Exploring PowerDNS
Power Zone
Installing the PowerDNS Recursor
For this article, I'll assume Ubuntu Server 12.04 LTS is placed in my local LAN behind a firewall. I am placing this server behind my hardware firewall on an internal network because making a caching server available on the public Internet is as unwise as doing so with a proxy or open mail relay. Installing is as easy as entering:
sudo apt-get install pdns-recursor
Now I need to customize my configuration file by editing /etc/powerdns/recursor.conf. For brevity's sake, I only include the configuration variables I have changed herein (Listing 2). With my modified recursor.conf file, I restart my pdns-recursor:
sudo service pdns-recursor restart
Ubuntu has moved to Upstart instead of using SysVinit, so rather than the old school method of /etc/init.d start/stop/restart, I now use Upstart with the syntax sudo service <servicename> stop/start/restart.
Listing 2
Customizing recursor.conf
allow-from=192.168.1.0/24 # The 'allow-from' address specifies the network address space you want to service queries to with your PowerDNS recursor. Note you can use comma- separated individual IPs or networks in CIDR notation. # local-address=192.168.1.10 # 'local-address' specifies the address or addresses on which the recursor is to listen for queries. # version-string=Wait, this ain't no host file # Give out bogus version information when queried with 'dig @ns1.example.com -c CH -t txt version.bind'. I'd rather add some mystery. =)
rec_control
A bundled program, rec_control, lets you interact and control the PowerDNS recursor, which you can use to get statistics, check the status of the recursor, or even shut down the recursor. In this example,
$ sudo rec_control ping $ sudo rec_control get-all $ sudo rec_control get variable $ sudo rec_control quit
the commands (1) test if the server is up, (2) grab variable statistics, (3) grab a specific variable, and (4) quit PowerDNS. Note that you can query many variables with rec_control, which you can use for RDD graphing.
As I said before, PowerDNS supports a variety of back-end databases to hold zone data. Often, PowerDNS is configured with a database back end (MySQL, PostgreSQL, Microsoft SQL Server, Oracle, Sybase) and not flat text files (BIND back end).
In the first part of this article, I will explore using a BIND-compatible configuration for the situations in which you might not want to use a database. For example, a small organization might already be comfortable with a BIND configuration or not want the complexity of maintaining a database for DNS, or maybe you are in transition from BIND to PowerDNS.
Whatever the reason, PowerDNS has an easy way for you to use your existing BIND master zone configuration files to configure your PowerDNS server. In the second part of this article, I will cover the use of PowerDNS with a MySQL back end.
I. PowerDNS Authoritative Server (BIND-Compatible)
In this setup, you would create two servers (or even VM or cloud instances) for your primary and secondary servers in your DMZ for publicly accessible services. To begin, you need to install PowerDNS on your primary or master server:
sudo apt-get install pdns-server
The example PowerDNS primary DNS server configuration in /etc/powerdns for example.com
is shown in Listing 3. (For simplicity, the example omits the reverse DNS zone, but I recommend you create it. Unlike the forward zone, which maps the hostname to the IP address, the reverse zone maps the opposite – IP address to hostname.)
Listing 3
Primary DNS Server Configuration
sudo nano example.com.zone
example.com. 84600 IN SOA ns1.example.com. hostmaster.example.com. (
2013062901 ; serial
21600 ; refresh (6 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS ns1.example.com
NS ns2.example.com
MX 10 mail.example.com
ns1 A 192.168.1.10
ns2 A 192.168.1.11
mail A 192.168.1.13
www A 192.168.1.14
Many network services and applications require reverse zone mapping, so it is a good idea to add it. Now, create a slimmed-down version of an old favorite, named.conf (BIND configuration file), in /etc/powerdns containing the bare essentials (Listing 4).
Listing 4
bindbackend.conf
sudo nano bindbackend.conf
options {
directory "/etc/powerdns";
};
zone "example.com" {
type master;
file "example.com.zone";
};
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
PowerDNS: The Other Open Source Name Server
PowerDNS is an amazing, feature-rich, and versatile DNS server option.
-
Speed up Your Name Server with a MySQL Back End
PowerDNS is a secure, scalable, and reliable DNS server solution licensed under the GPL. We show you how to create a primary server with a MySQL back end managed by a Poweradmin web GUI.
-
PowerDNS Authoritative server high availability with MariaDB Galera
Combining the PowerDNS Authoritative server daemon with MariaDB's multiprimary Galera cluster allows a simple yet robust solution for your DNS needs.