How To Install PowerDNS on CentOS 7

Step 1: Package Installation

Add the repository of the authoritarian server and install it:

[root@localhost ~]# yum install epel-release yum-plugin-priorities -y
[root@localhost ~]# curl -o /etc/yum.repos.d/powerdns-auth-41.repo https://repo.powerdns.com/repo-files/centos-auth-41.repo
[root@localhost ~]# yum install pdns -y

Add the recursive server repository and install it:

[root@localhost ~]# curl -o /etc/yum.repos.d/powerdns-rec-41.repo https://repo.powerdns.com/repo-files/centos-rec-41.repo
[root@localhost ~]# yum install pdns-recursor -y

Necessarily, install the backend with which we will work, MySQL is a good choice, we will install it:

yum install pdns-backend-mysql

Step 2: Creation of DB

After installing MySQL, let’s start creating the database. Necessarily is to create a new MySQL user to work with PowerDNS

GRANT ALL PRIVILEGES ON `pdns`.* TO 'pdns'@'localhost' IDENTIFIED BY 'STRONG_PASSWORD' WITH GRANT OPTION;

Create a database for PowerDNS and select it:

CREATE DATABASE pdns;
USE pdns;

We execute the following commands to create tables:

CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT UNSIGNED DEFAULT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
  id                    BIGINT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX ordername ON records (ordername);
CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

Step 3: Setting up of an authoritarian server

Open the configuration file /etc/pdns/pdns.conf and bring it to the following form:

setuid=pdns
setgid=pdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-dbname=pdns
gmysql-password=STRONG_PASSWORD
allow-axfr-ips=127.0.0.1/32
cache-ttl=60
control-console=no
default-soa-name=dns1.mydns.com
default-soa-mail=admin@mydns.com
default-ttl=3600
disable-axfr=no
local-port=5300
local-address=127.0.0.1
log-dns-queries=yes
logging-facility=0
loglevel=4
max-queue-length=5000
max-tcp-connections=20
master=yes

Add the service to autoload and run:

[root@localhost~]# systemctl enable pdns && systemctl start pdns

Check that the server starts without errors and everything is in order:

[root@localhost ~]# systemctl status pdns -l 
 ● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-03-01 11:31:25 UTC; 29s ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 28456 (pdns_server)
   CGroup: /system.slice/pdns.service
           └─28456 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Mar 01 11:31:25 mydns.com pdns_server[28456]: PowerDNS Authoritative Server 4.1.1 (C) 2001-2017 PowerDNS.COM BV
Mar 01 11:31:25 mydns.com pdns_server[28456]: Using 64-bits mode. Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-16) on Feb 16 2018 10:08:16 by buildbot@aa8d6590639b.
Mar 01 11:31:25 mydns.com pdns_server[28456]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Mar 01 11:31:25 mydns.com pdns_server[28456]: Polled security status of version 4.1.1 at startup, no known issues reported: OK
Mar 01 11:31:25 mydns.com pdns_server[28456]: Creating backend connection for TCP
Mar 01 11:31:25 mydns.com pdns_server[28456]: Master/slave communicator launching
Mar 01 11:31:25 mydns.com systemd[1]: Started PowerDNS Authoritative Server.
Mar 01 11:31:25 mydns.com pdns_server[28456]: About to create 3 backend threads for UDP
Mar 01 11:31:25 mydns.com pdns_server[28456]: No master domains need notifications
Mar 01 11:31:25 mydns.com pdns_server[28456]: Done launching threads, ready to distribute questions

Step 4: Setting up a recursive server

Open the configuration file /etc/pdns-recursor/recursor.conf and bring it to the following form:

setuid=pdns-recursor
setgid=pdns-recursor
local-address=127.0.0.1
local-port=5301
hint-file=/etc/pdns-recursor/root.zone
allow-from=127.0.0.0/8

In order to load the list of root zones into the hint-file directive, use the command:

[root@localhost ~]# wget ftp://ftp.rs.internic.net/domain/root.zone.gz && gunzip root.zone.gz

If on authoritarian server are placed the user domains, then we perform forward queries through the forward-zones directive:

forward-zones=mydns.com=127.0.0.1:5300, example.com=127.0.0.1:5300

Add the service to autoload and run:

[root@localhost~]# systemctl enable pdns-recursor && systemctl start pdns-recursor

Check that server runs without errors and everything is in order:

[root@localhost ~]# systemctl status pdns-recursor
● pdns-recursor.service - PowerDNS Recursor
   Loaded: loaded (/usr/lib/systemd/system/pdns-recursor.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-03-01 11:49:02 UTC; 2s ago
     Docs: man:pdns_recursor(1)
           man:rec_control(1)
           https://doc.powerdns.com
 Main PID: 28548 (pdns_recursor)
   CGroup: /system.slice/pdns-recursor.service
           └─28548 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Enabled TCP data-ready filter for (slight) DoS protection
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Listening for TCP queries on 127.0.0.1:5301
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Set effective group id to 995
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Set effective user id to 997
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Launching 3 threads
Mar 01 11:49:02 mydns.com systemd[1]: Started PowerDNS Recursor.
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Done priming cache with root hints
Mar 01 11:49:02 mydns.com pdns_recursor[28548]: Enabled 'epoll' multiplexer

Was this article helpful?

Related Articles

Leave A Comment?