Installing PowerDNS
apt-get install pdns-server
Configuring a recursor
Before we start setting up our zone file we need to configure our recursor. The recursor is the DNS server that will handle queries which our DNS server doesn’t have zone configurations for (microsoft.com, cisco.com, etc.). So in the next command we’re going to use sed to set the recursor in /etc/powerdns/pdns.conf to Google’s Public DNS (8.8.8.8) but preferably to your ISP DNS.
sed -i 's/# recursor=/recursor=8.8.8.8/g' /etc/powerdns/pdns.conf sed -i 's/allow-recursion=127.0.0.1/allow-recursion=127.0.0.1,10.0.0.0\/24/g' /etc/powerdns/pdns.conf
Now restart the pdns service and also install dnsutils so we can test it.
service pdns restart apt-get install dnsutils
To confirm that recursion against our DNS server we’ll execute the following query for google.com against it.
nslookup google.com localhost
If you get a list of names and addresses back then everything is configured and working properly:
Configuring a zone
So now we’ll move onto configuring our own zone. You can think of a zone as basically your domain name (MyDomain.net). PowerDNS uses /etc/powerdns/bindbackend.conf as it’s main configuration file for Bind9. So let’s open that up and we’ll create a zone like the following.
zone "MyDomain.net" {
type master;
file "/etc/powerdns/bind/MyDomain.net.zone";
allow-update { none; };
};
You’ll want to replace MyDomain.net with whatever you want your domain to be. Now you’ll notice we made a reference to a file called /etc/powerdns/bind/MyDomain.net.zone, this is where our DNS records forĀ MyDomain.net will go. First we’ll create the /etc/powerdns/bind folder.
mkdir /etc/powerdns/bind
Next let’s go ahead and create /etc/powerdns/bind/MyDomain.net.zone with the following.
$ORIGIN MyDomain.net ; base for unqualified names
$TTL 1h ; default time-to-live
@ IN SOA ns.mydomain.net hostmaster.mydomain.net (
1; serial
1d; refresh
2h; retry
4w; expire
1h; minimum time-to-live
)
IN NS ns
IN A 10.0.0.50
ns IN A 10.0.0.50
In this zone file we’ve setup a couple of basic things. The first record is the SOA (Start Of Authority) record. This tells the DNS server what the primary data source is for the zone and how it should propagate. After that we setup an NS (nameserver) record. The job of this record is to point to our authoritative DNS server for the zone, which happens to be this server. We then have an A record for the zone itself so that MyDomain.net -> 10.0.0.50. And then after that I have another A record so that ns.MyDomain.net -> 10.0.0.50.
Now if we restart PowerDNS and use nslookup we can verify that it’s working correctly.
service pdns restart nslookup MyDomain.net localhost
A successful response should return the IP that you mapped MyDomain.net to.
Adding a new record
The basic zone and the DNS server are all setup at this point so in order to add a new record we can append a line like this to the zone file.
webserver IN A 10.0.0.10
Most of the time there are two types of records you’ll be adding. As we’ve already seen an A record always maps to an IP. A CNAME record is used when want to map an alias to another record. For example look at the following.
webserver IN A 10.0.0.10 www IN CNAME webserver
What I’ve done there is map webserver.MyDomain.net -> 10.0.0.10 and then mapped www.MyDomain.net -> webserver.MyDomain.net. It’s essential to learn to use CNAME records effectively because if the IP for webserver.MyDomain.net had changed and I had used two A records then I’d have to update both records. However, using an A and a CNAME I’d only have to update the IP for webserver.MyDomain.net.
After you’re done adding your records just restart the pdns service to bring in the changes.
