In the last post, I talked about why I was setting up PowerDNS and the general architecture. In this post I will be going over the configuration of the Authoritative server. Most of this will need doing on both primary and secondary hosts, however I won’t be actually configuring replication yet. I will point out when you can stop on the secondary host.

Installing

To install PowerDNS we need to install 3 packages:

sudo apt-get install pdns-server pdns-backend-pgsql postgres

PDNS-Server is the actual authoritative server, PDNS-Backend-pgsql is the backend that lets us connect to a Postgres database, and Postgres is the actual database.

Postgres Setup

Now that we have Postgres installed we can add our user and database for PowerDNS to use.

sudo su postgres
cd
createuser hlab_pdns -P --interactive

You will be asked to provide a password, this will be for the user to connect to the database. You will also be asked if you want the user to be a superuser. If you want the user to be able to create databases then say yes. Next we will enter the Postgres CLI and create two databases.

psql
create database hlab_pdns;
create database powerdns;

Finally we need to add the default PowerDNS schema, connect to the powerdns database with:

\c powerdns

Now copy and paste the schema from the Wiki or Github, be careful as you may get additional characters at the end of the schema. Now you can exit back to your normal user with:

exit
exit

PowerDNS Setup

Now we have a database we can set up PowerDNS. This is done trough configuration files in the /etc/powerdns/pdns.d directory. Everything can be put into a single file, but for ease of management I like to split them out into different files.

Database

/etc/powerdns/pdns.d/pgsql.conf

launch+=gpgsql

gpgsql-host=127.0.0.1
gpgsql-port=5432
gpgsql-dbname=powerdns
gpgsql-user=hlab_pdns
gpgsql-password=<Password>
gpgsql-dnssec=no

API Access

/etc/powerdns/pdns.d/api.conf

webserver=yes
webserver-address=127.0.0.1
webserver-allow-from=127.0.0.1,::1
webserver-port=8081

api=yes
api-key=<API KEY>

Port

/etc/powerdns/pdns.d/address.conf

local-address=0.0.0.0:5300

Restart

You can now restart PowerDNS for these changes to take effect. Do so with:

sudo systemctl restart pdns

Create a zone

You should now have a working Authoritative DNS Server working on port 5300, but we need to add a zone and configuration to be able to use it.

sudo pdnsutil create-zone hlab.domain

Add Records (Primary Only)

As this is an internal domain, we need to add some Nameservers, for this I will use the two Raspberry Pi’s.

sudo pdnsutil add-record hlab.domain dns-01 A 192.168.0.11
sudo pdnsutil add-record hlab.domain dns-02 A 192.168.0.12
sudo pdnsutil add-record hlab.domain @ NS dns-01.hlab.domain
sudo pdnsutil add-record hlab.domain @ NS dns-02.hlab.domain

Finally we can add a Start of Authority (SOA) record:

sudo pdnsutil replace-rrset hlab.domain . SOA 'dns-01.hlab.domain. mail.hlab.domain. 1 10800 3600 604800 3600'

Testing

With records entered and the server running we can test it from another computer.

nslookup -port=5300 dns-01.hlab.domain 192.168.0.11