What would be correct setup procedure for PDNS server

binddomain-name-systeminternal-dnspowerdns

I am new to the world of DNS servers, but as a part of my current job I should do upgrade on our office network infrastructure.

After looking at available options i decided to go with PowerDNS solution PDNS server. Mostly because of easy management option through MySQL backend.

I already have PDNS server running and even working for my needs, but I see some significant differences between responses from our old BIND9 and new PDNS: additional section is missing, the answer is "not authorative" etc.

Basically the requirements for our DNS are:

  • If requested domain is in records on MySQL backend (for example intranet-domain.ourdomain.com), then response should be authorative.
  • If requested domain that is not in records in MySQL backend, then the request should be forwarded to external network to get answer from appropriate authorative DNS.

Our current setup is:

  • Debian 7
  • pdns (3.2 from standard repo) + pdns-backend-mysql + poweradmin
  • pdns-recursor (otherwise it was not resolving any external domain names)

Questions:

  • Do I really need pdns-recursor in order to make resolution of external addresses to work? If there is a way to forward unknown addresses to ISPs DNS, please enlighten me.
  • How to make responses look more like BIND9? For example, I also want to see additional section telling me about NS for requested address etc.
  • Additionally if i put on our DHCP PDNS as primary and BIND9 as secondary, then the response will always come from BIND9 instead of PDNS. Although I imported all the records and zones from BIND9 to MySQL backend. How to fix it?

pdns.conf:

allow-recursion=192.168.1.0/8,10.0.0.0/16,127.0.0.0/8 
allow-recursion-override=on 
config-dir=/etc/powerdns 
daemon=yes 
disable-axfr=yes 
guardian=yes 
lazy-recursion=yes 
local-address=192.168.1.5 
local-port=53 
master=yes 
module-dir=/usr/lib/powerdns 
recursor=127.0.0.1 
setgid=pdns 
setuid=pdns 
socket-dir=/var/run 
version-string=powerdns 
out-of-zone-additional-processing=yes 
include=/etc/powerdns/pdns.d

recursor.conf:

local-address=127.0.0.1
local-port=53
quiet=yes
setgid=pdns
setuid=pdns

pdns.local.gmysql:

launch=gmysql
gmysql-host=localhost
gmysql-port=
gmysql-dbname=pdns
gmysql-user=pdns
gmysql-password=pdns
gmysql-dnssec=yes

Best Answer

It sounds like you want to combine a recursive resolver and an authoritative nameserver into one server.

By specifying the recursor option in the configuration file, questions requiring recursive treatment will be handed over to the IP address specified

http://doc.powerdns.com/html/recursion.html

The doc goes on to state, N.B.:

Take care not to point recursor to the PowerDNS Authoritative Server itself, which leads to a very tight packet loop!

It looks like you've managed to seperate the two by putting pdns-recursor on 127.0.0.1 only.

You can test by sending a dig or host command to the IP of your server and watch what happens with wireshark or tcpdump on all interfaces of your dns server.

Regarding the authoritative flag, please see question number 3:

http://doc.powerdns.com/pdns-users-faq.html

EDIT based on comment:

If you want to use another nameserver as your recursor, set it in the recursor setting of pdns.conf. E.g:

recursor: 8.8.8.8

Related Topic