %>;
+        default-port 953;
+};