Welcome to our tutorial on how to easily install and setup PowerDNS on Ubuntu 20.04. PowerDNS “is a premier supplier of open source DNS software, services and support“. It provides both the Authoritative Server and the Recursor DNS products. According to PowerDNS documentation page;
- The Authoritative Server will answer questions about domains it knows about, but will not go out on the net to resolve queries about other domains. When the Authoritative Server answers a question, it comes out of the database, and can be trusted as being authoritative. There is no way to pollute the cache or to confuse the daemon.
- The Recursor, conversely, by default has no knowledge of domains itself, but will always consult other authoritative servers to answer questions given to it.
PowerDNS;
- offers very high domain resolution performance.
- supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing/failover algorithms.
- offers better security features.
- its source code is reasonably small which makes auditing easy.
- it give a lot of statistics on its operation which is both helpful in determining the scalability of an installation as well as for spotting problems.

- Easily Install and Setup PowerDNS on Ubuntu 20.04
- Run System Update
- Install PowerDNS Relational Database
- Easily Install and Setup PowerDNS on Ubuntu 20.04
- Create PowerDNS Database on Ubuntu 20.04
- Import PowerDNS Database Schema
- Configure PowerDNS Database Connection Details
- Restart PowerDNS
- Creating PowerDNS Forward Zone Records
- Inserting Forward Zone DNS Records into PowerDNS Database
- Define PowerDNS Operation Mode
- Create the domain SOA (Start Of Authority) record.
- Create Nameserver NS records
- Insert A Records for the Nameserver
- Insert MX records
- Verify PowerDNS Forward Resolution
- Creating PowerDNS Reverse Zone Records
- Insert SOA Record for the Reverse Zone
- Insert NS Reverse Zone Record
- Insert PTR Records for NS
- Insert Other Domains PTR Records
- Verify PowerDNS Reverse Resolution
- Open DNS Port on UFW
- Configure DNS Server on Client Systems
- Reference
- Related Tutorials
Easily Install and Setup PowerDNS on Ubuntu 20.04
Run System Update
To begin with, update your system package and upgrade to your system packages as well.
apt update
apt upgrade
Install PowerDNS Relational Database
As stated above, the authoritative PowerDNS server supports different backends ranging from database backends such as MySQL, PostgreSQL, Oracle and BIND zone files to co-processes and JSON API’s.
Since we are going to easily install and setup PowerDNS on Ubuntu 20.04 as our local authoritative nameserver, we will use one of the relational databases, and in this setup, we go with MariaDB.
Install MariaDB 10.5 on Ubuntu 20.04
To install the latest and stable release version of MariaDB, you need to install MariaDB repos.
apt install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
Next, head over to MariaDB repositories site and choose your installation mirrors. In this setup, we use the ukfast.co.uk mirrors.
add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mirrors.ukfast.co.uk/sites/mariadb/repo/10.5/ubuntu focal main'
Update the system package cache and install MariaDB 10.5 on Ubuntu 20.04;
apt update
apt install mariadb-server
Once the installation is done, run the initial MySQL security script to remove anonymous users and test databases, disallow remote root login.
mysql_secure_installation
Easily Install and Setup PowerDNS on Ubuntu 20.04
Before you can install PowerDNS on Ubuntu 20.04, you need to disable systemd-resolved
service (system service that provides network name resolution to local applications).
systemctl disable --now systemd-resolved
Remove the default resolv.conf
file and create a new one with your custom DNS server details to enable you do the installation.
rm -rf /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Once that is done, install PowerDNS on Ubuntu 20.04. PowerDNS is provided by the pdns-server
package.
apt install pdns-server
You also need to install PowerDNS nameserver MySQL backend;
apt install pdns-backend-mysql
Create PowerDNS Database on Ubuntu 20.04
Now that PowerDNS and its MySQL backend packages are installed, login to MariaDB and create a database for PowerDNS nameserver.
mysql -u root
Be sure to use your preferred database names and database usernames. Names used here are not standard.
create database kifarunixdemopdns;
Create a PowerDNS database user and grant all privileges on the PowerDNS database. Replace the password accordingly.
grant all on kifarunixdemopdns.* to [email protected] identified by 'PdnSPassW0rd';
Reload the privileges tables and exit the database;
flush privileges; quit
Import PowerDNS Database Schema
The default PowerDNS database schema is available under /usr/share/pdns-backend-mysql/schema/
directory as schema.mysql.sql
. You need to import this schema to the PowerDNS database created above;
mysql -u pdnsadmin -p kifarunixdemopdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
To verify the PowerDNS database schema import, try to list available tables;
mysqlshow kifarunixdemopdns
Database: kifarunixdemopdns
+----------------+
| Tables |
+----------------+
| comments |
| cryptokeys |
| domainmetadata |
| domains |
| records |
| supermasters |
| tsigkeys |
+----------------+
Configure PowerDNS Database Connection Details
Create a configuration file, as shown below, where to define the PowerDNS database connection details.
vim /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# MySQL Configuration
#
# Launch gmysql backend
launch+=gmysql
# gmysql parameters
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=kifarunixdemopdns
gmysql-user=pdnsadmin
gmysql-password=PdnSPassW0rd
gmysql-dnssec=yes
# gmysql-socket=
Replace your connection details accordingly.
Save and exit the file.
Adjust the permissions of the database connection details.
chmod 640 /etc/powerdns/pdns.d/pdns.local.gmysql.conf
Verify PowerDNS database connection
If PowerDNS is already running, stop it and run it in the foreground to verify if it can connect to the database;
systemctl stop pdns.service
pdns_server --daemon=no --guardian=no --loglevel=9
...
Oct 09 21:31:53 Creating backend connection for TCP
Oct 09 21:31:53 [bindbackend] Parsing 0 domain(s), will report when done
Oct 09 21:31:53 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
Oct 09 21:31:53 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:53 About to create 3 backend threads for UDP
Oct 09 21:31:53 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 Done launching threads, ready to distribute questions
If you encounter any error, please fix it before you can proceed.
Restart PowerDNS
Restart PowerDNS to apply the changes made.
systemctl restart pdns
Verify the DNS port UDP/TCP port 53 are opened
netstat -alnp4 | grep pdns
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 14608/pdns_server
udp 0 0 0.0.0.0:53 0.0.0.0:* 14608/pdns_server
Creating PowerDNS Forward Zone Records
Inserting Forward Zone DNS Records into PowerDNS Database
The basic configuration of PowerDNS is now done. You can proceed to add your DNS records into the database.
Login into the PowerDNS database;
mysql -u pdnsadmin -p -D kifarunixdemopdns
Define PowerDNS Operation Mode
To begin with, define the PowerDNS operation mode. There are various DNS operation modes you can define while inserting records into PowerDNS database. In this basic tutorial, we will go with the default Native operation mode.
insert into domains (name, type) values ('kifarunix-demo.com', 'NATIVE');
Create the domain SOA (Start Of Authority) record.
The SOA stored format is:
primary hostmaster serial refresh retry expire default_ttl
Where:
- primary: default-soa-name configuration option
- hostmaster:
[email protected]
- serial: 0
- refresh: 10800 (3 hours)
- retry: 3600 (1 hour)
- expire: 604800 (1 week)
- default_ttl: 3600 (1 hour)
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);
Create Nameserver NS records
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','ns1.kifarunix-demo.com','NS',86400,NULL);
Insert A Records for the Nameserver
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns1.kifarunix-demo.com','192.168.57.3','A',120,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'news.kifarunix-demo.com','192.168.58.45','A',120,NULL);
Insert MX records
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','mail.kifarunix-demo.com','MX',120,25);
So far so good, that is enough for our demo and this is how our records look like;
select * from records;
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| id | domain_id | name | type | content | ttl | prio | disabled | ordername | auth |
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| 1 | 1 | kifarunix-demo.com | SOA | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL | 0 | NULL | 1 |
| 2 | 1 | kifarunix-demo.com | NS | ns1.kifarunix-demo.com | 86400 | NULL | 0 | NULL | 1 |
| 3 | 1 | ns1.kifarunix-demo.com | A | 192.168.57.3 | 120 | NULL | 0 | NULL | 1 |
| 4 | 1 | news.kifarunix-demo.com | A | 192.168.58.45 | 120 | NULL | 0 | NULL | 1 |
| 5 | 1 | kifarunix-demo.com | MX | mail.kifarunix-demo.com | 120 | 25 | 0 | NULL | 1 |
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
5 rows in set (0.001 sec)
Verify PowerDNS Forward Resolution
Once the records are populated into the DB, very the PowerDNS resolution;
dig ns1.kifarunix-demo.com @127.0.0.1
; <<>> DiG 9.16.1-Ubuntu <<>> ns1.kifarunix-demo.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21371
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.kifarunix-demo.com. IN A
;; ANSWER SECTION:
ns1.kifarunix-demo.com. 120 IN A 192.168.57.3
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 09 22:54:43 UTC 2020
;; MSG SIZE rcvd: 67
dig MX kifarunix-demo.com @127.0.0.1
25 mail.kifarunix-demo.com.
Creating PowerDNS Reverse Zone Records
Login into the PowerDNS database again;
mysql -u pdnsadmin -p -D kifarunixdemopdns
Insert SOA Record for the Reverse Zone
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);
Insert NS Reverse Zone Record
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','NS',120,NULL);
Insert PTR Records for NS
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'3.57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','PTR',120,NULL);
Insert Other Domains PTR Records
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'45.57.168.192.in-addr.arpa','news.kifarunix-demo.com','PTR',120,NULL);
Now the general database records look like;
select * from records;
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| id | domain_id | name | type | content | ttl | prio | disabled | ordername | auth |
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| 1 | 1 | kifarunix-demo.com | SOA | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL | 0 | NULL | 1 |
| 2 | 1 | kifarunix-demo.com | NS | ns1.kifarunix-demo.com | 86400 | NULL | 0 | NULL | 1 |
| 3 | 1 | ns1.kifarunix-demo.com | A | 192.168.57.3 | 120 | NULL | 0 | NULL | 1 |
| 4 | 1 | news.kifarunix-demo.com | A | 192.168.58.45 | 120 | NULL | 0 | NULL | 1 |
| 5 | 1 | kifarunix-demo.com | MX | mail.kifarunix-demo.com | 120 | 25 | 0 | NULL | 1 |
| 6 | 2 | 57.168.192.in-addr.arpa | SOA | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL | 0 | NULL | 1 |
| 7 | 2 | 57.168.192.in-addr.arpa | NS | ns1.kifarunix-demo.com | 120 | NULL | 0 | NULL | 1 |
| 8 | 2 | 3.57.168.192.in-addr.arpa | PTR | ns1.kifarunix-demo.com | 120 | NULL | 0 | NULL | 1 |
| 9 | 2 | 45.57.168.192.in-addr.arpa | PTR | news.kifarunix-demo.com | 120 | NULL | 0 | NULL | 1 |
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
So what is domain_id, name, type, prio, ttl? Read about them on the PowerDNS Regular Queries page.
Verify PowerDNS Reverse Resolution
Exit the database and run the reverse DNS queries to confirm if all is well.
dig -x 192.168.57.45 @127.0.0.1 +short
news.kifarunix-demo.com.
dig -x 192.168.57.3 @127.0.0.1 +short
ns1.kifarunix-demo.com.
Magnificent!!!
Note that all this can be easily be done from the web but, that is tutorial for another day.
Open DNS Port on UFW
For the remote hosts to be able to use the PowerDNS for their name resolution, you need to open the DNS port 53/UDP;
ufw allow from 192.168.0.0/16 to any port 53 proto udp
This allows DNS queries from 192.168.0.0/16 subnet.
Configure DNS Server on Client Systems
For testing purposes, overwrite your /etc/resolv.conf
file with PowerDNS nameserver entry.
echo "nameserver 192.168.57.3" > /etc/resolv.conf
Verify Client Forward DNS Resolution
Next, perform DNS resolution using any DNS utilities.
dig news.kifarunix-demo.com
; <<>> DiG 9.16.1-Ubuntu <<>> news.kifarunix-demo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56258
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;news.kifarunix-demo.com. IN A
;; ANSWER SECTION:
news.kifarunix-demo.com. 120 IN A 192.168.58.45
;; Query time: 3 msec
;; SERVER: 192.168.57.3#53(192.168.57.3)
;; WHEN: Sat Oct 10 09:18:54 EAT 2020
;; MSG SIZE rcvd: 68
nslookup ns1.kifarunix-demo.com
Server: 192.168.57.3
Address: 192.168.57.3#53
Name: ns1.kifarunix-demo.com
Address: 192.168.57.3
host ns1.kifarunix-demo.com
ns1.kifarunix-demo.com has address 192.168.57.3
Verify Client Reverse DNS Resolution
dig -x 192.168.57.3 +short
ns1.kifarunix-demo.com.
nslookup 192.168.57.3
3.57.168.192.in-addr.arpa name = ns1.kifarunix-demo.com.
host 192.168.57.3
3.57.168.192.in-addr.arpa domain name pointer ns1.kifarunix-demo.com.
Beautiful. In our next guide, we will learn how to manage PowerDNS using a web tool called PowerDNS Admin (link is provided below). For now, that is how simple it is to install and setup PowerDNS on Ubuntu 20.04.
Easily Install and Setup PowerDNS Admin on Ubuntu 20.04
Reference
PowerDNS Authoritative Nameserver Documentation
Related Tutorials
Configure Local DNS Server using Dnsmasq on Ubuntu 20.04
Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04
Configure BIND DNS Server using Webmin on CentOS 8
Setup Bind DNS Using Webmin on Debian 10
Configure BIND as Slave DNS Server on Ubuntu 18.04
Setup Master-Slave DNS Server using BIND on CentOS 7
Super howto, thanks a lot!!
i think there a little error in reversdns config,
| 4 | 1 | news.kifarunix-demo.com | A | 192.168.58.45
| 9 | 2 | 45.57.168.192.in-addr.arpa | PTR | news.kifarunix-demo.com
If news server is in a different subnet, (192.168.58.45/24) should we create another reverse zone with SOA?
I installed PowerDNS on an AWS-EC2 Ubuntu 20.04 instance. Everything works fine up to the section :Configure DNS Server on Client Systems” until I changed the content of /etc/resolv.conf from 8.8.8.8 to 172.31.58.45 (since the ec2 IPv4 CIDR is 172.31.0.0/16) and ran “dig news.view-demo.com” The command just times out.
When I set it back to 8.8.8.8, dig news.view-demo.com gives the expected output.
Any ideas why?
Hi Dave, from the client, are able to connect to DNS server UDP port 53?
nc -uvz dns.ip port
Apparently not.
unable to resolve host : Temporary failure in name resolution
i had to change the security group of the directory “/etc/powerdns/pdns.d” to pdns