Easily Install and Setup PowerDNS on Ubuntu 20.04

By
koromicha
-
5
3862

Welcome to our tutorial on how to easily install and setup PowerDNS on Ubuntu 20.04. PowerDNS “is a premier supplier of open source DNS software, services and support“. It provides both the Authoritative Server and the Recursor DNS products. According to PowerDNS documentation page;

  • The Authoritative Server will answer questions about domains it knows about, but will not go out on the net to resolve queries about other domains. When the Authoritative Server answers a question, it comes out of the database, and can be trusted as being authoritative. There is no way to pollute the cache or to confuse the daemon.
  • The Recursor, conversely, by default has no knowledge of domains itself, but will always consult other authoritative servers to answer questions given to it.

PowerDNS;

  • offers very high domain resolution performance.
  • supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing/failover algorithms.
  • offers better security features.
  • its source code is reasonably small which makes auditing easy.
  • it give a lot of statistics on its operation which is both helpful in determining the scalability of an installation as well as for spotting problems.
easily Install and Setup PowerDNS on Ubuntu 20.04
Table Of Contents

Easily Install and Setup PowerDNS on Ubuntu 20.04

Run System Update

To begin with, update your system package and upgrade to your system packages as well.

apt update
apt upgrade

Install PowerDNS Relational Database

As stated above, the authoritative PowerDNS server supports different backends ranging from database backends such as MySQL, PostgreSQL, Oracle and BIND zone files to co-processes and JSON API’s.

Since we are going to easily install and setup PowerDNS on Ubuntu 20.04 as our local authoritative nameserver, we will use one of the relational databases, and in this setup, we go with MariaDB.

Install MariaDB 10.5 on Ubuntu 20.04

To install the latest and stable release version of MariaDB, you need to install MariaDB repos.

apt install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'

Next, head over to MariaDB repositories site and choose your installation mirrors. In this setup, we use the ukfast.co.uk mirrors.

add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mirrors.ukfast.co.uk/sites/mariadb/repo/10.5/ubuntu focal main'

Update the system package cache and install MariaDB 10.5 on Ubuntu 20.04;

apt update
apt install mariadb-server

Once the installation is done, run the initial MySQL security script to remove anonymous users and test databases, disallow remote root login.

mysql_secure_installation

Easily Install and Setup PowerDNS on Ubuntu 20.04

Before you can install PowerDNS on Ubuntu 20.04, you need to disable systemd-resolved service (system service that provides network name resolution to local applications).

systemctl disable --now systemd-resolved

Remove the default resolv.conf file and create a new one with your custom DNS server details to enable you do the installation.

rm -rf /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf

Once that is done, install PowerDNS on Ubuntu 20.04. PowerDNS is provided by the pdns-server package.

apt install pdns-server

You also need to install PowerDNS nameserver MySQL backend;

apt install pdns-backend-mysql

Create PowerDNS Database on Ubuntu 20.04

Now that PowerDNS and its MySQL backend packages are installed, login to MariaDB and create a database for PowerDNS nameserver.

mysql -u root

Be sure to use your preferred database names and database usernames. Names used here are not standard.

create database kifarunixdemopdns;

Create a PowerDNS database user and grant all privileges on the PowerDNS database. Replace the password accordingly.

grant all on kifarunixdemopdns.* to [email protected] identified by 'PdnSPassW0rd';

Reload the privileges tables and exit the database;

flush privileges;
quit

Import PowerDNS Database Schema

The default PowerDNS database schema is available under /usr/share/pdns-backend-mysql/schema/ directory as schema.mysql.sql. You need to import this schema to the PowerDNS database created above;

mysql -u pdnsadmin -p kifarunixdemopdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql

To verify the PowerDNS database schema import, try to list available tables;

mysqlshow kifarunixdemopdns
Database: kifarunixdemopdns
+----------------+
|     Tables     |
+----------------+
| comments       |
| cryptokeys     |
| domainmetadata |
| domains        |
| records        |
| supermasters   |
| tsigkeys       |
+----------------+

Configure PowerDNS Database Connection Details

Create a configuration file, as shown below, where to define the PowerDNS database connection details.

vim /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# MySQL Configuration
#
# Launch gmysql backend
launch+=gmysql

# gmysql parameters
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=kifarunixdemopdns
gmysql-user=pdnsadmin
gmysql-password=PdnSPassW0rd
gmysql-dnssec=yes
# gmysql-socket=

Replace your connection details accordingly.

Save and exit the file.

Adjust the permissions of the database connection details.

chmod 640 /etc/powerdns/pdns.d/pdns.local.gmysql.conf

Verify PowerDNS database connection

If PowerDNS is already running, stop it and run it in the foreground to verify if it can connect to the database;

systemctl stop pdns.service
pdns_server --daemon=no --guardian=no --loglevel=9
...
Oct 09 21:31:53 Creating backend connection for TCP
Oct 09 21:31:53 [bindbackend] Parsing 0 domain(s), will report when done
Oct 09 21:31:53 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
Oct 09 21:31:53 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:53 About to create 3 backend threads for UDP
Oct 09 21:31:53 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on 'localhost'.
Oct 09 21:31:54 Done launching threads, ready to distribute questions

If you encounter any error, please fix it before you can proceed.

Restart PowerDNS

Restart PowerDNS to apply the changes made.

systemctl restart pdns

Verify the DNS port UDP/TCP port 53 are opened

netstat -alnp4 | grep pdns
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      14608/pdns_server   
udp        0      0 0.0.0.0:53              0.0.0.0:*                           14608/pdns_server

Creating PowerDNS Forward Zone Records

Inserting Forward Zone DNS Records into PowerDNS Database

The basic configuration of PowerDNS is now done. You can proceed to add your DNS records into the database.

Login into the PowerDNS database;

mysql -u pdnsadmin -p -D kifarunixdemopdns

Define PowerDNS Operation Mode

To begin with, define the PowerDNS operation mode. There are various DNS operation modes you can define while inserting records into PowerDNS database. In this basic tutorial, we will go with the default Native operation mode.

insert into domains (name, type) values ('kifarunix-demo.com', 'NATIVE');

Create the domain SOA (Start Of Authority) record.

The SOA stored format is:

primary hostmaster serial refresh retry expire default_ttl

Where:

  • primary: default-soa-name configuration option
  • hostmaster: [email protected]
  • serial: 0
  • refresh: 10800 (3 hours)
  • retry: 3600 (1 hour)
  • expire: 604800 (1 week)
  • default_ttl: 3600 (1 hour)
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);

Create Nameserver NS records

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','ns1.kifarunix-demo.com','NS',86400,NULL);

Insert A Records for the Nameserver

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns1.kifarunix-demo.com','192.168.57.3','A',120,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'news.kifarunix-demo.com','192.168.58.45','A',120,NULL);

Insert MX records

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','mail.kifarunix-demo.com','MX',120,25);

So far so good, that is enough for our demo and this is how our records look like;

select * from records;
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| id | domain_id | name                    | type | content                                                     | ttl   | prio | disabled | ordername | auth |
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
|  1 |         1 | kifarunix-demo.com      | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |
|  2 |         1 | kifarunix-demo.com      | NS   | ns1.kifarunix-demo.com                                      | 86400 | NULL |        0 | NULL      |    1 |
|  3 |         1 | ns1.kifarunix-demo.com  | A    | 192.168.57.3                                                |   120 | NULL |        0 | NULL      |    1 |
|  4 |         1 | news.kifarunix-demo.com | A    | 192.168.58.45                                               |   120 | NULL |        0 | NULL      |    1 |
|  5 |         1 | kifarunix-demo.com      | MX   | mail.kifarunix-demo.com                                     |   120 |   25 |        0 | NULL      |    1 |
+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
5 rows in set (0.001 sec)

Verify PowerDNS Forward Resolution

Once the records are populated into the DB, very the PowerDNS resolution;

dig ns1.kifarunix-demo.com @127.0.0.1
; <<>> DiG 9.16.1-Ubuntu <<>> ns1.kifarunix-demo.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21371
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.kifarunix-demo.com.		IN	A

;; ANSWER SECTION:
ns1.kifarunix-demo.com.	120	IN	A	192.168.57.3

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 09 22:54:43 UTC 2020
;; MSG SIZE  rcvd: 67
dig MX kifarunix-demo.com @127.0.0.1
25 mail.kifarunix-demo.com.

Creating PowerDNS Reverse Zone Records

Login into the PowerDNS database again;

mysql -u pdnsadmin -p -D kifarunixdemopdns

Insert SOA Record for the Reverse Zone

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);

Insert NS Reverse Zone Record

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','NS',120,NULL);

Insert PTR Records for NS

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'3.57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','PTR',120,NULL);

Insert Other Domains PTR Records

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'45.57.168.192.in-addr.arpa','news.kifarunix-demo.com','PTR',120,NULL);

Now the general database records look like;

select * from records;
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
| id | domain_id | name                       | type | content                                                     | ttl   | prio | disabled | ordername | auth |
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+
|  1 |         1 | kifarunix-demo.com         | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |
|  2 |         1 | kifarunix-demo.com         | NS   | ns1.kifarunix-demo.com                                      | 86400 | NULL |        0 | NULL      |    1 |
|  3 |         1 | ns1.kifarunix-demo.com     | A    | 192.168.57.3                                                |   120 | NULL |        0 | NULL      |    1 |
|  4 |         1 | news.kifarunix-demo.com    | A    | 192.168.58.45                                               |   120 | NULL |        0 | NULL      |    1 |
|  5 |         1 | kifarunix-demo.com         | MX   | mail.kifarunix-demo.com                                     |   120 |   25 |        0 | NULL      |    1 |
|  6 |         2 | 57.168.192.in-addr.arpa    | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |
|  7 |         2 | 57.168.192.in-addr.arpa    | NS   | ns1.kifarunix-demo.com                                      |   120 | NULL |        0 | NULL      |    1 |
|  8 |         2 | 3.57.168.192.in-addr.arpa  | PTR  | ns1.kifarunix-demo.com                                      |   120 | NULL |        0 | NULL      |    1 |
|  9 |         2 | 45.57.168.192.in-addr.arpa | PTR  | news.kifarunix-demo.com                                     |   120 | NULL |        0 | NULL      |    1 |
+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+

So what is domain_id, name, type, prio, ttl? Read about them on the PowerDNS Regular Queries page.

Verify PowerDNS Reverse Resolution

Exit the database and run the reverse DNS queries to confirm if all is well.

dig -x 192.168.57.45 @127.0.0.1 +short
news.kifarunix-demo.com.
dig -x 192.168.57.3 @127.0.0.1 +short
ns1.kifarunix-demo.com.

Magnificent!!!

Note that all this can be easily be done from the web but, that is tutorial for another day.

Open DNS Port on UFW

For the remote hosts to be able to use the PowerDNS for their name resolution, you need to open the DNS port 53/UDP;

ufw allow from 192.168.0.0/16 to any port 53 proto udp

This allows DNS queries from 192.168.0.0/16 subnet.

Configure DNS Server on Client Systems

For testing purposes, overwrite your /etc/resolv.conf file with PowerDNS nameserver entry.

echo "nameserver 192.168.57.3" > /etc/resolv.conf

Verify Client Forward DNS Resolution

Next, perform DNS resolution using any DNS utilities.

dig news.kifarunix-demo.com
; <<>> DiG 9.16.1-Ubuntu <<>> news.kifarunix-demo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56258
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;news.kifarunix-demo.com.	IN	A

;; ANSWER SECTION:
news.kifarunix-demo.com. 120	IN	A	192.168.58.45

;; Query time: 3 msec
;; SERVER: 192.168.57.3#53(192.168.57.3)
;; WHEN: Sat Oct 10 09:18:54 EAT 2020
;; MSG SIZE  rcvd: 68
nslookup ns1.kifarunix-demo.com
Server:		192.168.57.3
Address:	192.168.57.3#53

Name:	ns1.kifarunix-demo.com
Address: 192.168.57.3
host ns1.kifarunix-demo.com
ns1.kifarunix-demo.com has address 192.168.57.3

Verify Client Reverse DNS Resolution

dig -x 192.168.57.3 +short
ns1.kifarunix-demo.com.
nslookup 192.168.57.3
3.57.168.192.in-addr.arpa name = ns1.kifarunix-demo.com.
host 192.168.57.3
3.57.168.192.in-addr.arpa domain name pointer ns1.kifarunix-demo.com.

Beautiful. In our next guide, we will learn how to manage PowerDNS using a web tool called PowerDNS Admin (link is provided below). For now, that is how simple it is to install and setup PowerDNS on Ubuntu 20.04.

Easily Install and Setup PowerDNS Admin on Ubuntu 20.04

Reference

PowerDNS Authoritative Nameserver Documentation

Related Tutorials

Configure Local DNS Server using Dnsmasq on Ubuntu 20.04

Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04

Configure BIND DNS Server using Webmin on CentOS 8

Setup Bind DNS Using Webmin on Debian 10

Configure BIND as Slave DNS Server on Ubuntu 18.04

Setup Master-Slave DNS Server using BIND on CentOS 7

RELATED ARTICLESMORE FROM AUTHOR

5 COMMENTS

  1. Super howto, thanks a lot!!

    i think there a little error in reversdns config,
    | 4 | 1 | news.kifarunix-demo.com | A | 192.168.58.45
    | 9 | 2 | 45.57.168.192.in-addr.arpa | PTR | news.kifarunix-demo.com
    If news server is in a different subnet, (192.168.58.45/24) should we create another reverse zone with SOA?

  2. I installed PowerDNS on an AWS-EC2 Ubuntu 20.04 instance. Everything works fine up to the section :Configure DNS Server on Client Systems” until I changed the content of /etc/resolv.conf from 8.8.8.8 to 172.31.58.45 (since the ec2 IPv4 CIDR is 172.31.0.0/16) and ran “dig news.view-demo.com” The command just times out.
    When I set it back to 8.8.8.8, dig news.view-demo.com gives the expected output.

    Any ideas why?

LEAVE A REPLY

Please enter your comment!
Please enter your name here