Auth DNS Lab

Authoritative DNS Setup using PowerDNS (4.9)

In this lab, we will configure the Authoritative DNS server with PowerDNS along with zone replication

Goal 1: Setup primary server

Step 1: Update repo using apt.

sudo apt update -y

Step 2: Add PowerDNS repository

(These instructions are based on PowerDNS official documentation which can be found here)

Create the file /etc/apt/sources.list.d/pdns.list with this content:

sudo vim /etc/apt/sources.list.d/pdns.list

deb [signed-by=/etc/apt/keyrings/auth-49-pub.asc arch=amd64] http://repo.powerdns.com/ubuntu jammy-auth-49 main

Put this in /etc/apt/preferences.d/auth-49:

Package: auth*
Pin: origin repo.powerdns.com
Pin-Priority: 600

and execute the following commands:

sudo install -d /etc/apt/keyrings; curl https://repo.powerdns.com/FD380FBB-pub.asc | sudo tee /etc/apt/keyrings/auth-49-pub.asc &&
sudo apt-get update &&
sudo apt-get install pdns-server

Step 3: Install powerdns with SQLite as the backend using apt.

sudo apt install pdns-server pdns-backend-sqlite3 sqlite3 -y

Step 4: Setup sqlite backend

Dump sqlite3 schema to be used powerdns as backend

sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql

Change ownership of pdns.sqlite3 to pdns user and group.

sudo chown -R pdns:pdns /var/lib/powerdns/pdns.sqlite3

Step 5: Update pdns.conf to make use of sqlite backend

Change pdns configuration to use sqllite3 as backend, edit file and add lines on end of the file.

sudo vi /etc/powerdns/pdns.conf

launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
gsqlite3-dnssec=yes

Next, remove default config which uses bind backend

sudo rm /etc/powerdns/pdns.d/bind.conf

Step 6: Now, do the config checks.

sudo pdns_server --config=check

Step 7: Restart PowerDNS

sudo systemctl restart pdns

Step 8: Verify that PowerDNS is running:

sudo systemctl status pdns   

● pdns.service - PowerDNS Authoritative Server
     Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-04-23 04:01:15 UTC; 4s ago
       Docs: man:pdns_server(1)
             man:pdns_control(1)
             https://doc.powerdns.com
   Main PID: 8715 (pdns_server)
      Tasks: 8 (limit: 2244)
     Memory: 46.7M
        CPU: 126ms
     CGroup: /system.slice/pdns.service
             └─8715 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=>

Also, verify if powerdns is listening on port 53.

sudo ss -plantu

Output:

Netid    State      Recv-Q     Send-Q         Local Address:Port          Peer Address:Port     Process
udp      UNCONN     0          0                    0.0.0.0:53                 0.0.0.0:*         users:(("pdns_server",pid=250237,fd=5))
udp      UNCONN     0          0                       [::]:53                    [::]:*         users:(("pdns_server",pid=250237,fd=6))

Query localhost with a random query. It should return with “status: REFUSED” since we are not hosting this zone:

dig @localhost learndns.info ns

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @localhost learndns.info ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21343
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;learndns.info.                 IN      NS

;; Query time: 0 msec
;; SERVER: ::1#53(localhost) (UDP)
;; WHEN: Tue Apr 23 04:10:30 UTC 2024
;; MSG SIZE  rcvd: 42

Goal 2: Setup secondary server

Repeat step 1 to step 8 on secondary server (e.g b01.learndns.info). Proceed to next step only after verifying that both primary and secondary server have PowerDNS running as per step 8.

Next, proceed to Replication Setup to setup zone replication between primary and secondary.