Exploring PowerDNS

Power Zone

Creating a Master DNS Server

To get your configuration going, you need to install PowerDNS on your primary or master server by modifying the lines shown in Listing 7 in /etc/powerdns/pdns.d/pdns.local.gmysql. Finally, you want to restart your PowerDNS service with:

sudo service pdns restart

With a base PowerDNS configuration and your servers up and running, you can now install your packages and set up your MySQL back end. (Also see the box "Testing the PowerDNS Server.)

Listing 7

Creating a Master DNS Server

#
# MySQL back end configuration
#
launch=gmysql
# Tells our PowerDNS server we are using MySQL backend
config-dir=/etc/powerdns/pdns.d/
# Specifies our configuration file
gmysql-host=127.0.0.1
# Configures the IP address that PowerDNS will listen on gmysql-user=puser
# Our configured PowerDNS username
gmysql-password=pleasepickastrongpassword
# This is our MySQL password. Please, for the love of all that is sacred, stop using weak passwords!
gmysql-dbname=pdns
# This details which MySQL database PowerDNS should use.
local-address=192.168.1.10
# Specifies the local IP for PowerDNS to listen on.
master=yes
# This tells PowerDNS to run this as the primary server. This primary server will send out a special notify packet to notify the secondary or slave of updates.
setgid=pdns
# Sets Group ID to this one for improved security
setuid=pdns
# Sets user id to this for improved security
version-string=Hostfile 0.1 Alpha
# Bogus server version is divulged via dig quiry, such as dig @ns1.example.com -c CH -t txt version.bind. There is no security through obscurity, but there is certainly absurdity... =P

MySQL Database

To begin, simply install MySQL with the command:

primary:~$sudo apt-get install mysql-server mysql-common

As part of the installer, you will be asked to set your MySQL root passwords. Please choose a strong password. Your yet-to-be-configured server needs a bit of tweaking before you can add databases and users, so navigate over to edit /etc/mysql/my.cnf in your favorite text editor. In this case, you are going to change the address to which the MySQL servicer listens on your server localhost:

Bind-address            = 127.0.0.1

Now you can connect to your newly minted MySQL server and begin configuring it:

primary:~$mysql -h localhost -u root -p

Next, create and configure a MySQL database,

create database pdns;

then add a user that will have access to that database:

GRANT ALL ON pdns.* TO 'puser'@'localhost' IDENTIFIED BY 'pleasepickastrongpassword';
GRANT ALL ON pdns.* TO 'puser'@'localhost.localdomain' IDENTIFIED BY 'pleasepickastrongpassword';
FLUSH PRIVILEGES;

Now you can create the database required for your install of PowerDNS (Listing 8). Of course, you can do much more to secure MySQL [5], but for the sake of brevity, I don't include much detail. Like any other application, it needs some extra attention to improve security from its default installed state.

Listing 8

Creating the Database

use pdns;
create table domains (
  id              INT auto_increment,
  name            VARCHAR(255) NOT NULL,
  master          VARCHAR(128) DEFAULT NULL,
  last_check      INT DEFAULT NULL,
  type            VARCHAR(6) NOT NULL,
  notified_serial INT DEFAULT NULL,
  account         VARCHAR(40) DEFAULT NULL,
  primary key (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
  id              INT auto_increment,
  domain_id       INT DEFAULT NULL,
  name            VARCHAR(255) DEFAULT NULL,
  type            VARCHAR(10) DEFAULT NULL,
  content         VARCHAR(64000) DEFAULT NULL,
  ttl             INT DEFAULT NULL,
  prio            INT DEFAULT NULL,
  change_date     INT DEFAULT NULL,
  primary key(id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
create table supermasters (
  ip         VARCHAR(64) NOT NULL,
  nameserver VARCHAR(255) NOT NULL,
  account    VARCHAR(40) DEFAULT NULL
) Engine=InnoDB;
quit;

Poweradmin

At this point, you could manage this PowerDNS configuration back end in many ways. Unlike simple text-file-based configuration (the BIND-compatible back end covered in the first part of this article), you would have to use any number of database management tools, bake your own scripts, or use a web administration interface. Generally, if you don't plan to script or code your own solution, going with a web GUI is a good choice. A graphical interface has many benefits: easing administration, encouraging proper syntax, and decreasing syntactic errors.

Poweradmin is an open source, friendly, and easy-to-use web GUI for PowerDNS that supports key features. With this feature-rich web application, you will be managing your DNS environment in no time flat. However, before starting, you need to install it. Like most applications, it has a few prerequisites:

  • MySQL or PostgreSQL
  • Apache
  • PHP
  • session, gettext, mcrypt PHP modules
  • PEAR, PEAR::MDB2
  • GNU gettext

Because a nifty Poweradmin package is lacking, you have to install the prerequisites and then grab the binaries:

primary:~$sudo apt-get install apache2 libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php-pear php5-imap php5-mcrypt php5-common php5-ming php5-mysql php5-xmlrpc gettext
primary:~$sudo pear install MDB2
primary:~$sudo pear install MDB2_Driver_mysql

Now that you have your prerequisites, you can install the Poweradmin application itself :

primary:~$cd /tmp
primary:~$wget https://github.com/downloads/Poweradmin/Poweradmin/Poweradmin-2.1.6.tgz
primary:~$tar xvfz Poweradmin-2.1.4.tgz
primary:~$mv Poweradmin-2.1.4 /var/www/Poweradmin
primary:~$touch /var/www/Poweradmin/inc/config.inc.php
primary:~$chown -R www-data:www-data /var/www/Poweradmin/

Note that I've only highlighted the steps that might require some user customization. Obvious steps (shown in Figures 1-4) were explicitly excluded. Once you've set up Poweradmin, you can fire up the browser of your choice and connect to http://primary/Poweradmin/install/index.php .

Figure 1: Select your language.
Figure 2: Enter your MySQL information.
Figure 3: Enter your basic DNS domain information.
Figure 4: Instructions on how to grant Poweradmin rights.

For Poweradmin to update data in the tables, you need to give it some limited rights. To do this, you should create a new user and give it rights to select, delete, insert, and update records in the PowerDNS database. After you have added the new user, go back to MySQL and execute:

primary:~$mysql -h localhost -u root -p
use pdns;
GRANT SELECT, INSERT, UPDATE, DELETE
ON pdns.*
TO 'padmin'@'localhost'
IDENTIFIED BY 'pleasepickastrongpassword';
quit;

Once you are finished with the initial setup, you should do one more thing for security's sake,

primary:~$rm -fr /var/www/Poweradmin/install/

which removes the install directory.

Like other PHP-based web applications, Poweradmin has a core configuration file that you can edit and customize to your heart's content in the file /var/www/Poweradmin/inc/config.inc.php. If you want to further customize your config file, you can edit this or explore the rest of this application's subdirectories.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus