PowerDNS is a DNS service that can be used as an alternative to the default (and highly criticized) DNS provided by your ISP. PowerDNS provides extra features such as DNSSEC and zone transfers, geo-IP lookups and more.
PowerDNS is a caching DNS server that can be used to speed up the performance of your website. In this tutorial, we will show you how to set up PowerDNS on Debian/Ubuntu Linux.
Trying to come up with a DNS server that has high availability and redundancy while still being strong and modern? The best option is PowerDNS. PowerDNS (pdns) is DNS server software for Unix-like operating systems that is free and open-source.
In this post, you’ll learn how to install and setup PowerDNS on a Debian/Ubuntu Linux system using the MariaDB database.
Are you ready to get your hands on a fully working DNS server? Let’s get started!
Because this is a hands-on instruction, make sure you have the following items ready:
- A Linux system – Debian 11 Bullseye is used in this tutorial.
- A user who has root access.
MariaDB Database Installation and Configuration
PowerDNS comes with a number of backends by default, including database backends (PostgreSQL and MySQL/MariaDB), bind zone files, and JSON APIs. The MariaDB database will be used as the PowerDNS database backend in this tutorial.
1. First, open a terminal and connect to your server through SSH.
2. Run the apt install command to add fundamental package requirements to your system (software-properties-common dirmngr apt-transport-https).
sudo apt install software-properties-common dirmngr apt-transport-https -y sudo apt install software-properties-common apt-transport-https -y sudo apt install software-properties-
3. To add the MariaDB repository and GPG key to your machine, use the instructions following. The GPG key is kept in the /etc/apt/trusted.gpg. directory, while the MariaDB repository configuration is saved in the /etc/apt/sources.list.d/ directory.
# Add MariaDB repository for Debian system sudo add-apt-repository ‘deb [arch=amd64,i386,arm64,ppc64el] https://mirror.23m.com/mariadb/repo/10.6/debian bullseye main’ # Add GPG key for MariaDB repository wget -qO- https://mariadb.org/mariadb_release_signing_key.asc | gpg –dearmor > /etc/apt/trusted.gpg.d/mariadb_release_signing_key.gpg
4. Finally, use the instructions below to update the repository and install the package (mariadb-server).
On Debian and Ubuntu editions, the MariaDB service starts immediately after installation and runs upon system boot/startup.
sudo apt update —refresh-package-index sudo apt install mariadb-server -y # install MariaDB database
5. To protect your MariaDB installation, use the mysql secure installation command. mysql secure installation
mysql secure installation
6. When asked for the MariaDB root password, enter Enter on the terminal screen since the basic MariaDB installation comes with no password.
Securing MariaDB Deployment with the mysql secure installation
7. To change the default authentication to unix socket, type Y at the prompt below.
Changing to unix socket authentication
8. At the following prompt, input a new strong password for the MariaDB server and press Y again.
MariaDB Root Password Configuration
9. Now, on the question below, type Y. On the production level, the default anonymous user is included in the MariaDB installation, thus you must delete it.
MariaDB’s default anonymous user has been removed.
10. At the following question, type Y to deactivate the root user’s remote login. For security reasons, you must prevent the MariaDB root user from logging in remotely from other servers.
The root user’s remote login to the MariaDB server has been disabled.
11. Type Y once again to delete the default test database and any access and permissions associated with it.
The default database test, as well as all access and rights to it, has been removed.
12. Finally, hit Y to reload all table rights and update the MariaDB server.
To implement new modifications, reloading table privileges is necessary.
You’ll get a confirmation message like to the one below after all of MariaDB’s settings is complete.
Verifying that MariaDB’s configuration is complete
PowerDNS installation on Debian/Ubuntu Linux
You’re ready to install PowerDNS packages now that you’ve finished installing MariaDB for the PowerDNS database backend. Install PowerDNS server packages after adding the official PowerDNS repository and GPG key.
To get the newest PowerDNS packages from the official repository, follow these steps:
1. To add the PowerDNS repository and GPG key to your machine, use the instructions below.
# Download PowerDNS GPG Key wget -qO- https://repo.powerdns.com/FD380FBB-pub.asc | gpg –dearmor > /etc/apt/trusted.gpg.d/pdns.gpg # Adding the PowerDNS Repository for Debian 11 Bullseye System echo “deb [arch=amd64] http://repo.powerdns.com/debian bullseye-auth-45 main” | sudo tee /etc/apt/sources.list.d/pdns.list # Adding the PowerDNS Repository for Ubuntu 20.04 System echo “deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-45 main” | sudo tee /etc/apt/sources.list.d/pdns.list
How to Use Python Wget to Download Files
2. Using your chosen editor, create a new configuration file titled /etc/apt/preferences.d/pdns, and fill it with the following settings.
Any packages starting with the name pdns- will be installed from the PowerDNS repository (repo.powerdns.com) instead of the Debian/Ubuntu repository using the following setup.
# The repo.powerdns.com repository will be used to install all packages with the initial name pdns- Package: pdns-* Pin: origin repo.powerdns.com Priority: 600; Pin-Priority: 600; Pin-Priority: 600;
3. Update and reload the repositories with the following instructions, then install the PowerDNS (pdns-server) and PowerDNS MariaDB/MySQL backends (pdns-backend-mysql).
The PowerDNS service (pdns.service) stats and is immediately activated after installation.
# after adding a new repository, sudo apt update to refresh the package index # apt install pdns-server pdns-backend-mysql -y sudo apt install pdns-server pdns-backend-mysql -y sudo apt install pdns-server pdns-backend-mysql -y sudo apt install pdns-server
4. Finally, use the systemctl command below to check the PowerDNS service’s status (pdns.service).
systemctl status pdns.service sudo systemctl status pdns.service
Controlling Systemd services using Ubuntu systemctl is a related topic.
The PowerDNS service is active (running) on the default TCP port 53 and is configured as the PowerDNS Authoritative Server, as shown below.
Verifying the PowerDNS service’s status
PowerDNS Database Creation and Import Database Schema
Following the installation of PowerDNS, you’ll configure MariaDB as the database backend for PowerDNS. You’ll start by creating a new database and user, and then import the PowerDNS database structure.
To log in to the MySQL shell as the user root, use the following command. When asked, enter your MariaDB root password.
When you first log in to the MySQL shell, you’ll get a welcome message similar to the one shown below.
Using the root user to log into the MySQL shell
2. Execute the following queries to establish a new database (pdns) using the pdnsadmin admin login.
# create user pdnsadmin and grant privileges to the database pdns grant all on pdns.* to [email protected] identified by ‘StrongPdnsPasswd’; # create database pdns; # create user pdnsadmin and grant privileges to the database pdns grant all on pdns.* to [email protected] identified by ‘StrongPdnsPasswd # flush privileges; reload database privileges to implement new modifications; # Get out of the MySQL shell
For the PowerDNS server, create a new database and admin user.
3. Import the PowerDNS database schema to the pdns database using the following command. Make sure you input the pdnsadmin user’s password correctly.
The database schema is included with the PowerDNS MySQL backend installation and can be found in the /usr/share/pdns-backend-mysql/schema/ directory.
# import the schema.mysql.sql to the pdns database mysql -u pdnsadmin -p pdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
4. Verify the database structure of the pdns database using the mysqlshow command. This command displays all of the pdns database’s tables.
# mysqlshow pdns pdns pdns pdns pdns pdns pdns pdns pdns p
The tables accessible in the pdns database are shown below.
On the database, check the database schema (pdns)
Using MariaDB as a Backend for PowerDNS
You’ve set up your database and configured MariaDB. But how can you tell whether PowerDNS is up and running? For PowerDNS, you’ll construct a new MariaDB backend configuration. This setting is used by the PowerDNS service to connect to the MySQL database and store all DNS data there.
1. Before setting the PowerDNS backend configuration, use the following command to halt the PowerDNS service (pdns.service).
sudo systemctl pdns.service stop
2. With your text editor, create a file entitled myself.conf in the /etc/powerdns/pdns.d/ directory and fill it with the following settings.
Replace the database’s username and password with your own, then save the changes.
The /etc/powerdns/pdns.d directory must be used to store any new PowerDNS options.
gmysql-host=127.0.0.1 gmysql-port=3306 # Define the gmysql backend launch+=gmysql # MariaDB database for PowerDNS gmysql-host=127.0.0.1 gmysql-port=3306 gmysql-dbname=pdns # gmysql-socket=pdnsadmin gmysql-password=StrongPdnsPasswd gmysql-dnssec=yes gmysql-user=pdnsadmin gmysql-password=StrongPdnsPasswd gmysql-dnssec=yes
3. Change the permissions and ownership of the mysql.conf file using the instructions below. The MySQL backend setup for PowerDNS is finished at this point.
# chown pdns:pdns /etc/powerdns/pdns.d/mysql.conf sudo chown pdns:pdns /etc/powerdns/pdns.d/mysql.conf # chmod 640 /etc/powerdns/pdns.d/mysql.conf /etc/powerdns/pdns.d/mysql.conf /etc/powerdns/pdns.d/mysql.conf /etc/power
4. Now, start the PowerDNS service (pdns.service) and check its status using the instructions below.
# start PowerDNS service sudo systemctl start pdns.service # verify status of the PowerDNS service systemctl status pdns.service sudo systemctl status pdns.service
If your PowerDNS settings is right, you should get the following result, which indicates that the PowerDNS service is operational (running).
Checking the health of the PowerDNS service
5. Finally, use the command below to inspect the syslog file. The MySQL backend module is loaded to the PowerDNS server using this command.
grep -rin /var/log/syslog pdns server
Examining the PowerDNS log
Using PowerDNS to Create DNS Zones
For controlling Zones and DNSSEC, PowerDNS offers the pdnsutil command-line program. Changes to the PowerDNS backend database may be made remotely using the pdnsutil command.
How to Use PowerShell to Manage DNS Zones
For the example.io domain, you’ll build a new DNS zone in this tutorial.
1. Use the pdnsutil command to establish a new DNS zone called example.io (create-zone).
create-zone example.io pdnsutil
2. Next, use the instructions below to build a new nameserver and assign it to the IP address of the PowerDNS server.
# ns1 is defined pdnsutil add-record example.io ns1 A 172.16.5.10 # define nameserver for example pdnsutil add-record example.io ns1 A 172.16.5.10 # define nameserver for example pdnsutil add-record example.io ns1 A 172.16.5.10 # define nameserver for pdnsutil add-record example.io @ NS ns1.example.io @ NS ns1.example.io @ NS ns1.example.io @ NS ns1.example.io @ NS ns1.example.io @ NS ns1.example.i
3. To create a new A record for the example.io domain, use the command below. The IP address for this domain will be 172.16.5.20.
@ A 172.16.5.20 pdnsutil add-record example.io
4. To add additional subdomains to your apps, use the scripts below.
www pdnsutil add-record example.io www A 172.16.5.20 # add subdomain www pdnsutil add-record example.io 172.16.5.50 pdnsutil add-record example.io storage # add subdomain storage with the target server 172.16.5.50 is a unique IP address.
5. Finally, use the command below to add an MX record. For the main domain, the MX record is in charge of email delivery (example.io).
pdnsutil add-record example.io @ MX “10 example.io” pdnsutil add-record example.io @ MX “10 example.io”
6. To make nano your default editor and open the example.io file, use the instructions below.
# set the system’s default editor for temporary export EDITOR=nano # pdnsutil edit-zone example.io pdnsutil edit-zone example.io pdnsutil edit-zone example.io pdnsutil edit-zone example.
Use the settings below to change the default SOA record in the example.io file. After that, save your modifications and close the editor.
ns1.example.io admin.example.io 0 10800 3600 604800 3600 example.io 3600 IN SOA
Establishing a SOA record
7. To validate the changed modifications, type a and hit Enter, as shown below.
Making fresh adjustments
8. Run the command below to see all accessible DNS records on the example.io zone.
example.io pdnsutil list-zone
You can see whether the SOA record you changed in step six is reflected in the DNS records list below.
Checking the DNS zone exmaple.io for available records
9. Finally, use the command below to check the setup of PowerDNS zones.
On the example.io zone, there are seven records without any errors or warnings, as seen below.
On PowerDNS, double-checking zone setup
DNS Propagation Verification
That’s fantastic! You’ve successfully established the DNS zone for the example.io domain. Using the Domain Information Groper (DIG) tool, you’ll now check the DNS propagation of the example.io domain. The dig command is a DNS lookup tool that may be used to check DNS propagation and troubleshoot DNS servers.
1. To install the dnsutils package on your machine, run the command below.
The dnsutils package includes the dig command.
install dnsutils -y sudo apt install dnsutils -y
2. Check the A record for the example.io domain using the dig command below. The IP address of the PowerDNS server in this case is 172.16.5.10.
@172.16.5.10 dig example.io
You’ll see something like this in the ANSWER SECTION.
Verifying a record for the domain example.io
3. Check another subdomain, such as www.example.io and storage.example.io, using the following instructions.
# dig www.example.io @172.16.5.10 # check subdomain www.example.io # dig storage.example.io @172.16.5.10 # check subdomain storage.example.io
The www.example.io subdomain is resolved to the same server as the example.io domain in the example.io domain below.
Verifying the subdomain www.example.io
As illustrated below, the storage.example.io subdomain is resolved to another server with the IP address 172.16.5.50.
Verifying the subdomain storage.example.io
4. Finally, verify the MX record for the example.io domain using the dig command.
Other DNS entries, such as TXT, MX, SOA, and so on, may also be checked.
@172.16.5.10 dig MX example.io
Verifying the example.io domain’s MX record
You’ve learnt how to set up PowerDNS with the MariaDB database backend on Debian/Ubuntu Linux in this article. You’ve also noticed that, unlike other DNS server programs, PowerDNS allows you to establish and administer DNS servers with little resources. You’ve also learnt how to use the dig tool to examine DNS settings and propagation.
What’s the best way to take PowerDNS to the next level? Perhaps by enabling DNS cache with the PowerDNS recursor and using dnsdist as the DNS load balancer? Now you may go crazy and start building high-availability, distributed DNS servers.
The “powerdns-admin debian 10” is a command-line tool that allows users to set up PowerDNS on Debian/Ubuntu Linux. The powerdns-admin debian 10 can be used as an alternative to the GUI interface of the PowerDNS server.
Frequently Asked Questions
- powerdns install
- powerdns docker
- powerdns-admin install
- powerdns debian 11
- powerdns-admin docker