AST's MEMORY BOX
Japanese English

Build PowerDNS

LXD PowerDNS Ubuntu

A DNS server. It's made contorol with PowerDNS-Admin on the browser.

Install PowerDNS Authoritative Server

Build LXD container

PowerDNS official installation guid

vi /etc/apt/sources.list.d/pdns.list

# Ubuntu 22.04
deb [arch=amd64] http://repo.powerdns.com/ubuntu jammy-auth-47 main

vi /etc/apt/preferences.d/pdns
Package: pdns-*
Pin: origin repo.powerdns.com
Pin-Priority: 600

curl https://repo.powerdns.com/FD380FBB-pub.asc | sudo apt-key add - &&
apt-get update &&
apt-get install pdns-server

# Use mariadb
apt install powerdns-backend-mysql

Initialize MySQL

Create tables. MySQL default schema

mysql -u root
create database powerdns;
use powerdns;

# create table.


grant all on powerdns.* to user_pdns@'127.0.0.1' identified by 'pass_pdns';
grant all on powerdns.* to user_pdns@'localhost' identified by 'pass_pdns';
grant all on powerdns.* to user_pdns@'192.168.0.0/255.255.0.0' identified by 'pass_pdns';

pdns.conf

vi /etc/powerdns/pdns.conf

// for powerdns-Admin
api=yes
api-key=A000C111B222

#include-dir=/etc/powerdns/pdns.d

launch=gmysql
gmysql-host=127.0.0.1   # ip address only
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=user_pdns
gmysql-password=pass_pdns
#gmysql-dnssec=yes

listen-port=1053

resolver=8.8.8.8, 8.8.8.4, 2001:4860:4860::8888, 2001:4860:4860::8844

webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=127.0.0.1,192.168.23.0/24,::1

Check with a browser(http://192.168.23.7:8081/).

Using a PowerDNS-Admin

Actually I wanted to install it in the LXC container where powerdns was built, but due to the specification change, only Docker is provided, so docker run on the LXC host.

PowerDNS-Admin

// Launch container
docker run -d \
-e SECRET_KEY='a-very-secret-key' \
-v pda-data:/data \
-p 9191:80 \
powerdnsadmin/pda-legacy:latest

Check with a browser(http://192.168.23.3:9191/). Create account. Initial setting.

PowerDNS-Admin

Using PowerDNS Recursor.

Run PowerDNS Recursor on port 53. From within the LAN, it behaves like a normal DNS cache resolver, and queries the locally running PowerDNS Authoritative Server for configured domains. No response from Wan side.

vi /etc/powerdns/recursor.conf

# Uncomment to enable allow-from.
allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10

# for webserver
api-key=A000C111B222

forward-zones=mydomain1.com=127.0.0.1:1053;
forward-zones+=mydomain2.com=127.0.0.1:1053;

forward-zones-recurse=.=8.8.8.8;
forward-zones-recurse+=.=8.8.4.4;
forward-zones-recurse+=.=2001:4860:4860::8888;
forward-zones-recurse+=.=2001:4860:4860::8844;

local-address=192.168.8.7,192.168.23.7

// max-cache-ttl=300


webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=127.0.0.1,192.168.0.0/16,::1

Success if dig passes. Try to use it in the LAN.

dig ast.domain1.com @127.0.0.1 -p 53
dig yahoo.co.jp @192.168.23.7

Check with a browser(http://192.168.23.7:8082/).

Use as internal DNS server.

I use the hosts file, but it's impossible on the iPad. It is also against the rules to publish the A record of your local IP address to the world with PowerDNS. So I will respond with PowerDNS recursor.

vi /etc/powerdns/recursor.conf

// Use hosts file 
etc-hosts-file=/etc/hosts
export-etc-hosts=on

This will return the ip address in the hosts file.