Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Creating your own DNS Servers
New on LowEndTalk? Please Register and read our Community Rules.

Creating your own DNS Servers

Hey guys,

I'm trying to run my own nameservers off 2 different vps's. I was looking at PowerDNS to do this and i've followed the tutorials I've found online but I always get stuck at the last hurdle.

I can't seem to get the master / slave to achieve comms (i'm assuming there is an IPTABLES step that people are leaving out in their guides?).

I also can't seem to do a dig e.g. dig @localhost mydomain.com - it simply refers to Google's DNS and looks there (no matter how many times I edit resolv.conf and tell it not to check external DNS).

Any idea's / tips etc? I'm struggling a bit with something that in my mind should be a relatively easy install (apart from security and hardening etc).

I'm using Ubuntu LTS releases.

Thanks,

Comments

  • tomletomle Member

    Make sure that you configure the master to allow transfers from the slave ip.
    Port 53 on both TCP and UDP should be open.

    RIPE LIR: Contact me for ASN registrations/IPv6. No IPv4 space left.

  • With Ubuntu, I believe you have to edit /etc/network/interfaces because it will overwrite resolv.conf whenever the networking services is restarted.

    Check for an entry in the file with "nameserver 8.8.8.8".

  • BHostBHost Member

    Solus has a nice tutorial which explains how to get the replication going between a PowerDNS master and slave - http://docs.solusvm.com/powerdns

    Thanked by 1jeromeza
    BHost VPS & Cloud Hosting
    Fremont, CA | London, UK | Amsterdam, NL
    www.BHost.net
  • jeromezajeromeza Member
    edited March 2014

    Bump.

    So I can get the servers up.

    I've created an NS1 and an NS2 and records sync perfectly with MySQL as a backend.

    HOWEVER

    If I do dig @localhost mx mydomain.com

    THEN

    I don't get anything back - even if my record exists in the PowerDNS DB.

    EG I have the following in my DB:

    ID     Domain_ID    NAME                 Type      Content                    TTL    Prio
    4             2            example.com      MX        mail.example.com    600    10
    

    [email protected]:~# dig @localhost mx example.com

    ; <<>> DiG 9.8.1-P1 <<>> @localhost mx example.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46552
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;example.com. IN MX

    ;; Query time: 17 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Thu Mar 27 09:32:58 2014
    ;; MSG SIZE rcvd: 29


    Sooo, what am I doing wrong?

    Any help would be appreciated.

    Thanks!

  • gbshousegbshouse Member, Provider

    @jeromeza - stop pdns, go to /etc/powerdns/pdns.conf, change query-logging to yes, start pdns using "/etc/init.d/pdns monitor" and debug :)

    Thanked by 1jeromeza
  • jeromezajeromeza Member
    edited March 2014

    @gbshouse - thanks, this is helping.

    I now see:

    I'm struggling to find where this column is in the DB and where this 'field list' is.

    Any help would be appreciated, googling now.

    Thanks,

    Mar 27 10:18:12 Query: select content,ttl,prio,type,domain_id,name, auth from records where type='SOA' and name='example.com'
    Mar 27 10:18:13 Query: select content,ttl,prio,type,domain_id,name, auth from records where type='SOA' and name='example.com'
    Mar 27 10:18:14 Query: select content,ttl,prio,type,domain_id,name, auth from records where type='SOA' and name='example.com'
    Mar 27 10:18:14 gmysql Connection successful
    Mar 27 10:18:15 gmysql Connection successful
    Mar 27 10:18:19 Query: select content,ttl,prio,type,domain_id,name, auth from records where type='SOA' and name='example.com'
    Mar 27 10:18:22 Database module reported condition which prevented lookup (Failed to execute mysql_query, perhaps connection died? Err=1: Unknown column 'auth' in 'field list') sending out servfail
    Mar 27 10:18:22 Database module reported condition which prevented lookup (Failed to execute mysql_query, perhaps connection died? Err=1: Unknown column 'auth' in 'field list') sending out servfail
    Mar 27 10:18:22 Database module reported condition which prevented lookup (Failed to execute mysql_query, perhaps connection died? Err=1: Unknown column 'auth' in 'field list') sending out servfail
    Mar 27 10:18:22 Database module reported condition which prevented lookup (Failed to execute mysql_query, perhaps connection died? Err=1: Unknown column 'auth' in 'field list') sending out servfail
    

    MY PDNS VERSIONS (UBUNTU REPO'S - 12.04)

    [email protected]:~# apt-cache show pdns-server pdns-backend-mysql
    Package: pdns-server
    Priority: extra
    Section: universe/net
    Installed-Size: 4363
    Maintainer: Ubuntu Developers 
    Original-Maintainer: Matthijs Möhlmann 
    Architecture: amd64
    Source: pdns
    Version: 3.0-1.1ubuntu1
    Replaces: pdns
    Depends: libboost-program-options1.46.1 (>= 1.46.1-1), libboost-serialization1.4                                                                                                                               6.1 (>= 1.46.1-1), libc6 (>= 2.15), libcrypto++9, libgcc1 (>= 1:4.1.1), liblua5.                                                                                                                               1-0, libstdc++6 (>= 4.6), debconf (>= 0.5) | debconf-2.0, ucf (>= 0.28), adduser
    Suggests: pdns-backend, pdns-recursor
    Filename: pool/universe/p/pdns/pdns-server_3.0-1.1ubuntu1_amd64.deb
    Size: 1703304
    MD5sum: a562d2069fbadd318de3669b68bac30b
    SHA1: d88d0a20499d63d4e3852ac94abb300d74f3e9ba
    SHA256: 35863693d387254769c38ffe6b3e58ed326b92521c31c1e4e2b40334aa3bb8e2
    Description-en: extremely powerful and versatile nameserver
     PowerDNS is a versatile nameserver which supports a large number
     of different backends ranging from simple zonefiles to relational
     databases and load balancing/failover algorithms.
     PowerDNS tries to emphasize speed and security.
     .
     This is the authoritative nameserver that answers questions about
     domains that it knows about. It also includes the bind backend that
     allows PowerDNS to retrieve domain info from zone files as used by
     the "bind" software.
    Homepage: http://www.powerdns.com/
    Description-md5: 7249c7fbe90571b0924adf26220cd03f
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Origin: Ubuntu
    
    Package: pdns-backend-mysql
    Priority: extra
    Section: universe/net
    Installed-Size: 258
    Maintainer: Ubuntu Developers 
    Original-Maintainer: Matthijs Möhlmann 
    Architecture: amd64
    Source: pdns
    Version: 3.0-1.1ubuntu1
    Provides: pdns-backend
    Depends: pdns-server (>= 3.0-1.1ubuntu1), libc6 (>= 2.2.5), libgcc1 (>= 1:4.1.1)                                                                                                                               , libmysqlclient18 (>= 5.5.13-1), libstdc++6 (>= 4.1.1), debconf (>= 0.5) | debc                                                                                                                               onf-2.0, dbconfig-common
    Recommends: mysql-client
    Suggests: mysql-server
    Filename: pool/universe/p/pdns/pdns-backend-mysql_3.0-1.1ubuntu1_amd64.deb
    Size: 55514
    MD5sum: 0fcdae62b0a9d85ace122a133a80b770
    SHA1: b848be41eedb478402098c436be6c8b8031bdd7e
    SHA256: 0fa13a575999156f9bb3a5047a9818d1c825a34f37614615208add8f0fef8911
    Description-en: generic MySQL backend for PowerDNS
     PowerDNS is a versatile nameserver which supports a large number
     of different backends ranging from simple zonefiles to relational
     databases and load balancing/failover algorithms.
     PowerDNS tries to emphasize speed and security.
     .
     This package contains a generic MySQL backend for the PowerDNS
     nameserver. It has configurable SQL statements.
    Homepage: http://www.powerdns.com/
    Description-md5: 1164bff30b1ab1739f42aaed7affc9c7
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Origin: Ubuntu
    
  • gbshousegbshouse Member, Provider

    Check your schema against this article http://doc.powerdns.com/html/generic-mypgsql-backends.html#idp62468608

    I suppose that you are missing this part

     To support or migrate to DNSSEC, the following SQL statements must be executed:
    
    create table domainmetadata (
     id         INT auto_increment,
     domain_id  INT NOT NULL,
     kind       VARCHAR(16),
     content    TEXT,
     primary key(id)
    ) Engine=InnoDB;
    
    create index domainmetaidindex on domainmetadata(domain_id);
    
    
    create table cryptokeys (
     id         INT auto_increment,
     domain_id  INT NOT NULL,
     flags      INT NOT NULL,
     active     BOOL,
     content    TEXT,
     primary key(id)
    ) Engine=InnoDB;
    
    create index domainidindex on cryptokeys(domain_id);
    
    alter table records add ordername      VARCHAR(255) BINARY;
    alter table records add auth bool;
    create index recordorder on records (domain_id, ordername);
    
    create table tsigkeys (
     id         INT auto_increment,
     name       VARCHAR(255),
     algorithm  VARCHAR(50),
     secret     VARCHAR(255),
     primary key(id)
    ) Engine=InnoDB;
    
    create unique index namealgoindex on tsigkeys(name, algorithm);
    alter table records change column type type VARCHAR(10);
    
  • @gbshouse

    Thanks. I moved over to the 3.3.1 .DEB file and installed that way. I then setup their schema as mentioned in the link.

    I can now get it to serve data and query via dig @localhost

    HOWEVER

    How do I get the rest of the world to know that it should look at my PowerDNS install for queries? I registered my domain direct with the registrar so I can't log in to any panel and set URL records as I would at the likes of Namecheap or Godaddy etc.

    Thanks,

  • jeromezajeromeza Member
    edited April 2014

    Hi,

    I register my domains direct with the registrar here:

    http://co.za

    I'm required to fill in this form and return it via email:

    http://co.za/coza_reg.txt

    I then need to set my nameservers and their ip's at the bottom of the registration.

    However I'm confused as to how this works. Surely they won't see ns1.mydomain.co.za as its on my own nameserver and not theirs - how do I get them to see my records and accept my server as a valid NS for the domain?

    IN PDNS I'VE GOT SOA AND NS RECORDS SET.

    If I try set the records I created in PDNS I get the following:

    Primary Server : ns1.mydomain.co.za @ ns1_IP
    Secondary 1 : ns2.mydomain.co.za @ ns2_IP

    Domain "mydomain.co.za", SOA Ref (), Orig ""
    Pre-existing Nameservers for "mydomain.co.za":-

    Syntax/Cross-Checking provided info for Nameserver at 6a: ns1.mydomain.co.za @ ns1_IP
    IPv4: ns1_IP ==> host.colocrossing.com.
    FQDN: ns1.mydomain.co.za ==>
    ERROR: Checking field 6a and running a Reverse check. "ns1.mydomain.co.za" not found in "host.colocrossing.com."

    ! Whilst checking field 6a on the application form and whilst running a Reverse check...
    ! you specified that "ns1_IP" would map to "ns1.mydomain.co.za",
    ! but DNS returned "host.colocrossing.com."

  • you will need to supply the registrar with the server hostnames AND the ipv4 addresses of your servers. for completeness set up reverse dns (your vps host will do this for you) with the same hostname.

  • jeromezajeromeza Member
    edited April 2014

    @seaeagle - so I simply approach my VPS host and ask for reverse DNS to be setup and then say:

    ns1.mydomain.co.za = IP_1
    ns2.mydomain.co.za = IP_2

    Then on PDNS I have SOA and NS records.

    mydomain.co.za NS ns1.mydomain.co.za

    Do I need more than that - if so please elaborate as I've never done this before.

    Thanks,

  • @seaeagle - Got it working! Registered my first domain! :)

  • happy daze... :)

Sign In or Register to comment.