Welcome to our tutorial on how to easily install and setup PowerDNS on Ubuntu 22.04. PowerDNS “is a premier supplier of open source DNS software, services and support“. It provides both the Authoritative Server and the Recursor DNS products. According to PowerDNS documentation page;
- The Authoritative Server will answer questions about domains it knows about, but will not go out on the net to resolve queries about other domains. When the Authoritative Server answers a question, it comes out of the database, and can be trusted as being authoritative. There is no way to pollute the cache or to confuse the daemon.
- The Recursor, conversely, by default has no knowledge of domains itself, but will always consult other authoritative servers to answer questions given to it.
Table of Contents
Installing PowerDNS on Ubuntu 22.04
What Features Does PowerDNS Provide?
PowerDNS;
- offers very high domain resolution performance.
- supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing/failover algorithms.
- offers better security features.
- its source code is reasonably small which makes auditing easy.
- it give a lot of statistics on its operation which is both helpful in determining the scalability of an installation as well as for spotting problems.
Run System Update
To begin with, update your system package and upgrade to your system packages as well.
apt update
apt upgrade
If system reboot is required, then reboot;
[[ -f /var/run/reboot-required ]] && systemctl reboot -iInstall PowerDNS Relational Database (MariaDB)
As stated above, the authoritative PowerDNS server supports different backends ranging from database backends such as MySQL, PostgreSQL, Oracle and BIND zone files to co-processes and JSON API’s.
Since we are going to easily install and setup PowerDNS as our local authoritative nameserver, we will use one of the relational databases, and in this setup, we go with MariaDB.
To install the latest and stable release version of MariaDB, you need to install MariaDB repos.
apt install software-properties-common gnupg2
curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash
apt update
apt install mariadb-server
Once the installation is done, check if the MariaDB service is running (it should be running upon installation);
systemctl status mariadb
● mariadb.service - MariaDB 11.0.2 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: active (running) since Fri 2023-07-28 04:44:22 UTC; 7s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 3794 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 3795 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 3797 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-en>
Process: 3837 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 3839 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
Main PID: 3826 (mariadbd)
Status: "Taking your SQL requests now..."
Tasks: 12 (limit: 2219)
Memory: 78.7M
CPU: 334ms
CGroup: /system.slice/mariadb.service
└─3826 /usr/sbin/mariadbd
Jul 28 04:44:22 jammy mariadbd[3826]: 2023-07-28 4:44:22 0 [Note] Plugin 'wsrep-provider' is disabled.
Jul 28 04:44:22 jammy mariadbd[3826]: 2023-07-28 4:44:22 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
Jul 28 04:44:22 jammy mariadbd[3826]: 2023-07-28 4:44:22 0 [Note] Server socket created on IP: '127.0.0.1'.
Jul 28 04:44:22 jammy mariadbd[3826]: 2023-07-28 4:44:22 0 [Note] InnoDB: Buffer pool(s) load completed at 230728 4:44:22
Jul 28 04:44:22 jammy mariadbd[3826]: 2023-07-28 4:44:22 0 [Note] /usr/sbin/mariadbd: ready for connections.
Jul 28 04:44:22 jammy mariadbd[3826]: Version: '11.0.2-MariaDB-1:11.0.2+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
Jul 28 04:44:22 jammy systemd[1]: Started MariaDB 11.0.2 database server.
Jul 28 04:44:22 jammy /etc/mysql/debian-start[3841]: Upgrading MySQL tables if necessary.
Jul 28 04:44:22 jammy /etc/mysql/debian-start[3852]: Checking for insecure root accounts.
Jul 28 04:44:22 jammy /etc/mysql/debian-start[3856]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables
Run the initial MySQL security script to remove anonymous users and test databases, disallow remote root login.
mysql_secure_installation
Installing PowerDNS on Ubuntu 22.04
Disable systemd-resolved service
Before you can install PowerDNS on Ubuntu 22.04, you need to disable systemd-resolved service (system service that provides network name resolution to local applications).
systemctl disable --now systemd-resolved
Update resolv.conf file with your custom DNS server details to enable you do the installation.
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Install PowerDNS on Ubuntu 22.04
Once that is done, install PowerDNS on Ubuntu 22.04. PowerDNS is provided by the pdns-server package.
apt install pdns-server
You also need to install PowerDNS nameserver MySQL backend;
apt install pdns-backend-mysql
Create PowerDNS Database on Ubuntu 22.04
Now that PowerDNS and its MySQL backend packages are installed, login to MariaDB and create a database for PowerDNS nameserver.
Be sure to use your preferred database names and database usernames. Names used here are not standard.
mariadb -u root -p -e "create database kifarunixdemopdns;"
Create a PowerDNS database user and grant all privileges on the PowerDNS database. Replace the password accordingly.
mariadb -u root -p -e "grant all on kifarunixdemopdns.* to pdnsadmin@localhost identified by 'PdnSPassW0rd';"
Reload the privileges tables;
mariadb -u root -p -e "flush privileges;"
Import PowerDNS Database Schema
The default PowerDNS database schema is available under /usr/share/pdns-backend-mysql/schema/ directory as schema.mysql.sql. You need to import this schema to the PowerDNS database created above;
mariadb -u pdnsadmin -p kifarunixdemopdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
To verify the PowerDNS database schema import, try to list available tables;
mariadb-show kifarunixdemopdns
Database: kifarunixdemopdns
+----------------+
| Tables |
+----------------+
| comments |
| cryptokeys |
| domainmetadata |
| domains |
| records |
| supermasters |
| tsigkeys |
+----------------+
Configure PowerDNS Database Connection Details
Create a configuration file, as shown below, where to define the PowerDNS database connection details.
Be sure to update your database connection details accordingly.
vim /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# MySQL Configuration
#
# Launch gmysql backend
launch+=gmysql
# gmysql parameters
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=kifarunixdemopdns
gmysql-user=pdnsadmin
gmysql-password=PdnSPassW0rd
gmysql-dnssec=yes
# gmysql-socket=
Save and exit the file.
Adjust the permissions and ownership of the database connection details.
chmod 640 /etc/powerdns/pdns.d/pdns.local.gmysql.conf
chown :pdns /etc/powerdns/pdns.d/pdns.local.gmysql.confVerify PowerDNS database connection
If PowerDNS is already running, stop it and run it in the foreground to verify if it can connect to the database;
systemctl stop pdns.service
pdns_server --daemon=no --guardian=no --loglevel=9
Jul 28 04:49:36 Loading '/usr/lib/x86_64-linux-gnu/pdns/libbindbackend.so'
Jul 28 04:49:36 [bind2backend] This is the bind backend version 4.5.3 (with bind-dnssec-db support) reporting
Jul 28 04:49:36 Loading '/usr/lib/x86_64-linux-gnu/pdns/libgmysqlbackend.so'
Jul 28 04:49:36 [gmysqlbackend] This is the gmysql backend version 4.5.3 reporting
Jul 28 04:49:36 This is a standalone pdns
Jul 28 04:49:36 Created local state directory '/var/run/pdns/'
Jul 28 04:49:36 Listening on controlsocket in '/var/run/pdns/pdns.controlsocket'
Jul 28 04:49:36 [bindbackend] Parsing 0 domain(s), will report when done
Jul 28 04:49:36 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
Jul 28 04:49:36 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.
Jul 28 04:49:36 UDP server bound to 0.0.0.0:53
Jul 28 04:49:36 UDP server bound to [::]:53
Jul 28 04:49:36 TCP server bound to 0.0.0.0:53
Jul 28 04:49:36 TCP server bound to [::]:53
Jul 28 04:49:36 PowerDNS Authoritative Server 4.5.3 (C) 2001-2021 PowerDNS.COM BV
Jul 28 04:49:36 Using 64-bits mode. Built using gcc 11.2.0.
Jul 28 04:49:36 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Jul 28 04:49:36 Creating backend connection for TCP
Jul 28 04:49:36 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.
Jul 28 04:49:36 About to create 3 backend threads for UDP
Jul 28 04:49:36 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.
Jul 28 04:49:36 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.
Jul 28 04:49:36 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.
Jul 28 04:49:36 Done launching threads, ready to distribute questions
If you encounter any error, please fix it before you can proceed.
Press Ctrl+c to stop above process.
Restart PowerDNS
systemctl restart pdns
Check the status;
systemctl status pdns
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-07-28 04:50:07 UTC; 5s ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 6020 (pdns_server)
Tasks: 8 (limit: 2219)
Memory: 43.1M
CPU: 101ms
CGroup: /system.slice/pdns.service
└─6020 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Jul 28 04:50:07 jammy pdns_server[6020]: UDP server bound to [::]:53
Jul 28 04:50:07 jammy pdns_server[6020]: TCP server bound to 0.0.0.0:53
Jul 28 04:50:07 jammy pdns_server[6020]: TCP server bound to [::]:53
Jul 28 04:50:07 jammy pdns_server[6020]: PowerDNS Authoritative Server 4.5.3 (C) 2001-2021 PowerDNS.COM BV
Jul 28 04:50:07 jammy pdns_server[6020]: Using 64-bits mode. Built using gcc 11.2.0.
Jul 28 04:50:07 jammy pdns_server[6020]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms o>
Jul 28 04:50:07 jammy pdns_server[6020]: Creating backend connection for TCP
Jul 28 04:50:07 jammy systemd[1]: Started PowerDNS Authoritative Server.
Jul 28 04:50:07 jammy pdns_server[6020]: About to create 3 backend threads for UDP
Jul 28 04:50:07 jammy pdns_server[6020]: Done launching threads, ready to distribute questions
Verify the DNS port UDP/TCP port 53 are opened
ss -alnp4 | grep pdns
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pdns_server",pid=2861,fd=5))
tcp LISTEN 0 128 0.0.0.0:53 0.0.0.0:* users:(("pdns_server",pid=2861,fd=7))
Creating PowerDNS Forward Zone Records
As much as you can create zones by manipulating the database directly, it is recommended to use pdnsutil tool instead.
Use the command below to add records;
pdnsutil add-record ZONE NAME TYPE [ttl] contentCreate DNS Forward Zone
Hence, to start with create Forward Zone;
pdnsutil create-zone kifarunix-demo.comThere are various PowerDNS operation modes. Native operation mode is the default mode for PowerDNS. You can list by running;
pdnsutil list-all-zones nativeUpdate SOA Record
When you create a zone, SOA (Start Of Authority) record is inserted automatically.
You can show the details by running the command;
pdnsutil list-zone kifarunix-demo.comSample Output;
Jul 28 06:01:40 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
kifarunix-demo.com 3600 IN SOA a.misconfigured.dns.server.invalid hostmaster.kifarunix-demo.com 0 10800 3600 604800 3600
The SOA stored format is:
primary hostmaster serial refresh retry expire default_ttlWhere:
- primary: default-soa-name configuration option
- hostmaster:
hostmaster@domain-name - serial: 0
- refresh: 10800 (3 hours)
- retry: 3600 (1 hour)
- expire: 604800 (1 week)
- default_ttl: 3600 (1 hour)
Update the SOA to accordingly.
export EDITOR=vimpdnsutil edit-zone kifarunix-demo.comThe contents of the zone will look like this for my setup;
; Warning - every name in this file is ABSOLUTE!
$ORIGIN .
kifarunix-demo.com 3600 IN SOA a.misconfigured.dns.server.invalid hostmaster.kifarunix-demo.com 0 10800 3600 604800 3600
We will only update the default-soa-content name and hostmaster such that it may look like;
; Warning - every name in this file is ABSOLUTE!
$ORIGIN .
kifarunix-demo.com 3600 IN SOA ns1.kifarunix-demo.com admin.kifarunix-demo.com 0 10800 3600 604800 3600
Save and exit the file and apply the changes.
Jul 28 06:06:40 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
[Error] No NS record at zone apex in zone 'kifarunix-demo.com'
Checked 1 records of 'kifarunix-demo.com', 1 errors, 0 warnings.
There was a problem with your zone
Options are: (e)dit your changes, (r)etry with original zone, (a)pply change anyhow, (q)uit:
a
Detected the following changes:
-kifarunix-demo.com 3600 IN SOA a.misconfigured.dns.server.invalid hostmaster.kifarunix-demo.com 0 10800 3600 604800 3600
+kifarunix-demo.com 3600 IN SOA ns1.kifarunix-demo.com admin.kifarunix-demo.com 0 10800 3600 604800 3600
(a)pply these changes, (e)dit again, (r)etry with original zone, (q)uit: a
Adding empty non-terminals for non-DNSSEC zone 'kifarunix-demo.com', 1 updates
Ignore the errors to do with NS records for now.
Create Nameserver NS records
pdnsutil add-record kifarunix-demo.com @ NS 86400 ns1.kifarunix-demo.comInsert A Records for the Nameserver.
Replace the IPs accordingly.
pdnsutil add-record kifarunix-demo.com ns1 A 120 192.168.57.3Insert other systems A records;
pdnsutil add-record kifarunix-demo.com news A 120 192.168.58.45pdnsutil add-record kifarunix-demo.com mail A 120 192.168.57.25Insert MX records
pdnsutil add-record kifarunix-demo.com @ MX 120 "10 mail.kifarunix-demo.com"List DNS Records
So far so good, that is enough for our demo and this is how our records look like;
pdnsutil list-zone kifarunix-demo.com
Jul 28 06:12:12 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
kifarunix-demo.com 120 IN MX 10 mail.kifarunix-demo.com.
kifarunix-demo.com 86400 IN NS ns1.kifarunix-demo.com.
kifarunix-demo.com 3600 IN SOA ns1.kifarunix-demo.com admin.kifarunix-demo.com 0 10800 3600 604800 3600
lb001.kifarunix-demo.com 120 IN A 192.168.59.100
mail.kifarunix-demo.com 120 IN A 192.168.57.25
news.kifarunix-demo.com 120 IN A 192.168.58.45
ns1.kifarunix-demo.com 120 IN A 192.168.57.3
Verify PowerDNS Forward Resolution
Once the records are populated into the DB, very the PowerDNS resolution;
apt install dnsutils -ydig ns1.kifarunix-demo.com @127.0.0.1
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> ns1.kifarunix-demo.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27631
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.kifarunix-demo.com. IN A
;; ANSWER SECTION:
ns1.kifarunix-demo.com. 120 IN A 192.168.57.3
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 28 06:13:00 UTC 2023
;; MSG SIZE rcvd: 67
dig MX kifarunix-demo.com @127.0.0.1
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> MX kifarunix-demo.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51106
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kifarunix-demo.com. IN MX
;; ANSWER SECTION:
kifarunix-demo.com. 120 IN MX 10 mail.kifarunix-demo.com.
;; ADDITIONAL SECTION:
mail.kifarunix-demo.com. 120 IN A 192.168.57.25
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 28 06:13:20 UTC 2023
;; MSG SIZE rcvd: 84
Creating PowerDNS Reverse Zone Records
Create DNS Reverse Zone
The reverse DNS zone for a specific network is typically represented by reversing the octets of the network's subnet. For example:
- 192.168.58.0/24 -> Reverse zone: 58.168.192.in-addr.arpa.
- 192.168.59.0/24 -> Reverse zone: 59.168.192.in-addr.arpa.
- 192.168.60.0/24 -> Reverse zone: 60.168.192.in-addr.arpa.
In such a case, you can create reverse zone for each network;
pdnsutil create-zone 58.168.192.in-addr.arpapdnsutil create-zone 57.168.192.in-addr.arpapdnsutil create-zone 59.168.192.in-addr.arpaOR;
You can just create a reverse zone like (We will use this in this guide);
pdnsutil create-zone 168.192.in-addr.arpaUpdate reverse zone SOA, the name and hostmaster such that they may look like a shown below.
pdnsutil list-zone 168.192.in-addr.arpa
Jul 28 06:18:11 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
168.192.in-addr.arpa 3600 IN SOA a.misconfigured.dns.server.invalid hostmaster.168.192.in-addr.arpa 0 10800 3600 604800 3600
pdnsutil edit-zone 168.192.in-addr.arpa
Jul 28 06:22:21 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
168.192.in-addr.arpa 3600 IN SOA ns1.kifarunix-demo.com admin.kifarunix.demo.com 0 10800 3600 604800 3600
Insert NS Reverse Zone Record
pdnsutil add-record 168.192.in-addr.arpa @ NS 86400 ns1.kifarunix-demo.comInsert PTR Records for NS
pdnsutil add-record 168.192.in-addr.arpa 3.57 PTR 120 ns1.kifarunix-demo.comInsert Other Domains PTR Records
pdnsutil add-record 168.192.in-addr.arpa 45.58 PTR 120 news.kifarunix-demo.compdnsutil add-record 168.192.in-addr.arpa 25.57 PTR 120 mail.kifarunix-demo.compdnsutil add-record 168.192.in-addr.arpa 100.59 PTR 120 lb001.kifarunix-demo.comNow the general reverse records look like;
pdnsutil list-zone 168.192.in-addr.arpa
root@jammy:~# pdnsutil list-zone 168.192.in-addr.arpa
Jul 28 06:27:51 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
100.59.168.192.in-addr.arpa 120 IN PTR lb001.kifarunix-demo.com
168.192.in-addr.arpa 3600 IN SOA ns1.kifarunix-demo.com admin.kifarunix.demo.com 0 10800 3600 604800 3600
25.57.168.192.in-addr.arpa 120 IN PTR mail.kifarunix-demo.com
3.57.168.192.in-addr.arpa 120 IN PTR ns1.kifarunix-demo.com
45.58.168.192.in-addr.arpa 120 IN PTR news.kifarunix-demo.com
Verify PowerDNS Reverse Resolution
Exit the database and run the reverse DNS queries to confirm if all is well.
dig -x 192.168.58.45 @127.0.0.1
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> -x 192.168.58.45 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23089
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;45.58.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
45.58.168.192.in-addr.arpa. 120 IN PTR news.kifarunix-demo.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 28 06:28:27 UTC 2023
;; MSG SIZE rcvd: 92
dig -x 192.168.57.25 @127.0.0.1
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> -x 192.168.57.25 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19810
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;25.57.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
25.57.168.192.in-addr.arpa. 120 IN PTR mail.kifarunix-demo.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 28 06:28:51 UTC 2023
;; MSG SIZE rcvd: 92
Magnificent!!!
Manage DNS Zones and Records from Web UI
Note that all this can be easily be done from the web. Check the guide below;
Install and Setup PowerDNS Admin on Ubuntu 22.04
Open DNS Port on UFW
For the remote hosts to be able to use the PowerDNS for their name resolution, you need to open the DNS port 53/UDP;
ufw allow from 192.168.0.0/16 to any port 53 proto udp
This allows DNS queries from 192.168.0.0/16 subnet.
Configure DNS Server on Client Systems
For testing purposes, overwrite your /etc/resolv.conf file with PowerDNS nameserver entry.
echo "nameserver 192.168.58.33" > /etc/resolv.conf
Verify Client Forward DNS Resolution
Next, perform DNS resolution using any DNS utilities.
dig news.kifarunix-demo.com
; <<>> DiG 9.16.1-Ubuntu <<>> news.kifarunix-demo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6179
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;news.kifarunix-demo.com. IN A
;; ANSWER SECTION:
news.kifarunix-demo.com. 120 IN A 192.168.58.45
;; Query time: 0 msec
;; SERVER: 192.168.58.33#53(192.168.58.33)
;; WHEN: Fri Jul 28 06:29:42 UTC 2023
;; MSG SIZE rcvd: 68
nslookup ns1.kifarunix-demo.com
Server: 192.168.58.33
Address: 192.168.58.33#53
Name: ns1.kifarunix-demo.com
Address: 192.168.57.3
host ns1.kifarunix-demo.com
ns1.kifarunix-demo.com has address 192.168.57.3
Verify Client Reverse DNS Resolution
dig -x 192.168.57.3 +short
ns1.kifarunix-demo.com.
nslookup 192.168.57.3
3.57.168.192.in-addr.arpa name = ns1.kifarunix-demo.com.
host 192.168.57.3
3.57.168.192.in-addr.arpa domain name pointer ns1.kifarunix-demo.com.
In our next guide, we will learn how to manage PowerDNS using a web tool called PowerDNS Admin.
Reference
PowerDNS Authoritative Nameserver Documentation
