PowerDNS and BIND

Posted: 2013-12-19 23:02:37 by Alasdair Keyes

Direct Link | RSS feed


Since forever (well, sometime in the 70s or 80s when IT really was a Brave New World), BIND has been the software of choice for Linux/Unix based DNS servers on the internet.

.. and why not? It does what it says on the tin and gets the job done but I feel it's time has come. Over the past few years I've made the migration across to PowerDNS on my own DNS servers.

When PowerDNS was released in 2006 it's strong point was built-in SQL database backend support, which was only available in BIND through the use of the DLZ or SDB patches. These patches often required manual compilation, which is something I try not to do too often, it adds a lot of time and stress to systems updates. BIND has now incorporated the DB backend plugins into it's core, but PowerDNS had already whetted the appetite of system administrators with it's power and easy configuration.

PowerDNS's easy config highlighted to me just how much of a pain BIND's config was, after all, why use 3 lines of config when 50 will do? With Power Admin there is also a nice third-party web-based front end to manage it.

There are many pages listed on Google on how to configure PowerDNS if you wish to check it out (and I strongly recommend you do).

It provides both an authoritative DNS server and also a Recursive caching nameserver.

If you're running the authoritative nameserver it can be setup to recurse too but you need to provide a nameserver to recurse to which you sometimes don't have available (and maybe you don't want to use openDNS).

In this instance you can run both the authoritative and recursive services on the same machine and configure the authoratative server to recurse to the recursive server with only a small config change.

The problem with running both services is that they both try and bind to port 53, to fix this, use the following configuration

In /etc/pdns-recursor/recursor.conf, bind it to another port (e.g port 54)

allow-from=127.0.0.0/8
local-port=54

In /etc/pdns/pdns.conf

lazy-recursion=yes
recursor=127.0.0.1:54
allow-recursion=127.0.0.1, 10.0.0.0/24

The restart the server and test

# service pdns-recursor restart
Stopping pdns-recursor:                                    [  OK  ]
Starting pdns-recursor:                                    [  OK  ]
# service pdns restart
Restarting PowerDNS authoritative nameserver: stopping and waiting..done
Starting PowerDNS authoritative nameserver: started
# host google.com
google.com has address 173.194.34.110
...
google.com mail is handled by 10 aspmx.l.google.com.

Easy


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

© Alasdair Keyes

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-4bf3d352c4


Validate HTML 5