This article gives a quick introduction of setting up PowerDNS (pdns) Authoritative and Recursor servers, and also demonstrates a scenario that how we need to use both in the same host.
DNS
DNS has two type of server operations: Authoritative and Recursive. Most common use of DNS servers is authoritative. For those who don’t know the difference, here is a good introduction. Both are for different purposes, also both types of server can be operated individually and cooperatively under the same host.
Authoritative Server
Basically, authoritative server contains some kind of look up tables to resolve FQDN/IP pairs, this information can be stored in a database table, file, or memory (cached results). If the authoritative server cannot resolve the DNS query from the lookup table, it can either forward the query to another name server or send back record not found depending on the setup.
Recursive Server
As for the recursive server, the configuration is just a simple list of DNS servers for directing the queries. First it checks against the cached results from previous queries. If no match found, it directs the query to each individual server in the list. This list can also be a domain based servers list which acts as a filtering process that directs the queries to different server based on the query domain.
PDNS build
To make and install PDNS server, simple download the package, unpack it and run
./configure --enable-pdns_server
The pdns_server is the PDNS authoritative server which is more than enough for most of the DNS server setups. We can also build the recursor as well:
./configure --enable-pdns_server --enable-recursor
This will generate both pdns_server and pdns_recursor daemons. Later, we will see what setup we can use for both daemons under the same host. In this article, we build and install both daemons on a Ubuntu 14 machine.
Quick Setup for Authoritative Server
First, we have pre-installed and configured a Postgres DB server. The next task is to create a configuration for the pdns_server daemon. Here is an example of /usr/local/etc/pdns.conf
launch=gpgsql
loglevel=10
log-dns-queries=1
gpgsql-host=127.0.0.1
gpgsql-user=admin
gpgsql-password=xxxxx
gpgsql-dbname=DnsDB
The above configuration basically informs the pdns_server how to connect to the Postgres DB with the credential and location. We start the authoritative server with the command:
/usr/local/etc/rc.d/pdns start
Then you should see some log messages in /var/log/syslog similar to below:
The above log messages shown that the pdns_server has connected to the DB successfully. Here we have preconfigured the DB table with an entry, the name JoeMac has an IP address 192.168.200.51:
We test our setup by issuing a query command for this specific IP address on the DNS server and we get the following result:
The last parameter, 127.0.0.1, basically forces the nslookup to query the local DNS server only. However, if we issue a query the IP address of a well known host, we get no record found.
This is because we haven’t notified our authoritative server to reach for another DNS server in the case of no record found. Lets append the ‘recursor’ directive into the configuration file. Here is the new pdns.conf.
launch=gpgsql
loglevel=10
log-dns-queries=1
gpgsql-host=127.0.0.1
gpgsql-user=admin
gpgsql-password=xxxxx
gpgsql-dbname=DnsDB
recursor=8.8.8.8
Restart the pdns_server and issue the query again:
All the no match queries are being directed to the popular DNS server and being resolved.
Combining Authoritative and Recursive Servers
The previous setup probably satisfies most of the DNS usages. However, what happen if we want to setup an authoritative server as well as directing the queries to primary and secondary servers or even need to forward to different servers based on the query domain. This is where we run both authoritative and recursor servers in the same host.
First we set the recursor of the authoritative server to local host with a specific port:
launch=gpgsql
loglevel=10
log-dns-queries=1
gpgsql-host=127.0.0.1
gpgsql-user=admin
gpgsql-password=xxxxx
gpgsql-dbname=DnsDB
recursor=127.0.0.1:8699
The specific port is necessary because the default port for recursor server is the DNS listening port (53) and we don’t want the pdns_recursor to handle the initial query. Next is to setup a simple configuration file (/usr/local/etc/recursor.conf) for the recursor:
forward-zones=.=192.168.202.196;8.8.8.8
local-port=8699
The above recursor configuration means for any domains forward the queries to the 192.168.202.196 (primary). If not found, goes to the secondary. The forward-zones directive can support multiple zones and multiple IP addresses. Now we have setup both servers connecting to the same port and forwarding queries from authoritative to recursor. We restart the pdns_server and also we need to start the pdns_recursor separately. We can just enter ‘pdns_recursor’, the recursor will startup in a daemon mode. Here is part of output from starting the pdns_recursor:
Here we have a DNS server running as an authoritative server as well as capable of handling multi-zones queries. This particular example only demonstrates a small use of PDNS, there are lots of other settings for authoritative and recursor.