Easily Install PowerDNS Admin on Debian 11/Debian 10

|
Last Updated:
|
|

In this tutorial, you will learn how to easily install PowerDNS Admin on Debian 11/Debian 10. PowerDNS Admin is a web administrative interface for PowerDNS. It enables you to easily create and manage DNS zones from a web browser.

PowerDNS Admin provides advanced features for managing PowerDNS. These include;

  • Multiple domain management
  • Domain template
  • User management
  • User access management based on domain
  • User activity logging
  • Support Local DB / SAML / LDAP / Active Directory user authentication
  • Support Google / Github / Azure / OpenID OAuth
  • Support Two-factor authentication (TOTP)
  • Dashboard and pdns service statistics
  • DynDNS 2 protocol support
  • Edit IPv6 PTRs using IPv6 addresses directly (no more editing of literal addresses!)
  • Limited API for manipulating zones and records

Installing PowerDNS Admin on Debian 11/Debian 10

Install and Setup PowerDNS on Debian 11/Debian 10

Follow the link below to install PowerDNS on Debian 11/Debain 10:

Easily Install and Setup PowerDNS on Debian 11/Debian 10

NOTE: We installed PowerDNS Admin on the same server with PowerDNS already installed.

Install Required Package Dependencies

Install Python 3 library and development tools

apt install python3-dev

Install various required build tools and package dependencies.

apt install libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential libmariadb-dev git python3-flask -y

Install NodeJS on Debian 10/Debian 11;

apt install curl sudo git -y
curl -sL https://deb.nodesource.com/setup_17.x | sudo -E bash -
apt install -y nodejs

Install Yarn on Debian 11/Debian 10

curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
apt update
apt install yarn -y

Install Nginx HTTP Server Debian 10/Debian 11

apt install nginx -y

Clone PowerDNS Admin Source Code to Web Root Directory

Clone PowerDNS Admin git source code to your Nginx web root directory.

In this setup, we use, /var/www/html/pdns, as our PowerDNS Admin web root directory. It can be different for your case.

git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /var/www/html/pdns

Create PowerDNS Admin Virtualenv

Navigate to the PowerDNS Admin web root directory and create a virtualenv.

cd /var/www/html/pdns/
virtualenv -p python3 flask

Next, active your Python 3 Virtual environment and install required Python 3 libraries

source ./flask/bin/activate
pip install -r requirements.txt

Configure PowerDNS Admin Database Connection

Exit the virtualenv.

deactivate

Edit the default PowerDNS admin configuration file, $WEB_ROOT/powerdnsadmin/default_config.py, to define the database connection details.

Replace the $WEB_ROOT with the path to your web root directory.

vim /var/www/html/pdns/powerdnsadmin/default_config.py

On the basic App configs, you can replace the SALT and SECRET_KEY keys, set the bind address and port;


### BASIC APP CONFIG
SALT = 'xohDoozee8Zuneekooch9ohrieghei'
SECRET_KEY = 'hohru1aethaeyahpheH7Gaathaikah'
BIND_ADDRESS = '192.168.58.22'
PORT = 9191
HSTS_ENABLED = False
OFFLINE_MODE = False

On the database configs, configure your PowerDNS database connection details. Note that we are using the details already created while setting up PowerDNS as defined in our guide.


### DATABASE CONFIG
SQLA_DB_USER = 'pdnsadmin'
SQLA_DB_PASSWORD = 'PdnSPassW0rd'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_NAME = 'kifarunixdemopdns'
SQLALCHEMY_TRACK_MODIFICATIONS = True

Save and exit the configuration.

Next, reactivate the virtualenv run the DB migration;

cd /var/www/html/pdns/
source ./flask/bin/activate
export FLASK_APP=powerdnsadmin/__init__.py
flask db upgrade

Once the command above completes, generate asset files with yarn;

yarn install --pure-lockfile
flask assets build

Deactivate virtual environment.

deactivate

Running PowerDNS Admin

Once it is setup, you can run PowerDNS admin in standalone mode, by executing the run.py in the web root directory.

In this setup, we will be using Nginx web server to access the PowerDNS Admin.

Enable PowerDNS API access

The PowerDNS Authoritative Server features a built-in webserver that exposes a JSON/REST API. This API allows for controlling several functions, reading statistics and modifying zone content, metadata and DNSSEC key material“.

  • Open PowerDNS configuration file
  • Enable API
  • Generate and set the API Key;
vim /etc/powerdns/pdns.conf

#################################
# api   Enable/disable the REST API (including HTTP listener)
#
# api=no
api=yes

#################################
# api-key       Static pre-shared authentication key for access to the REST API
#
# api-key=
api-key=ahqu4eiv2vaideep8AQu9nav5Aing0

Save and exit the file and restart PowerDNS;

systemctl restart pdns

Create PowerDNS Admin Nginx Site

Create PowerDNS Admin Nginx site with the contents below. Replace web root directory accordingly.

vim /etc/nginx/conf.d/pdns-admin.conf

server {
  listen	*:80;
  server_name               pdnsadmin.kifarunix-demo.com;

  index                     index.html index.htm index.php;
  root                      /var/www/html/pdns;
  access_log                /var/log/nginx/pdnsadmin_access.log combined;
  error_log                 /var/log/nginx/pdnsadmin_error.log;

  client_max_body_size              10m;
  client_body_buffer_size           128k;
  proxy_redirect                    off;
  proxy_connect_timeout             90;
  proxy_send_timeout                90;
  proxy_read_timeout                90;
  proxy_buffers                     32 4k;
  proxy_buffer_size                 8k;
  proxy_set_header                  Host $host;
  proxy_set_header                  X-Real-IP $remote_addr;
  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size    64;

  location ~ ^/static/  {
    include  /etc/nginx/mime.types;
    root /var/www/html/pdns/powerdnsadmin;

    location ~*  \.(jpg|jpeg|png|gif)$ {
      expires 365d;
    }

    location ~* ^.+.(css|js)$ {
      expires 7d;
    }
  }

  location / {
    proxy_pass            http://unix:/run/pdnsadmin/socket;
    proxy_read_timeout    120;
    proxy_connect_timeout 120;
    proxy_redirect        off;
  }

}

Save and exit the file.

Remove the default Nginx default site.

mv /etc/nginx/sites-enabled/default{,.old}

Run config syntax check.

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Set ownership of Pdns Admin web root directory to web user;

chown -R www-data: /var/www/html/pdns

Restart Nginx;

systemctl restart nginx

Create PowerDNS Admin Systemd Service Unit

To be able to run PowerDNS Admin as a systemd service, create a unit file by running the command below;


cat > /etc/systemd/system/pdnsadmin.service << 'EOL'           
[Unit]
Description=PowerDNS-Admin
Requires=pdnsadmin.socket
After=network.target

[Service]
PIDFile=/run/pdnsadmin/pid
User=pdns
Group=pdns
WorkingDirectory=/var/www/html/pdns
ExecStart=/var/www/html/pdns/flask/bin/gunicorn --pid /run/pdnsadmin/pid --bind unix:/run/pdnsadmin/socket 'powerdnsadmin:create_app()'
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOL

cat > /etc/systemd/system/pdnsadmin.socket << 'EOL'
[Unit]
Description=PowerDNS-Admin socket

[Socket]
ListenStream=/run/pdnsadmin/socket

[Install]
WantedBy=sockets.target
EOL
echo "d /run/pdnsadmin 0755 pdns pdns -" >> /etc/tmpfiles.d/pdnsadmin.conf
mkdir /run/pdnsadmin/
chown -R pdns: /run/pdnsadmin/
chown -R pdns: /var/www/html/pdns/powerdnsadmin/

Reload System Configurations and start and enable PowerDNS Admin service to run on system boot;

systemctl enable --now pdnsadmin.service pdnsadmin.socket

Check the status;

systemctl status pdnsadmin.service pdnsadmin.socket

● pdnsadmin.service - PowerDNS-Admin
   Loaded: loaded (/etc/systemd/system/pdnsadmin.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-11-28 02:00:51 EST; 10s ago
 Main PID: 13859 (gunicorn)
    Tasks: 2 (limit: 2359)
   Memory: 65.7M
   CGroup: /system.slice/pdnsadmin.service
           ├─13859 /var/www/html/pdns/flask/bin/python3 /var/www/html/pdns/flask/bin/gunicorn --pid /run/pdnsadmin/pid --bind unix:/run/pdnsadmin/socket powerdnsadmin:creat
           └─13862 /var/www/html/pdns/flask/bin/python3 /var/www/html/pdns/flask/bin/gunicorn --pid /run/pdnsadmin/pid --bind unix:/run/pdnsadmin/socket powerdnsadmin:creat

Nov 28 02:00:51 debian systemd[1]: Started PowerDNS-Admin.
Nov 28 02:00:51 debian gunicorn[13859]: [2021-11-28 02:00:51 -0500] [13859] [INFO] Starting gunicorn 20.0.4
Nov 28 02:00:51 debian gunicorn[13859]: [2021-11-28 02:00:51 -0500] [13859] [INFO] Listening at: unix:/run/pdnsadmin/socket (13859)
Nov 28 02:00:51 debian gunicorn[13859]: [2021-11-28 02:00:51 -0500] [13859] [INFO] Using worker: sync
Nov 28 02:00:51 debian gunicorn[13859]: [2021-11-28 02:00:51 -0500] [13862] [INFO] Booting worker with pid: 13862

● pdnsadmin.socket - PowerDNS-Admin socket
   Loaded: loaded (/etc/systemd/system/pdnsadmin.socket; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-11-28 02:00:51 EST; 10s ago
   Listen: /run/pdnsadmin/socket (Stream)
   CGroup: /system.slice/pdnsadmin.socket

Nov 28 02:00:51 debian systemd[1]: Listening on PowerDNS-Admin socket.

Accessing PowerDNS Admin Web Interface

Open Nginx on firewall to allow external access;

ufw allow "Nginx Full"

As per our configuration above, you can access PowerDNS Admin web interface via the address http://server-hostname. You should be able to see the PowerDNS Admin login screen. (if not, check status of the PowerDNS admin service or Nginx error logs for hints).

pdns web login

Create PowerDNS Admin administrative user account

Click Create an account to create the very first PowerDNS Admin admin user. Enter the user details.

powerdns create user account

Click Register to create an account.

After that, login using the user details you provided. Upon successful login, you should land on PowerDNS Admin interface.

You will see an error asking you to complete the API setup.

For PowerDNS Admin to be able to connect to PowerDNS and manage it, you need to provide:

  • the API Key URL, usually, http://127.0.0.1:8081 by default
  • the API Key you defined in the PowerDNS configuration file.
powerdns api setup

Click Update and the error should just disappear.

Click on the Dashboard to go to PowerDNS Admin dashboard.

pdns dashboard

As you can see, we already added the DNS records in our previous guide.

If you click on the domain name under Hosted Domains (highlighted on the screenshot above), you should the records we already added;

pdns zone records

That is the forward zone records.

If you click on the reverse zone under the Dashboard > Hosted Domains in-addr, you should see the reverse zone records.

pdns reverse zone records

You can now manage your DNS records easily.

That concludes our tutorial.

Other tutorials

Easily Install and Setup PowerDNS Admin on Ubuntu 20.04

Easily Install and Setup PowerDNS on Ubuntu 20.04

Setup Bind DNS Using Webmin on Debian 10

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment