Advice needed: Self-hosted DNS using PowerDNS
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Advice needed: Self-hosted DNS using PowerDNS

I'm giving some consideration atm to hosting my own domains DNS using PowerDNS + anycast setup and looking for advice on doing so safely .. would appreciate some guidance from the DNS gurus here on best practice for a secure reliable implementation - thanks!

Comments

  • Do you have any specific questions?

    Thanked by 1mik997
  • Hey fxf, thanks for the comment :)
    Since my original post, I went ahead with this little project and set up PowerDNS on two small VPS with MySQL replication of the backend pdns database. I then signed up a trial account with DNSMadeEasy and am using their nameservers for secondary anycast DNS.

    This arrangement seems to be working very well so far with my test domains - it's neat being able to turn on DNSSEC for a domain from the command line, add SSHFP records, enable TLSA/DANE for my websites, etc, etc. and see the DNS records propagating in near real-time to all the slave nameservers :-]

    What would be great though is to get some advice re the following:

    • how to properly secure/harden my PowerDNS instances (currently pretty much PowerDNS default config with recursion disabled)

    • recommendations for secondary DNS provider (must support DNSSEC, SSHFP, TLSA, etc) not sure if I'll stay with DNS Made Easy

    • how to properly secure backend db replication (currently using iptables to restrict access to MySQL port)

    any/all comments, advice much appreciated! :)

Sign In or Register to comment.