Installing PowerDNS on Ubuntu Bionic Beaver (18.04 LTS)

PowerDNS Overview

The PowerDNS authoritative server is an open-source DNS server written in C++. An authoritative DNS server is a server that contains a database of public IP addresses and their associated domain names. Its purpose is to resolve, those common names into machine-understandable IP addresses as requested.

PowerDNS runs on most Linux distributions and other Unix derivatives. The software comes with a set of back-end and front-end applications making it flexible and customizable.

In this tutorial, you will learn the basics about the installation of a PowerDNS authoritative server with a MySQL (MariaDB) backend and PowerDNS Admin as frontend, running on Ubuntu 18.04 LTS (Bionic Beaver).

Requirements

• You have an account and are logged into console.scaleway.com
• You have configured your SSH Key
• You have at least two virtual cloud instances running on Ubuntu Bionic Beaver

Installing PowerDNS

Note: This section covers the basic installation of PowerDNS. Execute these steps of all of your instances (primary and secondary).

1 . Log into your instance using SSH:

ssh root@<your_virtual_instance_ip>

2 . Update the apt packet cache and upgrade the software already installed on your machine to the latest version available in Ubuntu’s repositories:

apt update && apt upgrade -y 

3 . Install MariaDB, an open-source alternative to MySQL, using the apt package manager:

apt install mariadb-server -y

4 . Initialize the database server by running the interactive setup wizard:

mysql_secure_installation

You are prompted the following questions:

• Enter current password for root: Press Enter for none.
• Set root password? Y
• Type in the new MariaDB root password and confirm it
• Remove anonymous users? Y
• Disallow root login remotely? Y
• Remove test database and access to it? Y
• Reload privilege tables now? Y

5 . Disable the resolvd service by running the following commands:

systemctl disable systemd-resolved
systemctl stop systemd-resolved

6 . Remove the symlinked resolv.conf file:

ls -lh /etc/resolv.conf
lrwxrwxrwx 1 root root 24 Sep 10 08:03 /etc/resolv.conf -> /lib/systemd/resolv.conf

5 . Create a new resolv.conf file containing your preferred DNS resolver (for example 9.9.9.9):

echo "nameserver 9.9.9.9" > /etc/resolv.conf

6 . Install PowerDNS and the PowerDNS MySQL backend using the apt package manager:

apt install pdns-server pdns-backend-mysql -y 

Confirm to use dbconfig-common to configure the database for PowerDNS automatically

During the installation you will be asked to enter a password for the MySQL backend user. Press Enter to generate a random password automatically.

Configuring the Primary Instance

On the primary instance, three options need to be configured in the PowerDNS pdns.conf configuration file: allow-axfr-ips, api and master.

1 . Open the PowerDNS configuration file in a text editor on the primary instance (we assume it is named ns1.example.com):

root@ns1:~# nano /etc/powerdns/pdns.conf

2 . Search for the allow-axfr-ips block, to allow zone transfers to other hosts. In this tutorial we configure a PowerDNS with one primary (ns1.example.com with the IP 51.15.15.51) and one secondary (ns2.example.com with the IP 51.15.52.53) DNS server. If you have more secondary DNS servers add the IPs of all of them to this section. You can also allow transfers to the entire subnets (i.e. 192.168.42.0/24), but for security reasons you should set the permissions as strict as possible.

#################################
# allow-axfr-ips        Allow zonetransfers only to these subnets
#
# allow-axfr-ips=127.0.0.0/8,::1
allow-axfr-ips=51.15.52.53

3 . Search for the api section of the configuration file and enable the API by setting the options value to yes. Define a secret api-key which will be used to authenticate against the API.

#################################
# api   Enable/disable the REST API (including HTTP listener)
#
# api=no
api=yes 

#################################
# api-key       Static pre-shared authentication key for access to the REST API
#
# api-key=
api-key=<MY_SECRET_API_KEY>

3 . The last setting to configure in the PowerDNS configuration file is quite obvious, we need to specify that our instance is the primary server in our setup. To do this search for the master option and enable it:

#################################
# master        Act as a master
#
# master=no
master=yes

Once these settings are made, save the file and exit your text editor.

4 . Restart the PowerDNS server to activate the new configuration:

root@ns1:~# systemctl restart pdns

Configuring the Secondary Instance

On the secondary instance, some configuration has to be set to make the PowerDNS server acting as a secondary node.

Note: If you have more than one secondary instance, you have to repeat these steps on each of them and edit the DNS hostnames of each instance accordingly (i.e. n2.example.com, ns3.example.com etc.)

1 . Open the PowerDNS configuration file in a text editor on the secondary instance (we assume it is named ns2.example.com):

root@ns2:~# nano /etc/powerdns/pdns.conf

2 . Search for the slave section on the configuration and enable the option. To ensure the secondary instance contains data up to date, set the slave-cycle-interval option. It refreshes data automatically after a given time, without waiting for a NOTIFY command from the primary instance.

#################################
# slave Act as a slave
#
# slave=no
slave=yes

#################################
# slave-cycle-interval Schedule slave freshness checks once every .. seconds
#
# slave-cycle-interval=60
slave-cycle-interval=60

Once the options are set, save the file and exit your text editor.

3 . Set the supermasters value in the MySQL table. The following values have to be added into the MySQL backend on the secondary instance:

• The IP address of the PowerDNS primary instance (51.15.15.51)
• The FQDN of the secondary PowerDNS instance (ns2.example.com)
• The role to assign (admin)

Connect to the MariaDB shell using the following command:

root@ns1:~# mysql -p -u root

Add the following line to the supermasters table:

MariaDB [(none)]> insert into pdns.supermasters values ('51.15.15.51', 'ns2.example.com', 'admin');
Query OK, 1 row affected (0.02 sec)

Then quit the MariaDB shell:

MariaDB [(none)]> quit;
Bye

4 . After these changes are made, restart the PowerDNS server on the secondary instance to activate the new configuration:

root@ns2:~# systemctl restart pdns

Testing the Replication

We will now create a test DNS zone on the primary PowerDNS instance, to check if the replication of the data on the secondary instance is working.

1 . On the primary instance create the new DNS zone using the pdnsutil command-line tool:

root@ns1:~# pdnsutil create-zone mynewdnszone.cloud
Creating empty zone 'mynewdnszone.cloud'

2 . Add the primary NS entry to the newly created zone:

root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns1.example.com
New rrset:
mynewdnszone.cloud. IN NS 3600 ns1.example.com

3 . Add the secondary NS entry to the newly created zone:

root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns2.example.com
New rrset:
mynewdnszone.cloud. IN NS 3600 ns1.example.com
mynewdnszone.cloud. IN NS 3600 ns2.example.com

4 . To be able to transfer the new DNS zone to our secondary PowerDNS instance, we need to increase the serial of zone:

root@ns1:~# pdnsutil increase-serial mynewdnszone.cloud
SOA serial for zone mynewdnszone.cloud set to 2

5 . Sent a NOTIFY message to the secondary PowerDNS instance to launch the transfer of the DNS zone to it:

root@ns1:~# pdns_control notify mynewdnszone.cloud
Added to queue

6 . Test if the zone transfer has been successfully completed by querying the secondary instance:

root@ns1:~# dig NS mynewdnszone.cloud @ns2.example.com

; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> NS mynewdnszone.cloud @ns2.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10667
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;mynewdnszone.cloud.		IN	NS

;; ANSWER SECTION:
mynewdnszone.cloud.	3600	IN	NS	ns2.example.com.
mynewdnszone.cloud.	3600	IN	NS	ns1.example.com.

;; Query time: 4 msec
;; SERVER: 51.15.52.53#53(51.15.52.53)
;; WHEN: Thu Sep 10 13:58:19 UTC 2020
;; MSG SIZE  rcvd: 90

Setting-up a Grahpical Interface

Now, as both PowerDNS instances are configured and the zone transfer between them is working, we configure a graphical interface which allows us to create and manage our DNS zones from a web browser. Therefore we will install the tool PowerDNS Admin on one of our instances.

1 . Install the prerequisites for Docker using the apt package manager:

apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y

2 . Download and install Docker’s official GPG key:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg |  apt-key add -

3 . Add the official Docker repository to the apt package manager:

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

4 . Update the repositories list and install Docker CE using the apt package manager:

apt update && apt install  docker-ce docker-ce-cli containerd.io -y

5 . Run PowerDNS Admin using Docker:

docker run --net=host -d -v pda-data:/data  ngoduykhanh/powerdns-admin:latest

6 . Open your instance ip in a web browser: http://<your_powerdns_admin_ip>. The PowerDNS Admin login screen displays:

7 . Create a new user account and log into to PowerDNS Admin. During the first connection, you are asked to enter the API credentials for your PowerDNS instance:

8 . The PowerDNS Admin Dashboard displays. It is your central control panel to manage your DNS zones and PowerDNS Admin settings:

9 . You can now manage your DNS zones from a powerful web interface, add new domains and configure advanced options:

You have successfully configured a replicated PowerDNS server with MariaDB as backend database. The PowerDNS Admin web interface allows you to mange your domain names from a graphical interface. For more advanced configuration of the interface, you may deploy the application using docker-compose. Refer to the official documentation for more information. Advanced PowerDNS configuration options are available to fine-tune your basic setup. The official PowerDNS documentation provides you all information to customize the application according to your needs.