Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Host your own DNS with PowerDNS on CentOS 7
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Host your own DNS with PowerDNS on CentOS 7

First tutorial for LET, please let me know where I can improve.

Host your own DNS with PowerDNS on CentOS 7

This tutorial will show you how to configure your own DNS server on CentOS 7 using PowerDNS.

Step 1. Prereqs

We will run PowerDNS with the MySQL backend, so we must install and configure that first.

Step 1.1 Install MariaDB

MariaDB is a replacement for MySQL used by CentOS.

First install MariaDB.

yum install mariadb-server mariadb

Then enable it and start it.

# systemctl enable mariadb

# systemctl start mariadb

Step 1.2 Configure MariaDB

mysql_secure_installation

Answer the default to all questions, and make a root password and write it down.

Step 2. Prepare the repositories and install PowerDNS

PowerDNS is available in the CentOS repos, but it is an old version. So let's grab the updated one from PowerDNS's repo.

# yum install epel-release yum-plugin-priorities

# curl -o /etc/yum.repos.d/powerdns-auth-40.repo https://repo.powerdns.com/repo-files/centos-auth-40.repo

# yum install pdns pdns-backend-mysql

This downloads and installs the epel repository, then the PowerDNS repository, then installs pdns and the mysql plugin.

Step 3. Configre the database

Step 3.1 Configure a MySQL database and user for PowerDNS

# mysql -u root -p

Then enter your MySQL root password you created earlier.

Execute the following commands:

CREATE DATABASE powerdns;

CREATE USER 'powerdns'@'localhost' IDENTIFIED BY 'mysecretpassword';

GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost';

Step 3.2 Configure the PowerDNS database

Execute the following commands, still in the MySQL shell. Copy and pasting is recommended.

CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB;
CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

You can then execute the following to quit the MySQL shell.

quit;

Step 4. Configure PowerDNS

Open the configuration file using vi or nano. It is located at /etc/pdns/pdns.conf

Locate the line that says launch= and change it to launch=gmysql

Then add the following 4 lines

gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-dbname=powerdns
gmysql-password=mysecretpassword

Replace the password with the one that you created earlier for the PowerDNS user.

Step 5. Enable and start PowerDNS

# systemctl enable pdns

# systemctl start pdns

Step 6. Allow through the firewall

If you're using firewalld, you'll have to execute:

# firewall-cmd --permanent --add-service=dns

# firewall-cmd --reload

Congrats, you now have a functioning DNS server! To add entries, I recommend using a frontend such as PowerDNS-Admin, which can be found at https://github.com/ngoduykhanh/PowerDNS-Admin

Thanked by 2alilet WebProject

Comments

  • Thanks for the Tut.

    From your experience, do you think 3 servers on different VPS would be sufficient to setup a reliable DNS system. What are the basic specs for the server to install PowerDNS? The docs don't seem to give any guidelines.

  • @ramesh_vish said:
    Thanks for the Tut.

    From your experience, do you think 3 servers on different VPS would be sufficient to setup a reliable DNS system. What are the basic specs for the server to install PowerDNS? The docs don't seem to give any guidelines.

    It ultimately depends on the # of visitors you get. Plus, you'll want legroom to scale if there are spikes in traffic (ie. queries) to your server.

  • doghouch said: It ultimately depends on the # of visitors you get. Plus, you'll want legroom to scale if there are spikes in traffic (ie. queries) to your server.

    For low volume sites (a combined total of 5K visits per day from all domains), would a 512 MB VPS work? From my initial read of the docs (and this guide), looks like a majority of the memory would be consumed by MySQL.

  • umeume Member

    If you are creating a public DNS server, make sure it is not vulnerable to DNS amplification attacks. I don't know if Power DNS already has measures against it in the default configuration in the guide above. So I suggest you do some research and check it before you bring it online.
    https://deepthought.isc.org/article/AA-00897/0/What-is-a-DNS-Amplification-Attack.html

  • Thanks for this guide.

  • aliletalilet Member

    Guys what is the advantage of using own DNS instead of one provided by hosting provider?

    Let's say I have a VPS on which I will host one website (or may be two). Do you think it is feasible to have my own DNS on same VPS or it is better to use provided by hosting company?

  • SaragoldfarbSaragoldfarb Member
    edited July 2017

    @alilet said:
    Guys what is the advantage of using own DNS instead of one provided by hosting provider?

    Let's say I have a VPS on which I will host one website (or may be two). Do you think it is feasible to have my own DNS on same VPS or it is better to use provided by hosting company?

    Go for a hosted solution unless:

    1. You know what you're doing and have knowledge about how DNS works

    2. Make sure you're willing to do the maintenance that comes with it

    3. You are willing to get at least 2 vms to host just your DNS in geographical diverse locations.

    Running your own DNS isn't that hard and gives you a lot more flexibility. For just 2 domains I'd suggest cloudflare though.

  • painfreepcpainfreepc Member
    edited July 2017

    is maradns safe to use, it war easy to setup and needs no database,

    I even made a failover system using bittorrent sync -

    last time i used it was about 3 years ago

Sign In or Register to comment.