Exploring PowerDNS
Power Zone
PowerDNS Configuration File
General PowerDNS service is governed by a single configuration file, /etc/powerdns/pdns.conf, to which you need to add the lines in Listing 5. When properly configured, enter
sudo service pdns restart
to restart your PowerDNS service.
Listing 5
pdns.conf Additions
allow-axfr-ips=192.168.1.11 # IP Address allowed to perform AXFR. # bind-check-interval=300 # Tell server how often to check for zone changes. # launch=bindbind-config=/etc/powerdns/bindbackend.conf # Tell PowerDNS to launch with BIND back end using the specified configuration file. # local-address=192.168.1.10 # Specifies the local IP on which PowerDNS listens. # master=yes # Tells PowerDNS to run this as the primary server. This primary server will send out a special notify packet to notify the secondary or slave of updates. # setgid=pdns # Sets Group ID to pdns for improved security # setuid=pdns # Sets user id to pdns for improved security # version-string=anonymous # No server version is divulged via dig query (e.g., dig @ns1.example.com -c CH -t txt version.bind). I'd rather make script kiddies work harder. =)
Secondary Server (BIND Back End)
To get your configuration going, you first need to install PowerDNS on the secondary, or slave, server:
sudo apt-get install pdns-server
Just as with the primary sever, you create a slimmed-down version of named.conf (the old BIND configuration file), in /etc/powerdns/bindbackend.conf, containing only the bare essentials:
sudo nano bindbackend.conf
options {
directory "/etc/powerdns";
};
zone "example.com" {
type slave;
file "example.com.zone";
masters { 192.168.1.10; };
};Note that because you are running with the setgid/setuid of the pdns user on the slave server, you need to change owner and group to that user:
sudo chown -R pdns:pdns /etc/powerdns
To configure a secondary DNS server with a BIND back end (BIND-compatible text configuration files), you need to add the lines in Listing 6 to pdns.conf (located in /etc/powerdns). Finally, you want to HUP or restart the PowerDNS service:
sudo service pdns restart
Once you have the servers up and running, you can dig query them to check the records and take a peek at /var/log/syslog to assure they are indeed talking. (See the box "Testing the PowerDNS Server.) Now, go ahead and experiment with your newly created domain. As with the recursor, PowerDNS has even more tools and utilities on offer, and pdns_control is among them (Table 2).
Listing 6
Secondary DNS Server Configuration
launch=bind bind-config=/etc/powerdns/bindbackend.conf # Tell PowerDNS to launch with BIND back end using the specified configuration file # bind-check-interval=300 # Tell server how often to check for zone changes # local-address=192.168.1.11 # Specifies the local IP on which PowerDNS listens # setgid=pdns # Sets Group ID to pdns for improved security # setuid=pdns # Sets user id to pdns for improved security # slave=yes # Variable identifies this server as a secondary or slave server # version-string=anonymous # No server version is divulged via a dig inquiry (e.g., dig @ns1.example.com -c CH -t txt version.bind). Oh, the mystery!
Testing the PowerDNS Server
Once your server is up and running, you should do a bit of testing to make sure it is working:
primary:~$dig +norecurs @127.0.0.1 ns1.example.com A dig +norecurs @127.0.0.1 ns1.example.com A ; <<>> DiG 9.9.2-P1 <<>> +norecurs @127.0.0.1 ns1.example.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62937 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.example.com. IN A ;; ANSWER SECTION: ns1.example.com. 86400 IN A 192.168.1.10
If your server isn't responding to queries, you can start troubleshooting the issue by checking whether PowerDNS is running with ps and taking a look at your trusty syslog logs (tail your logfiles). Additionally, the feature-rich PowerDNS package includes the pdns_control application, which lets you see the server status and restart and generally control your PowerDNS server (Table 2).
Table 2
Using pdns_control
| Action | Command |
|---|---|
| Test to see whether the server is alive | sudo pdns_control ping
|
| Purge the cache entries | sudo pdns_control purge
|
| Inform the back ends that contents of the domains have changed | sudo pdns_control reload
|
| Show usage statistics | sudo pdns_control status
|
Show a specific statistic (use * for complete verbose details)
|
sudo pdns_control <variable>
|
| Restart a PowerDNS instance | sudo pdns_control cycle
|
II. PowerDNS Authoritative Server (MySQL Back End)
As stated before, PowerDNS supports an outstanding array of databases to hold zone data; however, I will limit my coverage for the remainder of this article to its use with a primary server with a MySQL back end with the Poweradmin web GUI.
The example environment will be built upon Ubuntu Server 12.04 LTS Precise Pangolin, and I'm assuming you have built your server and patched it as described above before continuing with the rest of this exercise:
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
PowerDNS: The Other Open Source Name Server
PowerDNS is an amazing, feature-rich, and versatile DNS server option.
-
Speed up Your Name Server with a MySQL Back End
PowerDNS is a secure, scalable, and reliable DNS server solution licensed under the GPL. We show you how to create a primary server with a MySQL back end managed by a Poweradmin web GUI.
-
PowerDNS Authoritative server high availability with MariaDB Galera
Combining the PowerDNS Authoritative server daemon with MariaDB's multiprimary Galera cluster allows a simple yet robust solution for your DNS needs.