Install PowerDNS Cluster Part 1

Posted on by paulhermansComments Off on Install PowerDNS Cluster Part 1

Today we are going to install our first node of a PowerDNS cluster. This node is going to be the Master, this means this server will host the MySQL/MariaDB master and this server will do the DNSSEC signing.

Disclaimer: This tutorial comes with ABSOLUTELY NO WARRANTY.

Installation Guide for PowerDNS Authoritative 4.0

Ingredients:

  • Virtual Machine 1GB memory, 40GB disk, 1 ipv4  and 1 ipv6 address
  • Linux Centos 7 minimal ISO https://www.centos.org/download/
  • Hostname for the server ns01.dnssec-script.com

1. Build the server

Build your virtual machine with the ingredients above, I assume you know how to do this.

Check your IP settings

# nmtui
# systemctl restart network

Did you set the correct hostname during installation?

# hostnamectl
# hostnamectl set-hostname ns01.dnssec-script.com

Install a few software packages we are going to use

# yum update
# yum install epel-release
# yum install bind-utils vim

2. Install MySQL/MariaDB

Now we are going to install the MariaDB database server:

# yum install mariadb-server mariadb
# systemctl enable mariadb
# systemctl start mariadb
# mysql_secure_installation

Default the “binlog_format” is set to ‘STATEMENT’, change this to ‘ROW’:

# vim /etc/my.cnf
Insert line under [mysqld]
binlog-format=ROW
# systemctl restart mariadb

And create a database for PowerDNS:

# mysql -uroot -p
MariaDB [(none)]> show variables like ‘binlog_format’;
MariaDB [(none)]> create database powerdns;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON powerdns.* TO ‘powerdns’@’localhost’ IDENTIFIED BY ‘yourdatabasepassword’;

Now create all the PowerDNS tables and indexes as described on this page in the PowerDNS docs https://doc.powerdns.com/md/authoritative/backend-generic-mypgsql/

MariaDB [(none)]> use powerdns;
MariaDB [powerdns]> CREATE TABLE domains ( … etc

3. Install PowerDNS

Now we are ready to install PowerDNS, yeah! We are going to install PowerDNS from here https://repo.powerdns.com/

# yum install epel-release yum-plugin-priorities &&
# curl -o /etc/yum.repos.d/powerdns-auth-40.repo https://repo.powerdns.com/repo-files/centos-auth-40.repo &&
# yum install pdns pdns-backend-mysql

4. Configure PowerDNS

Now we are going to configure PowerDNS

# vim /etc/pdns/pdns.conf
launch=gmysql
gmysql-dnssec
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=yourdatabasepassword
gmysql-dbname=powerdns
slave=yes
allow-axfr-ips=127.0.0.1,::1
allow-recursion=127.0.0.1,::1
local-address=127.0.0.1,1.2.3.4
local-ipv6=::1,1:2:3::4
daemon=yes
guardian=yes
setgid=pdns
setuid=pdns
version-string=anonymous

Enable and start the powerdns service:

systemctl enable pdns
systemctl start pdns

Check your logs if everything is allright:

# tail /var/log/messages

Open up the firewall ports for DNS operation:

firewall-cmd –add-port=53/tcp –permanent –zone=public
firewall-cmd –add-port=53/udp –permanent –zone=public
firewall-cmd –reload

5. Create DNS records for the server

To be able to use your new server as a DNS server you need to add the DNS records for the server hostname.

Create the DNS records for your hostname

  • ns01.dnssec-script.com A -> ipv4 1.2.3.4
  • ns01.dnssec-script.com AAAA -> ipv6 1:2:3::4

Create the reverse DNS records for your ip’s

  • ipv4 4.3.2.1.in-addr.arpa. PTR -> hostname ns01.dnssec-script.com
  • ipv6 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa. PTR -> hostname ns01.dnssec-script.com

6. Test your DNS server

This sample query sent to the server should now return quickly without data:

dig +short www.example.com @127.0.0.1

7. Time Synchronisation

To make sure your server always has the right date and time, install NTP:

yum install ntp
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd
date

That’s it for now!