This article gives a quick introduction of setting up PowerDNS (pdns) Authoritative and Recursor servers, and also demonstrates a scenario that how we need to use both in the same host.

DNS

DNS has two type of server operations: Authoritative and Recursive. Most common use of DNS servers is authoritative. For those who don’t know the difference, here is a good introduction. Both are for different purposes, also both types of server can be operated individually and cooperatively under the same host.

Authoritative Server

Basically, authoritative server contains some kind of look up tables  to resolve FQDN/IP pairs, this information can be stored in a database  table, file, or memory (cached results). If the authoritative server  cannot resolve the DNS query from the lookup table, it can either  forward the query to another name server or send back record not found  depending on the setup.

Authoritative Server

Recursive Server

As for the recursive server, the configuration is just a simple list  of DNS servers for directing the queries. First it checks against the  cached results from previous queries. If no match found, it directs the  query to each individual server in the list. This list can also be a  domain based servers list which acts as a filtering process that directs  the queries to different server based on the query domain.

Recursive Server

PDNS build

To make and install PDNS server, simple download the package, unpack it and run

./configure --enable-pdns_server

The pdns_server is the PDNS authoritative server which is more than  enough for most of the DNS server setups. We can also build the recursor  as well:

./configure --enable-pdns_server  --enable-recursor

This will generate both pdns_server and pdns_recursor daemons. Later,  we will see what setup we can use for both daemons under the same host.  In this article, we build and install both daemons on a Ubuntu 14  machine.

Quick Setup for Authoritative Server

First, we have pre-installed and configured a Postgres DB server. The  next task is to create a configuration for the pdns_server daemon. Here  is an example of /usr/local/etc/pdns.conf

launch=gpgsql

loglevel=10

log-dns-queries=1

gpgsql-host=127.0.0.1

gpgsql-user=admin

gpgsql-password=xxxxx

gpgsql-dbname=DnsDB

The above configuration basically informs the pdns_server how to  connect to the Postgres DB with the credential and location. We start  the authoritative server with the command:

/usr/local/etc/rc.d/pdns start

Then you should see some log messages in /var/log/syslog similar to below:

screen


The above log messages shown that the pdns_server has connected to the  DB successfully. Here we have preconfigured the DB table with an entry,  the name JoeMac has an IP address 192.168.200.51:

screen


We test our setup by issuing a query command for this specific IP address on the DNS server and we get the following result:

screen

The last parameter, 127.0.0.1, basically forces the nslookup to query  the local DNS server only. However, if we issue a query the IP address  of a well known host, we get no record found.

screen

This is because we haven’t notified our authoritative server to reach  for another DNS server in the case of no record found. Lets append the  ‘recursor’ directive into the configuration file. Here is the new pdns.conf.

launch=gpgsql

loglevel=10

log-dns-queries=1

gpgsql-host=127.0.0.1

gpgsql-user=admin

gpgsql-password=xxxxx

gpgsql-dbname=DnsDB

recursor=8.8.8.8

Restart the pdns_server and issue the query again:

screen


All the no match queries are being directed to the popular DNS server and being resolved.

Combining Authoritative and Recursive Servers

The previous setup probably satisfies most of the DNS usages.  However, what happen if we want to setup an authoritative server as well  as directing the queries to primary and secondary servers or even need  to forward to different servers based on the query domain. This is where  we run both authoritative and recursor servers in the same host.

First we set the recursor of the authoritative server to local host with a specific port:

launch=gpgsql

loglevel=10

log-dns-queries=1

gpgsql-host=127.0.0.1

gpgsql-user=admin

gpgsql-password=xxxxx

gpgsql-dbname=DnsDB

recursor=127.0.0.1:8699

The specific port is necessary because the default port for recursor  server is the DNS listening port (53) and we don’t want the  pdns_recursor to handle the initial query. Next is to setup a simple  configuration file (/usr/local/etc/recursor.conf) for the recursor:

forward-zones=.=192.168.202.196;8.8.8.8

local-port=8699

The above recursor configuration means for any domains forward the  queries to the 192.168.202.196 (primary). If not found, goes to the  secondary. The forward-zones directive can support multiple zones and  multiple IP addresses. Now we have setup both servers connecting to the  same port and forwarding queries from authoritative to recursor. We  restart the pdns_server and also we need to start the pdns_recursor  separately. We can just enter ‘pdns_recursor’, the recursor will startup  in a daemon mode. Here is part of output from starting the  pdns_recursor:

screen

Here we have a DNS server running as an authoritative server as well  as capable of handling multi-zones queries. This particular example only  demonstrates a small use of PDNS, there are lots of other settings for authoritative and recursor.