{{tag>[centos7 linux powerdns]}}

=====PowerDNS on CentOS 7=====
Recursor and Authoritative Server on one server.
  * OS: CentOS 7.x
  * EPEL repository
  * Backend: MySQL
  * If you are upgrading, read [[https://doc.powerdns.com/md/authoritative/upgrading/]]
  * PowerDNS Installation manual: [[https://doc.powerdns.com/md/authoritative/installation/]]

**Note: if you are using IPv6 or DNSSEC, then also open port 53/tcp**

====Install PowerDNS and backend====
  yum install epel-release
  yum install bind-utils pdns pdns-recursor pdns-backend-mysql mariadb mariadb-server

Start at boot:
  systemctl enable mariadb 
  systemctl enable pdns
  systemctl enable pdns-recursor
  
Secure MariaDB installation:
  systemctl start mariadb
  /usr/bin/mysql_secure_installation
====Create database====
Change password below!!
  mysqladmin -u root -p create powerdns 
  mysql -u root -p


  create user 'powerdns'@'localhost' identified by 'password';
  grant all privileges on powerdns.* to 'powerdns'@'localhost';
  flush privileges;
  use powerdns;  
<code>
CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    INT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);


CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;


CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) NOT NULL,
  comment               VARCHAR(64000) NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);


CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);</code>
====Configure MySQL binlog====
Add the binlog_format=ROW line to **/etc/my.cnf.d/server.cnf**. <code>[server]
binlog_format=ROW</code>

====Configure PowerDNS====
Edit **/etc/pdns/pdns.conf** If you use the backend for replication, don't use master=yes!
<code>
allow-axfr-ips=<IPs allowed axfr>
allow-recursion=<IPs allowed recursion>
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=<yourdbuser>
gmysql-password=<yourdbpassword>
gmysql-dbname=powerdns
local-address=<yourserverIPs>
local-port=53
master=yes
recursor=127.0.0.1:5353
setgid=pdns
setuid=pdns
webserver=yes
webserver-address=<bindipaddress>
webserver-password=<yourpassword>
webserver-port=8081
</code>

===Start PowerDNS===
  systemctl start pdns

====Configure recursor====
/etc/pdns-recursor/recursor.conf
<code>
setuid=pdns-recursor
setgid=pdns-recursor
allow-from=127.0.0.0/8
local-address=127.0.0.1
local-port=5353
</code>

===Start recursor===
  systemctl start pdns-recursor


===Test Recursor===
  host ping.xs4all.nl 127.0.0.1

<code>
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

ping.xs4all.nl has address 194.109.6.8
ping.xs4all.nl has IPv6 address 2001:888:0:25:194:109:21:66
</code>

====Configure iptables====
  * Open port tcp/8081 for PowerDNS webstats (if not using localhost address)
  * Open port tcp/53 and udp/53 for DNS traffic