Saturday, May 29, 2010

PowerDNS Installation on Debian and FreeBSD

PowerDNS is a DNS server, written in C++ and licensed under the GPL. It consists of two parts:

  • Authoritative Server
  • Recursor.

PowerDNS can work as only one of them or both.

Authoritative server answers queries about domains it is authoritative for i.e. nameserver while Recursor will query other nameserver in Internet to find about the query it was asked with. PowerDNS can use other DNS server for recursion or use PowerDNS Recursor (pdns_recursor) which is ran as a separate process.
PowerDNS is a product of the Dutch company PowerDNS.COM BV, with numerous contributions from the Open Source community. The principal author is Bert Hubert.

Installation

Make sure that there are no other DNS servers are running on your system. Otherwise you will get an error "Binding to UDP socket: Address already in use"

#netstat -tuplan | grep 53

This will show if port 53 which is used by DNS servers is open .

If you find port 53 opened, you have to either stop the corresponding DNS server or remove it. Usually the DNS server in the case would be bind or named. To stop bind:

#/etc/init.d/named stop (Debian)#/etc/rc.d/named stop (FreeBSD)

To remove bind:

#aptitude remove bind9 (Debian)#pkg_delete bind9 (FreeBSD)

Now Lets install PowerDns server.
Debian:
In terminal type:

#apt-get install pdns-server pdns-backend-mysql mysql-server mysql-clients

This will install pdns server and pdns backend in your computer along with MySQL server and client.


FreeBSD:
In terminal type:
#cd /usr/ports/dns/powerdns/ && make install clean

This will install pdns server and pdns backend in your computer.

#cd /usr/ports/database/mysql50-server && make install clean

This will install MySQL server

#cd /usr/ports/database/mysql50-client

This will install MySQL client.

Change your mysql root password by:

#mysqladmin -u root -h localhost password 'mypassword'

Create a empty database by:

#mysql -u root -pcreate database powerdns;exit;

Create user powerdns on MySQL:

#mysql -u root -pGRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'mypassword';FLUSH PRIVILEGES;exit;

Import MySQL schema that comes with PowerDns:

#mysql -h localhost -u username -p powerdns < /usr/share/doc/pdns-backend-mysql/mysql.sql

Now let's configure our database settings:

#vi /etc/powerdns/pdns.d/pdns.local

gmysql-host=localhostgmysql-port=3306gmysql-dbname=powerdnsgmysql-user=powerdnsgmysql-password=mypassword#gmysql-socket=

Now Restart the PowerDNS server:

#/etc/init.d/pdns restart

You can start PowerDNS in monitor mode to troubleshoot:#/etc/init.d/pdns monitor

Now lets test to see if some random domain is resolved from our server.

#host www.someRandomDomain.com 127.0.0.1

Should return:www.someRandomDomain.com A record currently not present at localhost

Because we haven't added any record to our database.

Now lets add some record to database:
#mysql -h localhost -u username -p powerdns

mysql> INSERT INTO domains (name, type) values ('someRandomDomain.com', 'NATIVE');INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'someRandomDomain.com','master@test.com 1','SOA',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns1.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'someRandomDomain.com','ns2.test.com','NS',86400,NULL);INSERT INTO records (domain_id, name, content, type,ttl,prio)VALUES (1,'www.someRandomDomain.com','1.2.3.4','A',120,NULL);exit;

Now the query for www.someRandomDomain.com should work

#host www.someRandomDomain.com 127.0.0.1www.someRandomDomain    A    1.2.3.4

Note: You can use software like poweradmin which is a friendly web-based DNS administration tool. The interface has full support for most of the features of PowerDNS. It has full support for all zone types ( master,  native and  slave), for  supermasters for automatic provisioning of slave zones, full support for IPv6 and comes with multi-language support.

Additional Configuration

allow-axfr-ips=...If set, only these IP addresses or netmasks will be able to perform AXFR.

allow-recursion=...By specifying allow-recursion, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4.

allow-recursion-override=on|offBy specifying allow-recursion-override, local data even about hosts that don't exist will override the internet. This allows you to generate zones that don't really exist on the internet. Does increase the number of SQL queries for hosts that truly don't exist, also not in your database.

cache-ttl=...Seconds to store packets in the PacketCache. Click here

config-dir=...Location of configuration directory (pdns.conf)

daemon=...Operate as a daemon

default-soa-name=...name to insert in the SOA record if none set in the backend

disable-axfr=...Do not allow zone transfers.

distributor-threads=...Default number of Distributor (backend) threads to start. Click here

launch=...Which backends to launch and order to query them in. See Section B.3.

lazy-recursion=...On by default as of 2.1. Checks local data first before recursing. See Chapter 11.

load-modules=...Load this module - supply absolute or relative path. Click here

local-address=...Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.

local-port=...The port on which we listen. Only one port possible.

no-configDo not attempt to read the configuration file.

server-idThis is the server ID that will be returned on an EDNS NSID query. Defaults to the host name.

out-of-zone-additional-processing | --out-of-zone-additional-processing=yes | --out-of-zone-additional-processing=noDo out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.

query-cache-ttl=...Seconds to store queries with an answer in the Query Cache. Click here

query-local-address=...The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.

queue-limit=...Maximum number of miliseconds to queue a query. Click here

recursive-cache-ttl=...Seconds to store recursive packets in the PacketCache. Click here

recursor=...If set, recursive queries will be handed to the recursor specified here. click here

soa-expire-default=604800Default SOA expire.

soa-minimum-ttl=3600Default SOA minimum ttl.

soa-refresh-default=10800Default SOA refresh.

soa-retry-default=3600Default SOA retry.

soa-serial-offset=...If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials under that offset.

urlredirector=...Where we send hosts to that need to be url redirected. click here

version-string=anonymous|powerdns|full|customWhen queried for its version over DNS (dig chaos txt version.bind @pdns.ip.address), PowerDNS normally responds truthfully. With this setting you can overrule what will be returned. Set the version-string to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'. The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response to a custom value as well.

webserver | --webserver=yes | --webserver=noStart a webserver for monitoring. click here

webserver-address=...IP Address of webserver to listen on.

webserver-password=...Password required for accessing the webserver.

webserver-port=...Port of webserver to listen on.

FAQ

  • PowerDNS crashes when I install the pdns-static .deb on Debian SID
    Indeed. Install the .debs that come with Debian or recompile PowerDNS yourself. If not using MySQL, the crashes will go away if you remove setuid and setgid statements from the configuration.
  • error while loading shared libraries: libstdc++.so.x: cannot open shared object file: No such file or directoryYou need to install correct libstdc++.so.x by running aptitude install libstdc++.so.x in terminal.
  • Host 'x.y.z.w' is not allowed to connect to this MySQL server This is MySQL error.
    Make sure that x.y.z.w is allowed to connect to database in MySQL.
  • I see this a lot: Backend error: Failed to execute mysql_query, perhaps connection died?Check your MySQL timeout, it may be set too low. This can be changed in the my.cnf file.
  • PowerDNS does not answer queries on all my IP addresses and I've ignored the warning I got about that at startupPlease don't ignore what PowerDNS says to you. Furthermore, read about the local-address setting, and use it to specify which IP addresses PowerDNS should listen on.
  • How do I use Zone2SQL to import from bind into PowerDNS?
    Click here
  • What is the mailing list PowerDNS uses?
    • pdns-users - general discussions on compiling, using and deploying PowerDNS.  Subscribe,  Archive,  Search
    • pdns-dev - developer talk, intended for programmers or people requesting features  Subscribe,  Archive
    • pdns-announce - announcements of new versions, security problems etc  Subscribe,  Archive
  • Can I find PowerDNS on irc?Go to #powerdns on OFTC (irc.oftc.net).
  • Is there any wiki?Yes, http://wiki.powerdns.com/trac
  • What are other alternatives for PowerDNSUse bind also known as named

0 comments:

Post a Comment

Comments are moderated. No spam please.