This section covers the basic installation of PowerDNS. Execute these steps on all of your Instances (primary and secondary).
Installing PowerDNS on Ubuntu Bionic Beaver (18.04 LTS)
- dns
- ubuntu
- PowerDNS
- server
- MariaDB
The PowerDNS authoritative server is an open-source DNS server written in C++. An authoritative DNS server is a server that contains a database of public IP addresses and their associated domain names. Its purpose is to resolve those common names into machine-understandable IP addresses as requested.
PowerDNS runs on most Linux distributions and other Unix derivatives. The software comes with a set of back-end and front-end applications making it flexible and customizable.
In this tutorial, you will learn the basics about the installation of a PowerDNS authoritative server with a MySQL (MariaDB) backend and PowerDNS Admin as frontend, running on Ubuntu 18.04 LTS (Bionic Beaver).
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- An SSH key
- At least 2 Instances running on Ubuntu Bionic Beaver
Installing PowerDNS
-
Log into your Instance using SSH:
ssh root@<your_virtual_instance_ip> -
Update the
apt
package cache and upgrade the software already installed on your machine to the latest version available in Ubuntu’s repositories:apt update && apt upgrade -y -
Install MariaDB, an open-source alternative to MySQL, using the
apt
package manager:apt install mariadb-server -y -
Initialize the database server by running the interactive setup wizard:
mysql_secure_installationYou are prompted with the following questions:
- Enter current password for root: Press
Enter
for none. - Set root password?
Y
- Type in the new MariaDB root password and confirm it
- Remove anonymous users?
Y
- Disallow root login remotely?
Y
- Remove test database and access to it?
Y
- Reload privilege tables now?
Y
- Enter current password for root: Press
-
Disable the
resolvd
service by running the following commands:systemctl disable systemd-resolved.servicesystemctl stop systemd-resolved.service -
Remove the symlinked
resolv.conf
file:ls -lh /etc/resolv.conflrwxrwxrwx 1 root root 24 Sep 10 08:03 /etc/resolv.conf -> /lib/systemd/resolv.conf -
Create a new
resolv.conf
file containing your preferred DNS resolver (for example 9.9.9.9):echo "nameserver 9.9.9.9" > /etc/resolv.conf -
Install PowerDNS and the PowerDNS MySQL backend using the
apt
package manager:apt install pdns-server pdns-backend-mysql -y
Confirm you want to use dbconfig-common
to configure the database for PowerDNS automatically
During the installation, you will be asked to enter a password for the MySQL backend user. Press Enter
to generate a random password automatically.
Configuring the primary instance
On the primary Instance, three options need to be configured in the PowerDNS pdns.conf
configuration file: allow-axfr-ips
, api
, and master
.
-
Open the PowerDNS configuration file in a text editor on the primary instance (we assume it is named
ns1.example.com
):root@ns1:~# nano /etc/powerdns/pdns.conf -
Search for the
allow-axfr-ips
block, to allow zone transfers to other hosts. In this tutorial, we configure a PowerDNS with one primary (ns1.example.com
with the IP51.15.15.51
) and one secondary (ns2.example.com
with the IP51.15.52.53
) DNS server. If you have more secondary DNS servers add the IPs of all of them to this section. You can also allow transfers to the entire subnets (i.e.192.168.42.0/24
), but for security reasons, you should set the permissions as strictly as possible.################################## allow-axfr-ips Allow zonetransfers only to these subnets## allow-axfr-ips=127.0.0.0/8,::1allow-axfr-ips=51.15.52.53 -
Search for the
api
section of the configuration file and enable the API by setting the option’s value toyes
. Define a secretapi-key
, which will be used to authenticate against the API.################################## api Enable/disable the REST API (including HTTP listener)## api=noapi=yes################################## api-key Static pre-shared authentication key for access to the REST API## api-key=api-key=<MY_SECRET_API_KEY> -
Specify that our instance is the primary server in our setup. To do this search for the
master
option and enable it:################################## master Act as a master## master=nomaster=yesOnce these settings are made, save the file and exit your text editor.
-
Restart the PowerDNS server to activate the new configuration:
root@ns1:~# systemctl restart pdns.service
Configuring the secondary Instance
On the secondary Instance, some configuration has to be set to make the PowerDNS server act as a secondary node.
If you have more than one secondary instance, you have to repeat these steps on each of them and edit the DNS hostnames of each instance accordingly (i.e. n2.example.com
, ns3.example.com
etc.)
-
Open the PowerDNS configuration file in a text editor on the secondary instance (we assume it is named
ns2.example.com
):root@ns2:~# nano /etc/powerdns/pdns.conf -
Search for the
slave
section on the configuration and enable the option. To ensure the secondary Instance contains up-to-date data, set theslave-cycle-interval
option. It refreshes data automatically after a given time, without waiting for aNOTIFY
command from the primary Instance.################################## slave Act as a slave## slave=noslave=yes################################## slave-cycle-interval Schedule slave freshness checks once every .. seconds## slave-cycle-interval=60slave-cycle-interval=60Once the options are set, save the file and exit your text editor.
-
Set the
supermasters
value in the MySQL table. The following values have to be added to the MySQL backend on the secondary instance:- The IP address of the PowerDNS primary instance (
51.15.15.51
) - The FQDN of the secondary PowerDNS instance (
ns2.example.com
) - The role to assign (
admin
)
Connect to the MariaDB shell using the following command:
root@ns1:~# mysql -p -u rootAdd the following line to the
supermasters
table:MariaDB [(none)]> insert into pdns.supermasters values ('51.15.15.51', 'ns2.example.com', 'admin');Query OK, 1 row affected (0.02 sec)Then quit the MariaDB shell:
MariaDB [(none)]> quit;Bye - The IP address of the PowerDNS primary instance (
-
After these changes are made, restart the PowerDNS server on the secondary instance to activate the new configuration:
root@ns2:~# systemctl restart pdns.service
Testing the replication
We will now create a test DNS zone on the primary PowerDNS instance, to check if the replication of the data on the secondary instance is working.
- On the primary instance create the new DNS zone using the
pdnsutil
command-line tool:root@ns1:~# pdnsutil create-zone mynewdnszone.cloudCreating empty zone 'mynewdnszone.cloud' - Add the primary NS entry to the newly created zone:
root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns1.example.comNew rrset:mynewdnszone.cloud. IN NS 3600 ns1.example.com
- Add the secondary NS entry to the newly created zone:
root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns2.example.comNew rrset:mynewdnszone.cloud. IN NS 3600 ns1.example.commynewdnszone.cloud. IN NS 3600 ns2.example.com
- To be able to transfer the new DNS zone to our secondary PowerDNS instance, we need to increase the serial of the zone:
root@ns1:~# pdnsutil increase-serial mynewdnszone.cloudSOA serial for zone mynewdnszone.cloud set to 2
- Sent a
NOTIFY
message to the secondary PowerDNS instance to launch the transfer of the DNS zone to it:root@ns1:~# pdns_control notify mynewdnszone.cloudAdded to queue - Test if the zone transfer has been successfully completed by querying the secondary instance:
root@ns1:~# dig NS mynewdnszone.cloud @ns2.example.com; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> NS mynewdnszone.cloud @ns2.example.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10667;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1680;; QUESTION SECTION:;mynewdnszone.cloud. IN NS;; ANSWER SECTION:mynewdnszone.cloud. 3600 IN NS ns2.example.com.mynewdnszone.cloud. 3600 IN NS ns1.example.com.;; Query time: 4 msec;; SERVER: 51.15.52.53#53(51.15.52.53);; WHEN: Thu Sep 10 13:58:19 UTC 2020;; MSG SIZE rcvd: 90
Setting up a graphical interface
Now, as both PowerDNS Instances are configured and the zone transfer between them is working, we configure a graphical interface that allows us to create and manage our DNS zones from a web browser. Therefore, we will install the tool PowerDNS Admin on one of our Instances.
- Install the prerequisites for Docker using the
apt
package manager:apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y - Download and install Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- Add the official Docker repository to the
apt
package manager:add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - Update the repositories list and install Docker CE using the
apt
package manager:apt update && apt install docker-ce docker-ce-cli containerd.io -y - Run PowerDNS Admin using Docker:
docker run --net=host -d -v pda-data:/data ngoduykhanh/powerdns-admin:latest
- Open your instance ip in a web browser:
http://<your_powerdns_admin_ip>
. The PowerDNS Admin login screen displays: - Create a new user account and log in to PowerDNS Admin. During the first connection, you are asked to enter the API credentials for your PowerDNS instance:
- The PowerDNS Admin Dashboard displays. It is your central control panel to manage your DNS zones and PowerDNS Admin settings:
- You can now manage your DNS zones from a powerful web interface, add new domains, and configure advanced options:
You have successfully configured a replicated PowerDNS server with MariaDB as the backend database. The PowerDNS Admin web interface allows you to manage your domain names from a graphical interface. For advanced configuration of the interface, you may deploy the application using docker-compose
. Refer to the official documentation for more information. Advanced PowerDNS configuration options are available to fine-tune your basic setup. The official PowerDNS documentation provides you with all the information to customize the application according to your needs.