How to Set Up PowerDNS on Ubuntu Linux

Struggling to create a DNS server that supports high availability and redundancy, yet with powerful and modern features? PowerDNS is the best solution. PowerDNS (pdns) is free and open-source DNS server software for Unix-like operating systems.

In this article, you will learn how to install and configure PowerDNS with the MariaDB database on the Debian/Ubuntu Linux system.

Ready to have a fully functional DNS server? Jump right in!

Prerequisites

This tutorial is a hands-on demonstration, be sure you have the following in place:

• A Linux machine – This tutorial uses the latest Debian 11 Bullseye.
• A user with root privileges.

Installing and Configuring MariaDB Database

By default, PowerDNS supports many backends such as database backends (PostgreSQL and MySQL/MariaDB), bind zone files, and JSON APIs. In this tutorial, you’ll use the MariaDB database as the PowerDNS database backend.

1. First, open your terminal and SSH to your server.

2. Next, run the apt install command below to install basic package dependencies (software-properties-common dirmngr apt-transport-https) to your system.

sudo apt install software-properties-common dirmngr apt-transport-https -y

3. Run the below commands to add the MariaDB repository and GPG key to your system. The MariaDB repository configuration is saved at the /etc/apt/sources.list.d/ directory, while the GPG key is saved at the /etc/apt/trusted.gpg. directory.

# Add MariaDB repository for Debian system
sudo add-apt-repository 'deb [arch=amd64,i386,arm64,ppc64el] https://mirror.23m.com/mariadb/repo/10.6/debian bullseye main'

# Add GPG key for MariaDB repository
wget -qO- https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/mariadb_release_signing_key.gpg

4. Now, run the following commands to refresh the repository and install the package (mariadb-server).

The MariaDB service starts after installation on Debian and Ubuntu distributions and will automatically run at system boot/startup.

# refresh package index
sudo apt update

# install MariaDB database
sudo apt install mariadb-server -y

5. Run the mysql_secure_installation command below to secure your MariaDB installation. mysql_secure_installation

mysql_secure_installation

6. Press Enter at the terminal screen when prompted to type the root password for MariaDB since the default MariaDB installation comes with no password.

7. Enter Y at the prompt shown below to change the default authentication to unix_socket.

8. Enter Y again at the below prompt and type a new strong password for the MariaDB server.

9. Now enter Y on the prompt shown below. The default MariaDB installation comes with the default anonymous user on the production level, so you must remove the anonymous user.

10. On the next prompt, enter Y to disable the remote login for the root user. You must disallow the MariaDB root user to log in remotely from other servers for security reasons.

11. Type Y again to delete the default test database and remove all access and permission.

12. Lastly, type Y again to reload all tables privileges and apply new changes to the MariaDB server.

Once all MariaDB configuration is complete, you’ll receive a confirmation message like the screenshot below.

Installing PowerDNS on Debian/Ubuntu Linux

As you completed the MariaDB installation for the PowerDNS database backend, you’re ready to install PowerDNS packages. You will add the official PowerDNS repository and GPG key and install PowerDNS server packages.

To install the latest PowerDNS packages from the official repository:

1. Run the below commands to add the PowerDNS repository and GPG key to your system.

# Download PowerDNS GPG Key
wget -qO- https://repo.powerdns.com/FD380FBB-pub.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/pdns.gpg

# Adding the PowerDNS Repository for Debian 11 Bullseye System
echo "deb [arch=amd64] http://repo.powerdns.com/debian bullseye-auth-45 main" | sudo tee /etc/apt/sources.list.d/pdns.list

# Adding the PowerDNS Repository for Ubuntu 20.04 System
echo "deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-45 main" | sudo tee /etc/apt/sources.list.d/pdns.list

Related:How to Download Files with Python Wget

2. Next, create a new configuration file named /etc/apt/preferences.d/pdns with your preferred editor, then populate the file with the following configuration.

With the below configuration, any packages beginning with the name pdns- will automatically install from the PowerDNS repository (repo.powerdns.com) instead of the Debian/Ubuntu repository.

# all packages with first name pdns- will be installed from the repo.powerdns.com repository
Package: pdns-*
Pin: origin repo.powerdns.com
Pin-Priority: 600

3. Run the following commands to update and refresh repositories, then install the PowerDNS (pdns-server) and PowerDNS MariaDB/MySQL backend (pdns-backend-mysql).

After installation, the PowerDNS service (pdns.service) stats and is automatically enabled.

# refresh package index after adding new repository
sudo apt update

# install PowerDNS and PowerDNS MySQL/MariaDB backend
sudo apt install pdns-server pdns-backend-mysql -y

4. Lastly, run the systemctl command below to verify the status of the PowerDNS service (pdns.service).

sudo systemctl status pdns.service

Related:Controlling Systemd services with Ubuntu systemctl

As you see below, the PowerDNS service is active (running) on the default TCP port 53 and is started as the PowerDNS Authoritative Server.

Creating Database and Import Database Schema for PowerDNS

After installing PowerDNS, you’ll be setting up the MariaDB as a database backend for PowerDNS. To do so, you’ll create a new database and user, then import the PowerDNS database schema.

1. Run the following command to log in to the MySQL shell as the user root. Enter your MariaDB root password when prompted.

mysql -u root -p

After you log in to the MySQL shell, you’ll get the welcome message like the screenshot below.

2. Next, run the following queries to create a new database (pdns) with an admin username set as pdnsadmin.

# creating database named pdns
create database pdns;

# create user pdnsadmin and grant privileges to the database pdns
grant all on pdns.* to pdnsadmin@localhost identified by 'StrongPdnsPasswd';

# reload database privileges to apply new changes
flush privileges;

# exit from the MySQL shell
exit

3. Run the following command to import the PowerDNS database schema to the pdns database. Make sure to type the correct password for the pdnsadmin user.

The default installation of PowerDNS MySQL backend includes the database schema, which is available at the /usr/share/pdns-backend-mysql/schema/ directory.

# import the schema.mysql.sql to the pdns database
mysql -u pdnsadmin -p pdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql

4. Now, run the below mysqlshow command to verify the database schema of the pdns database. This command shows you all available tables on the pdns database.

# Check list of tables on the pdns database
mysqlshow pdns

Below, you can see the tables available on the pdns database.

Setting up PowerDNS with MariaDB Backend

You’ve configured MariaDB and set up your database. But how do you know if PowerDNS is working? You’ll create a new MariaDB backend configuration for PowerDNS. PowerDNS service uses this configuration to connect to the MySQL database and store all DNS data on the database.

1. Run the following command to stop the PowerDNS service (pdns.service) first before creating the PowerDNS backend configuration.

sudo systemctl stop pdns.service

2. Next, create a file named myself.conf in the /etc/powerdns/pdns.d/ directory with your text editor, and populate the file with the following configuration.

Change the database username and password with your information, and save the changes.

All additional configurations for PowerDNS must be saved in the /etc/powerdns/pdns.d directory.

# Define the gmysql backend
launch+=gmysql

# Details MariaDB database for PowerDNS
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=pdns
gmysql-user=pdnsadmin
gmysql-password=StrongPdnsPasswd
gmysql-dnssec=yes
# gmysql-socket=

3. Run the following commands to change the permission and ownership of the mysql.conf file. At this point, MySQL backend configuration for PowerDNS is created.

# change the ownership to user and group pdns
sudo chown pdns:pdns /etc/powerdns/pdns.d/mysql.conf

# change permission of the file
sudo chmod 640 /etc/powerdns/pdns.d/mysql.conf

4. Now, run the following commands to start the PowerDNS service (pdns.service), and verify the service status.

# start PowerDNS service
sudo systemctl start pdns.service

# verify status of the PowerDNS service
sudo systemctl status pdns.service

If your PowerDNS configuration is correct, you’ll receive the following output showing the PowerDNS service status is active (running).

5. Finally, execute the below command to check the syslog file. This command lets you ensure the MySQL backend module is loaded to the PowerDNS server.

grep -rin pdns_server /var/log/syslog

Creating DNS Zones on PowerDNS

PowerDNS provides a command-line utility called pdnsutil for managing Zones and DNSSEC. The pdnsutil command can be run remotely to make changes to the PowerDNS backend database.

Related:How to Manage DNS Zones With PowerShell

In this demo, you’ll create a new DNS zone for the example.io domain.

1. Run the pdnsutil command below to create a new DNS zone (create-zone) named example.io.

pdnsutil create-zone example.io

2. Next, execute the following commands to create a new nameserver and assign the nameserver to the PowerDNS server IP address.

# define ns1 A record to IP address 172.16.5.10
pdnsutil add-record example.io ns1 A 172.16.5.10

# define nameserver for example.io to the ns1.example.io
pdnsutil add-record example.io @ NS ns1.example.io

3. Run the below command to add the new A record for the example.io domain. This domain will use the IP address 172.16.5.20.

pdnsutil add-record example.io @ A 172.16.5.20

4. Run the following commands to add new subdomains for your applications.

# add subdomain www
pdnsutil add-record example.io www A 172.16.5.20

# add subdomain storage with the target server 172.16.5.50
pdnsutil add-record example.io storage A 172.16.5.50

5. Now, run the below command to add an MX record. The MX record handles email delivery for the main domain (example.io).

pdnsutil add-record example.io @ MX "10 example.io"

6. Run the below commands to set nano as the default editor and open the example.io file.

# setup default editor on the system temporary
export EDITOR=nano

# edit DNS zone example.io manually
pdnsutil edit-zone example.io

Modify the default SOA record in the example.io file with the configuration below. After doing so, save the changes and exit from the editor.

example.io      3600    IN      SOA     ns1.example.io admin.example.io 0 10800 3600 604800 3600

7. Type a and press Enter to confirm applying the new changes, as shown below.

8. Now, run the following command to show all available DNS records on the example.io zone.

pdnsutil list-zone example.io

You can confirm below that the SOA record you modified (step six) reflects on the DNS records list.

9. Lastly, run the below command to verify PowerDNS zones configuration.

pdnsutil check-all-zones

Below, you can see that there are seven records on the example.io zone without any error and warning.

Verifying DNS Propagation

You’ve successfully created the DNS zone for the example.io domain, and that’s great! Now, you’ll verify the DNS propagation of the example.io domain using the Domain Information Groper (DIG) tool. The dig command is the DNS lookup tool that lets you verify DNS propagation and troubleshoot your DNS server.

1. Run the following command to install the dnsutils package on your system.

The dig command is part of the dnsutils package.

sudo apt install dnsutils -y

2. Next, run the dig command below to check the A record for the example.io domain. In this example, the PowerDNS server IP address is 172.16.5.10.

dig example.io @172.16.5.10

In the ANSWER SECTION, you’ll see a similar output as below.

3. Additionally, run the following commands to check another subdomain, such as www.example.io and storage.example.io.

# check subdomain www.example.io
dig www.example.io @172.16.5.10

# check subdomain storage.example.io
dig storage.example.io @172.16.5.10

Below, the www.example.io subdomain is resolved to the same server as the example.io domain.

The storage.example.io subdomain is resolved to another server with an IP address of 172.16.5.50, as shown below.

4. Lastly, run the dig command below to check the MX record for the example.io domain.

You can also check other DNS records, such as TXT, MX, SOA, and so on.

dig MX example.io @172.16.5.10

Conclusion

Throughout this tutorial, you’ve learned how to set up PowerDNS and MariaDB database backend in Debian/Ubuntu Linux. You’ve also realized that PowerDNS lets you create and manage DNS servers with small resources, unlike other DNS server applications. Additionally, you’ve learned to check DNS configuration and propagation with the dig command.

How to take PowerDNS to the next level? Perhaps by adding the PowerDNS recursor to enable DNS cache and setting up dnsdist as the DNS load balancer? Now go nuts and start creating high-availability and distributed DNS servers.