Step 1: Package Installation
Add the repository of the authoritarian server and install it:
[root@localhost ~]# yum install epel-release yum-plugin-priorities -y [root@localhost ~]# curl -o /etc/yum.repos.d/powerdns-auth-41.repo https://repo.powerdns.com/repo-files/centos-auth-41.repo [root@localhost ~]# yum install pdns -y
Add the recursive server repository and install it:
[root@localhost ~]# curl -o /etc/yum.repos.d/powerdns-rec-41.repo https://repo.powerdns.com/repo-files/centos-rec-41.repo [root@localhost ~]# yum install pdns-recursor -y
Necessarily, install the backend with which we will work, MySQL is a good choice, we will install it:
yum install pdns-backend-mysql
Step 2: Creation of DB
After installing MySQL, let’s start creating the database. Necessarily is to create a new MySQL user to work with PowerDNS
GRANT ALL PRIVILEGES ON `pdns`.* TO 'pdns'@'localhost' IDENTIFIED BY 'STRONG_PASSWORD' WITH GRANT OPTION;
Create a database for PowerDNS and select it:
CREATE DATABASE pdns; USE pdns;
We execute the following commands to create tables:
CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT UNSIGNED DEFAULT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX ordername ON records (ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, comment TEXT CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
Step 3: Setting up of an authoritarian server
Open the configuration file /etc/pdns/pdns.conf and bring it to the following form:
setuid=pdns setgid=pdns launch=gmysql gmysql-host=127.0.0.1 gmysql-user=pdns gmysql-dbname=pdns gmysql-password=STRONG_PASSWORD allow-axfr-ips=127.0.0.1/32 cache-ttl=60 control-console=no default-soa-name=dns1.mydns.com default-soa-mail=admin@mydns.com default-ttl=3600 disable-axfr=no local-port=5300 local-address=127.0.0.1 log-dns-queries=yes logging-facility=0 loglevel=4 max-queue-length=5000 max-tcp-connections=20 master=yes
Add the service to autoload and run:
[root@localhost~]# systemctl enable pdns && systemctl start pdns
Check that the server starts without errors and everything is in order:
[root@localhost ~]# systemctl status pdns -l
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-03-01 11:31:25 UTC; 29s ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 28456 (pdns_server)
CGroup: /system.slice/pdns.service
└─28456 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Mar 01 11:31:25 mydns.com pdns_server[28456]: PowerDNS Authoritative Server 4.1.1 (C) 2001-2017 PowerDNS.COM BV
Mar 01 11:31:25 mydns.com pdns_server[28456]: Using 64-bits mode. Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-16) on Feb 16 2018 10:08:16 by buildbot@aa8d6590639b.
Mar 01 11:31:25 mydns.com pdns_server[28456]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Mar 01 11:31:25 mydns.com pdns_server[28456]: Polled security status of version 4.1.1 at startup, no known issues reported: OK
Mar 01 11:31:25 mydns.com pdns_server[28456]: Creating backend connection for TCP
Mar 01 11:31:25 mydns.com pdns_server[28456]: Master/slave communicator launching
Mar 01 11:31:25 mydns.com systemd[1]: Started PowerDNS Authoritative Server.
Mar 01 11:31:25 mydns.com pdns_server[28456]: About to create 3 backend threads for UDP
Mar 01 11:31:25 mydns.com pdns_server[28456]: No master domains need notifications
Mar 01 11:31:25 mydns.com pdns_server[28456]: Done launching threads, ready to distribute questions
Step 4: Setting up a recursive server
Open the configuration file /etc/pdns-recursor/recursor.conf and bring it to the following form:
setuid=pdns-recursor setgid=pdns-recursor local-address=127.0.0.1 local-port=5301 hint-file=/etc/pdns-recursor/root.zone allow-from=127.0.0.0/8
In order to load the list of root zones into the hint-file directive, use the command:
[root@localhost ~]# wget ftp://ftp.rs.internic.net/domain/root.zone.gz && gunzip root.zone.gz
If on authoritarian server are placed the user domains, then we perform forward queries through the forward-zones directive:
forward-zones=mydns.com=127.0.0.1:5300, example.com=127.0.0.1:5300
Add the service to autoload and run:
[root@localhost~]# systemctl enable pdns-recursor && systemctl start pdns-recursor
Check that server runs without errors and everything is in order:
[root@localhost ~]# systemctl status pdns-recursor
● pdns-recursor.service - PowerDNS Recursor
Loaded: loaded (/usr/lib/systemd/system/pdns-recursor.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-03-01 11:49:02 UTC; 2s ago
Docs: man:pdns_recursor(1)
man:rec_control(1)
https://doc.powerdns.com
Main PID: 28548 (pdns_recursor)
CGroup: /system.slice/pdns-recursor.service
└─28548 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Enabled TCP data-ready filter for (slight) DoS protection
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Listening for TCP queries on 127.0.0.1:5301
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Set effective group id to 995
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Set effective user id to 997
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Launching 3 threads
Mar 01 11:49:02 mydns.com systemd[1]: Started PowerDNS Recursor.
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Enabled 'epoll' multiplexer