Exploring PowerDNS
Power Zone
Creating a Master DNS Server
To get your configuration going, you need to install PowerDNS on your primary or master server by modifying the lines shown in Listing 7 in /etc/powerdns/pdns.d/pdns.local.gmysql
. Finally, you want to restart your PowerDNS service with:
sudo service pdns restart
With a base PowerDNS configuration and your servers up and running, you can now install your packages and set up your MySQL back end. (Also see the box "Testing the PowerDNS Server.)
Listing 7
Creating a Master DNS Server
# # MySQL back end configuration # launch=gmysql # Tells our PowerDNS server we are using MySQL backend config-dir=/etc/powerdns/pdns.d/ # Specifies our configuration file gmysql-host=127.0.0.1 # Configures the IP address that PowerDNS will listen on gmysql-user=puser # Our configured PowerDNS username gmysql-password=pleasepickastrongpassword # This is our MySQL password. Please, for the love of all that is sacred, stop using weak passwords! gmysql-dbname=pdns # This details which MySQL database PowerDNS should use. local-address=192.168.1.10 # Specifies the local IP for PowerDNS to listen on. master=yes # This tells PowerDNS to run this as the primary server. This primary server will send out a special notify packet to notify the secondary or slave of updates. setgid=pdns # Sets Group ID to this one for improved security setuid=pdns # Sets user id to this for improved security version-string=Hostfile 0.1 Alpha # Bogus server version is divulged via dig quiry, such as dig @ns1.example.com -c CH -t txt version.bind. There is no security through obscurity, but there is certainly absurdity... =P
MySQL Database
To begin, simply install MySQL with the command:
primary:~$sudo apt-get install mysql-server mysql-common
As part of the installer, you will be asked to set your MySQL root passwords. Please choose a strong password. Your yet-to-be-configured server needs a bit of tweaking before you can add databases and users, so navigate over to edit /etc/mysql/my.cnf
in your favorite text editor. In this case, you are going to change the address to which the MySQL servicer listens on your server localhost:
Bind-address = 127.0.0.1
Now you can connect to your newly minted MySQL server and begin configuring it:
primary:~$mysql -h localhost -u root -p
Next, create and configure a MySQL database,
create database pdns;
then add a user that will have access to that database:
GRANT ALL ON pdns.* TO 'puser'@'localhost' IDENTIFIED BY 'pleasepickastrongpassword'; GRANT ALL ON pdns.* TO 'puser'@'localhost.localdomain' IDENTIFIED BY 'pleasepickastrongpassword'; FLUSH PRIVILEGES;
Now you can create the database required for your install of PowerDNS (Listing 8). Of course, you can do much more to secure MySQL [5], but for the sake of brevity, I don't include much detail. Like any other application, it needs some extra attention to improve security from its default installed state.
Listing 8
Creating the Database
use pdns; create table domains ( id INT auto_increment, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, primary key (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id INT auto_increment, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, primary key(id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); create table supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) DEFAULT NULL ) Engine=InnoDB; quit;
Poweradmin
At this point, you could manage this PowerDNS configuration back end in many ways. Unlike simple text-file-based configuration (the BIND-compatible back end covered in the first part of this article), you would have to use any number of database management tools, bake your own scripts, or use a web administration interface. Generally, if you don't plan to script or code your own solution, going with a web GUI is a good choice. A graphical interface has many benefits: easing administration, encouraging proper syntax, and decreasing syntactic errors.
Poweradmin is an open source, friendly, and easy-to-use web GUI for PowerDNS that supports key features. With this feature-rich web application, you will be managing your DNS environment in no time flat. However, before starting, you need to install it. Like most applications, it has a few prerequisites:
- MySQL or PostgreSQL
- Apache
- PHP
session
,gettext
,mcrypt
PHP modulesPEAR
,PEAR::MDB2
- GNU
gettext
Because a nifty Poweradmin package is lacking, you have to install the prerequisites and then grab the binaries:
primary:~$sudo apt-get install apache2 libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php-pear php5-imap php5-mcrypt php5-common php5-ming php5-mysql php5-xmlrpc gettext primary:~$sudo pear install MDB2 primary:~$sudo pear install MDB2_Driver_mysql
Now that you have your prerequisites, you can install the Poweradmin application itself :
primary:~$cd /tmp primary:~$wget https://github.com/downloads/Poweradmin/Poweradmin/Poweradmin-2.1.6.tgz primary:~$tar xvfz Poweradmin-2.1.4.tgz primary:~$mv Poweradmin-2.1.4 /var/www/Poweradmin primary:~$touch /var/www/Poweradmin/inc/config.inc.php primary:~$chown -R www-data:www-data /var/www/Poweradmin/
Note that I've only highlighted the steps that might require some user customization. Obvious steps (shown in Figures 1-4) were explicitly excluded. Once you've set up Poweradmin, you can fire up the browser of your choice and connect to http://primary/Poweradmin/install/index.php .
For Poweradmin to update data in the tables, you need to give it some limited rights. To do this, you should create a new user and give it rights to select, delete, insert, and update records in the PowerDNS database. After you have added the new user, go back to MySQL and execute:
primary:~$mysql -h localhost -u root -p use pdns; GRANT SELECT, INSERT, UPDATE, DELETE ON pdns.* TO 'padmin'@'localhost' IDENTIFIED BY 'pleasepickastrongpassword'; quit;
Once you are finished with the initial setup, you should do one more thing for security's sake,
primary:~$rm -fr /var/www/Poweradmin/install/
which removes the install
directory.
Like other PHP-based web applications, Poweradmin has a core configuration file that you can edit and customize to your heart's content in the file /var/www/Poweradmin/inc/config.inc.php
. If you want to further customize your config file, you can edit this or explore the rest of this application's subdirectories.