PowerDNS Installation on Debian and FreeBSD
PowerDNS is a DNS server, written in C++ and licensed under the GPL. It consists of two parts:
PowerDNS can work as only one of them or both.
Authoritative server answers queries about domains it is authoritative for i.e. nameserver while Recursor will query other nameserver in Internet to find about the query it was asked with. PowerDNS can use other DNS server for recursion or use PowerDNS Recursor (pdns_recursor) which is ran as a separate process.
PowerDNS is a product of the Dutch company PowerDNS.COM BV, with numerous contributions from the Open Source community. The principal author is Bert Hubert.
#netstat -tuplan | grep 53
This will show if port 53 which is used by DNS servers is open .
If you find port 53 opened, you have to either stop the corresponding DNS server or remove it. Usually the DNS server in the case would be bind or named. To stop bind:
#/etc/init.d/named stop (Debian)#/etc/rc.d/named stop (FreeBSD)
To remove bind:
#aptitude remove bind9 (Debian)#pkg_delete bind9 (FreeBSD)
Now Lets install PowerDns server.
Debian:
In terminal type:
#apt-get install pdns-server pdns-backend-mysql mysql-server mysql-clients
This will install pdns server and pdns backend in your computer along with MySQL server and client.
FreeBSD:
In terminal type:
#cd /usr/ports/dns/powerdns/ && make install clean
This will install pdns server and pdns backend in your computer.
#cd /usr/ports/database/mysql50-server && make install clean
This will install MySQL server
#cd /usr/ports/database/mysql50-client
This will install MySQL client.
Change your mysql root password by:
#mysqladmin -u root -h localhost password 'mypassword'
Create a empty database by:
#mysql -u root -pcreate database powerdns;exit;
Create user powerdns on MySQL:
#mysql -u root -pGRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'mypassword';FLUSH PRIVILEGES;exit;
Import MySQL schema that comes with PowerDns:
#mysql -h localhost -u username -p powerdns < /usr/share/doc/pdns-backend-mysql/mysql.sql
Now let's configure our database settings:
#vi /etc/powerdns/pdns.d/pdns.local
gmysql-host=localhostgmysql-port=3306gmysql-dbname=powerdnsgmysql-user=powerdnsgmysql-password=mypassword#gmysql-socket=
Now Restart the PowerDNS server:
#/etc/init.d/pdns restart
You can start PowerDNS in monitor mode to troubleshoot:#/etc/init.d/pdns monitor
Now lets test to see if some random domain is resolved from our server.
#host www.someRandomDomain.com 127.0.0.1
Should return:www.someRandomDomain.com A record currently not present at localhost
Because we haven't added any record to our database.
Now lets add some record to database:
#mysql -h localhost -u username -p powerdns
mysql> INSERT INTO domains (name, type) values ('someRandomDomain.com', 'NATIVE');INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'someRandomDomain.com','master@test.com 1','SOA',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns1.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns2.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'www.someRandomDomain.com','1.2.3.4','A',120,NULL);exit;
Now the query for www.someRandomDomain.com should work
#host www.someRandomDomain.com 127.0.0.1www.someRandomDomain A 1.2.3.4
Note: You can use software like poweradmin which is a friendly web-based DNS administration tool. The interface has full support for most of the features of PowerDNS. It has full support for all zone types ( master, native and slave), for supermasters for automatic provisioning of slave zones, full support for IPv6 and comes with multi-language support.
allow-recursion=...By specifying allow-recursion, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4.
allow-recursion-override=on|offBy specifying allow-recursion-override, local data even about hosts that don't exist will override the internet. This allows you to generate zones that don't really exist on the internet. Does increase the number of SQL queries for hosts that truly don't exist, also not in your database.
cache-ttl=...Seconds to store packets in the PacketCache. Click here
config-dir=...Location of configuration directory (pdns.conf)
daemon=...Operate as a daemon
default-soa-name=...name to insert in the SOA record if none set in the backend
disable-axfr=...Do not allow zone transfers.
distributor-threads=...Default number of Distributor (backend) threads to start. Click here
launch=...Which backends to launch and order to query them in. See Section B.3.
lazy-recursion=...On by default as of 2.1. Checks local data first before recursing. See Chapter 11.
load-modules=...Load this module - supply absolute or relative path. Click here
local-address=...Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.
local-port=...The port on which we listen. Only one port possible.
no-configDo not attempt to read the configuration file.
server-idThis is the server ID that will be returned on an EDNS NSID query. Defaults to the host name.
out-of-zone-additional-processing | --out-of-zone-additional-processing=yes | --out-of-zone-additional-processing=noDo out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.
query-cache-ttl=...Seconds to store queries with an answer in the Query Cache. Click here
query-local-address=...The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.
queue-limit=...Maximum number of miliseconds to queue a query. Click here
recursive-cache-ttl=...Seconds to store recursive packets in the PacketCache. Click here
recursor=...If set, recursive queries will be handed to the recursor specified here. click here
soa-expire-default=604800Default SOA expire.
soa-minimum-ttl=3600Default SOA minimum ttl.
soa-refresh-default=10800Default SOA refresh.
soa-retry-default=3600Default SOA retry.
soa-serial-offset=...If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials under that offset.
urlredirector=...Where we send hosts to that need to be url redirected. click here
version-string=anonymous|powerdns|full|customWhen queried for its version over DNS (dig chaos txt version.bind @pdns.ip.address), PowerDNS normally responds truthfully. With this setting you can overrule what will be returned. Set the version-string to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'. The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response to a custom value as well.
webserver | --webserver=yes | --webserver=noStart a webserver for monitoring. click here
webserver-address=...IP Address of webserver to listen on.
webserver-password=...Password required for accessing the webserver.
webserver-port=...Port of webserver to listen on.
FAQ
- Authoritative Server
- Recursor.
PowerDNS can work as only one of them or both.
Authoritative server answers queries about domains it is authoritative for i.e. nameserver while Recursor will query other nameserver in Internet to find about the query it was asked with. PowerDNS can use other DNS server for recursion or use PowerDNS Recursor (pdns_recursor) which is ran as a separate process.
PowerDNS is a product of the Dutch company PowerDNS.COM BV, with numerous contributions from the Open Source community. The principal author is Bert Hubert.
Installation
Make sure that there are no other DNS servers are running on your system. Otherwise you will get an error "Binding to UDP socket: Address already in use"#netstat -tuplan | grep 53
This will show if port 53 which is used by DNS servers is open .
If you find port 53 opened, you have to either stop the corresponding DNS server or remove it. Usually the DNS server in the case would be bind or named. To stop bind:
#/etc/init.d/named stop (Debian)#/etc/rc.d/named stop (FreeBSD)
To remove bind:
#aptitude remove bind9 (Debian)#pkg_delete bind9 (FreeBSD)
Now Lets install PowerDns server.
Debian:
In terminal type:
#apt-get install pdns-server pdns-backend-mysql mysql-server mysql-clients
This will install pdns server and pdns backend in your computer along with MySQL server and client.
FreeBSD:
In terminal type:
#cd /usr/ports/dns/powerdns/ && make install clean
This will install pdns server and pdns backend in your computer.
#cd /usr/ports/database/mysql50-server && make install clean
This will install MySQL server
#cd /usr/ports/database/mysql50-client
This will install MySQL client.
Change your mysql root password by:
#mysqladmin -u root -h localhost password 'mypassword'
Create a empty database by:
#mysql -u root -pcreate database powerdns;exit;
Create user powerdns on MySQL:
#mysql -u root -pGRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'mypassword';FLUSH PRIVILEGES;exit;
Import MySQL schema that comes with PowerDns:
#mysql -h localhost -u username -p powerdns < /usr/share/doc/pdns-backend-mysql/mysql.sql
Now let's configure our database settings:
#vi /etc/powerdns/pdns.d/pdns.local
gmysql-host=localhostgmysql-port=3306gmysql-dbname=powerdnsgmysql-user=powerdnsgmysql-password=mypassword#gmysql-socket=
Now Restart the PowerDNS server:
#/etc/init.d/pdns restart
You can start PowerDNS in monitor mode to troubleshoot:#/etc/init.d/pdns monitor
Now lets test to see if some random domain is resolved from our server.
#host www.someRandomDomain.com 127.0.0.1
Should return:www.someRandomDomain.com A record currently not present at localhost
Because we haven't added any record to our database.
Now lets add some record to database:
#mysql -h localhost -u username -p powerdns
mysql> INSERT INTO domains (name, type) values ('someRandomDomain.com', 'NATIVE');INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'someRandomDomain.com','master@test.com 1','SOA',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns1.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns2.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'www.someRandomDomain.com','1.2.3.4','A',120,NULL);exit;
Now the query for www.someRandomDomain.com should work
#host www.someRandomDomain.com 127.0.0.1www.someRandomDomain A 1.2.3.4
Note: You can use software like poweradmin which is a friendly web-based DNS administration tool. The interface has full support for most of the features of PowerDNS. It has full support for all zone types ( master, native and slave), for supermasters for automatic provisioning of slave zones, full support for IPv6 and comes with multi-language support.
Additional Configuration
allow-axfr-ips=...If set, only these IP addresses or netmasks will be able to perform AXFR.allow-recursion=...By specifying allow-recursion, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4.
allow-recursion-override=on|offBy specifying allow-recursion-override, local data even about hosts that don't exist will override the internet. This allows you to generate zones that don't really exist on the internet. Does increase the number of SQL queries for hosts that truly don't exist, also not in your database.
cache-ttl=...Seconds to store packets in the PacketCache. Click here
config-dir=...Location of configuration directory (pdns.conf)
daemon=...Operate as a daemon
default-soa-name=...name to insert in the SOA record if none set in the backend
disable-axfr=...Do not allow zone transfers.
distributor-threads=...Default number of Distributor (backend) threads to start. Click here
launch=...Which backends to launch and order to query them in. See Section B.3.
lazy-recursion=...On by default as of 2.1. Checks local data first before recursing. See Chapter 11.
load-modules=...Load this module - supply absolute or relative path. Click here
local-address=...Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.
local-port=...The port on which we listen. Only one port possible.
no-configDo not attempt to read the configuration file.
server-idThis is the server ID that will be returned on an EDNS NSID query. Defaults to the host name.
out-of-zone-additional-processing | --out-of-zone-additional-processing=yes | --out-of-zone-additional-processing=noDo out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.
query-cache-ttl=...Seconds to store queries with an answer in the Query Cache. Click here
query-local-address=...The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.
queue-limit=...Maximum number of miliseconds to queue a query. Click here
recursive-cache-ttl=...Seconds to store recursive packets in the PacketCache. Click here
recursor=...If set, recursive queries will be handed to the recursor specified here. click here
soa-expire-default=604800Default SOA expire.
soa-minimum-ttl=3600Default SOA minimum ttl.
soa-refresh-default=10800Default SOA refresh.
soa-retry-default=3600Default SOA retry.
soa-serial-offset=...If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials under that offset.
urlredirector=...Where we send hosts to that need to be url redirected. click here
version-string=anonymous|powerdns|full|customWhen queried for its version over DNS (dig chaos txt version.bind @pdns.ip.address), PowerDNS normally responds truthfully. With this setting you can overrule what will be returned. Set the version-string to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'. The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response to a custom value as well.
webserver | --webserver=yes | --webserver=noStart a webserver for monitoring. click here
webserver-address=...IP Address of webserver to listen on.
webserver-password=...Password required for accessing the webserver.
webserver-port=...Port of webserver to listen on.
FAQ
- PowerDNS crashes when I install the pdns-static .deb on Debian SID
Indeed. Install the .debs that come with Debian or recompile PowerDNS yourself. If not using MySQL, the crashes will go away if you remove setuid and setgid statements from the configuration. - error while loading shared libraries: libstdc++.so.x: cannot open shared object file: No such file or directoryYou need to install correct libstdc++.so.x by running aptitude install libstdc++.so.x in terminal.
- Host 'x.y.z.w' is not allowed to connect to this MySQL server
This is MySQL error.
Make sure that x.y.z.w is allowed to connect to database in MySQL. - I see this a lot: Backend error: Failed to execute mysql_query, perhaps connection died?Check your MySQL timeout, it may be set too low. This can be changed in the my.cnf file.
- PowerDNS does not answer queries on all my IP addresses and I've ignored the warning I got about that at startupPlease don't ignore what PowerDNS says to you. Furthermore, read about the local-address setting, and use it to specify which IP addresses PowerDNS should listen on.
- How do I use Zone2SQL to import from bind into PowerDNS?
Click here - What is the mailing list PowerDNS uses?
- pdns-users - general discussions on compiling, using and deploying PowerDNS. Subscribe, Archive, Search
- pdns-dev - developer talk, intended for programmers or people requesting features Subscribe, Archive
- pdns-announce - announcements of new versions, security problems etc Subscribe, Archive
- Can I find PowerDNS on irc?Go to #powerdns on OFTC (irc.oftc.net).
- Is there any wiki?Yes, http://wiki.powerdns.com/trac
- What are other alternatives for PowerDNSUse bind also known as named
Comments
Post a Comment
Comments are moderated. No spam please.