{{tag>[centos7 linux powerdns]}}
=====PowerDNS on CentOS 7=====
Recursor and Authoritative Server on one server.
* OS: CentOS 7.x
* EPEL repository
* Backend: MySQL
* If you are upgrading, read [[https://doc.powerdns.com/md/authoritative/upgrading/]]
* PowerDNS Installation manual: [[https://doc.powerdns.com/md/authoritative/installation/]]
**Note: if you are using IPv6 or DNSSEC, then also open port 53/tcp**
====Install PowerDNS and backend====
yum install epel-release
yum install bind-utils pdns pdns-recursor pdns-backend-mysql mariadb mariadb-server
Start at boot:
systemctl enable mariadb
systemctl enable pdns
systemctl enable pdns-recursor
Secure MariaDB installation:
systemctl start mariadb
/usr/bin/mysql_secure_installation
====Create database====
Change password below!!
mysqladmin -u root -p create powerdns
mysql -u root -p
create user 'powerdns'@'localhost' identified by 'password';
grant all privileges on powerdns.* to 'powerdns'@'localhost';
flush privileges;
use powerdns;
CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
====Configure MySQL binlog====
Add the binlog_format=ROW line to **/etc/my.cnf.d/server.cnf**. [server]
binlog_format=ROW
====Configure PowerDNS====
Edit **/etc/pdns/pdns.conf** If you use the backend for replication, don't use master=yes!
allow-axfr-ips=
allow-recursion=
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=
gmysql-password=
gmysql-dbname=powerdns
local-address=
local-port=53
master=yes
recursor=127.0.0.1:5353
setgid=pdns
setuid=pdns
webserver=yes
webserver-address=
webserver-password=
webserver-port=8081
===Start PowerDNS===
systemctl start pdns
====Configure recursor====
/etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor
allow-from=127.0.0.0/8
local-address=127.0.0.1
local-port=5353
===Start recursor===
systemctl start pdns-recursor
===Test Recursor===
host ping.xs4all.nl 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
ping.xs4all.nl has address 194.109.6.8
ping.xs4all.nl has IPv6 address 2001:888:0:25:194:109:21:66
====Configure iptables====
* Open port tcp/8081 for PowerDNS webstats (if not using localhost address)
* Open port tcp/53 and udp/53 for DNS traffic