{"id":7092,"date":"2020-10-10T10:19:55","date_gmt":"2020-10-10T07:19:55","guid":{"rendered":"https:\/\/kifarunix.com\/?p=7092"},"modified":"2024-03-14T23:31:10","modified_gmt":"2024-03-14T20:31:10","slug":"easily-install-and-setup-powerdns-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/easily-install-and-setup-powerdns-on-ubuntu-20-04\/","title":{"rendered":"Easily Install and Setup PowerDNS on Ubuntu 20.04"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1061\" height=\"590\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/powerdns-ubuntu-linux.png\" alt=\"Install and Setup PowerDNS on Ubuntu\" class=\"wp-image-18096\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/powerdns-ubuntu-linux.png?v=1690317738 1061w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/powerdns-ubuntu-linux-768x427.png?v=1690317738 768w\" sizes=\"(max-width: 1061px) 100vw, 1061px\" \/><\/figure>\n\n\n\n<p>Welcome to our tutorial on how to easily install and setup PowerDNS on Ubuntu 20.04. PowerDNS &#8220;<em>is a premier supplier of open source DNS software, services and support<\/em>&#8220;. It provides both the Authoritative Server and the Recursor DNS products. According to <a aria-label=\" (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/doc.powerdns.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">PowerDNS documentation page<\/a>;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The&nbsp;<a aria-label=\" (opens in a new tab)\" href=\"https:\/\/doc.powerdns.com\/authoritative\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Authoritative Server<\/a>&nbsp;will answer questions about domains it knows about, but will not go out on the net to resolve queries about other domains. When the Authoritative Server answers a question, it comes out of the database, and can be trusted as being authoritative. There is no way to pollute the cache or to confuse the daemon.<\/li>\n\n\n\n<li>The&nbsp;<a aria-label=\" (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/doc.powerdns.com\/recursor\" target=\"_blank\" rel=\"noreferrer noopener\">Recursor<\/a>, conversely, by default has no knowledge of domains itself, but will always consult other authoritative servers to answer questions given to it.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-power-dns-on-ubuntu-20-04\">Installing PowerDNS on Ubuntu 20.04<\/a><ul><li><a href=\"#what-features-does-power-dns-provide\">What Features Does PowerDNS Provide?<\/a><\/li><li><a href=\"#run-system-update\">Run System Update<\/a><\/li><li><a href=\"#install-power-dns-relational-database-maria-db\">Install PowerDNS Relational Database (MariaDB)<\/a><\/li><li><a href=\"#setting-up-power-dns-on-ubuntu-20-04\">Setting up PowerDNS on Ubuntu 20.04<\/a><ul><li><a href=\"#disable-systemd-resolved-service\">Disable systemd-resolved service<\/a><\/li><li><a href=\"#install-power-dns-on-ubuntu-20-04\">Install PowerDNS on Ubuntu 20.04<\/a><\/li><li><a href=\"#create-power-dns-database-on-ubuntu-20-04\">Create PowerDNS Database on Ubuntu 20.04<\/a><\/li><li><a href=\"#import-power-dns-database-schema\">Import PowerDNS Database Schema<\/a><\/li><li><a href=\"#configure-power-dns-database-connection-details\">Configure PowerDNS Database Connection Details<\/a><\/li><li><a href=\"#verify-power-dns-database-connection\">Verify PowerDNS database connection<\/a><\/li><li><a href=\"#restart-power-dns\">Restart PowerDNS<\/a><\/li><\/ul><\/li><li><a href=\"#creating-power-dns-forward-zone-records\">Creating PowerDNS Forward Zone Records<\/a><ul><li><a href=\"#define-power-dns-operation-mode\">Define PowerDNS Operation Mode<\/a><\/li><li><a href=\"#create-the-domain-soa-start-of-authority-record\">Create the domain SOA (Start Of Authority) record. <\/a><\/li><li><a href=\"#create-nameserver-ns-records\">Create Nameserver NS records<\/a><\/li><li><a href=\"#insert-a-records-for-the-nameserver\">Insert A Records for the Nameserver<\/a><\/li><li><a href=\"#insert-mx-records\">Insert MX records<\/a><\/li><li><a href=\"#verify-power-dns-forward-resolution\">Verify PowerDNS Forward Resolution<\/a><\/li><\/ul><\/li><li><a href=\"#creating-power-dns-reverse-zone-records\">Creating PowerDNS Reverse Zone Records<\/a><ul><li><a href=\"#insert-soa-record-for-the-reverse-zone\">Insert SOA Record for the Reverse Zone<\/a><\/li><li><a href=\"#insert-ns-reverse-zone-record\">Insert NS Reverse Zone Record<\/a><\/li><li><a href=\"#insert-ptr-records-for-ns\">Insert PTR Records for NS<\/a><\/li><li><a href=\"#verify-power-dns-reverse-resolution\">Verify PowerDNS Reverse Resolution<\/a><\/li><\/ul><\/li><li><a href=\"#manage-dns-zones-and-records-from-web-interface\">Manage DNS Zones and Records from Web Interface<\/a><\/li><li><a href=\"#open-dns-port-on-ufw\">Open DNS Port on UFW<\/a><\/li><li><a href=\"#configure-dns-server-on-client-systems\">Configure DNS Server on Client Systems<\/a><ul><li><a href=\"#verify-client-forward-dns-resolution\">Verify Client Forward DNS Resolution<\/a><\/li><li><a href=\"#verify-client-reverse-dns-resolution\">Verify Client Reverse DNS Resolution<\/a><\/li><\/ul><\/li><li><a href=\"#reference\">Reference<\/a><\/li><li><a href=\"#related-tutorials\">Related Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-power-dns-on-ubuntu-20-04\">Installing PowerDNS on Ubuntu 20.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"what-features-does-power-dns-provide\">What Features Does PowerDNS Provide?<\/h3>\n\n\n\n<p>PowerDNS;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>offers very high domain resolution performance.<\/li>\n\n\n\n<li>supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing\/failover algorithms.<\/li>\n\n\n\n<li>offers better security features.<\/li>\n\n\n\n<li>its source code is reasonably small which makes auditing easy.<\/li>\n\n\n\n<li>it give a lot of statistics on its operation which is both helpful in determining the scalability of an installation as well as for spotting problems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"run-system-update\">Run System Update<\/h3>\n\n\n\n<p>To begin with, update your system package and upgrade to your system packages as well.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt update<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">apt upgrade<\/pre>\n\n\n\n<p>If system reboot is required, then reboot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;&#91; -f \/var\/run\/reboot-required ]] &amp;&amp; systemctl reboot -i<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-power-dns-relational-database-maria-db\">Install PowerDNS Relational Database (MariaDB)<\/h3>\n\n\n\n<p>As stated above, the authoritative PowerDNS server supports different backends ranging from database backends such as MySQL,&nbsp;PostgreSQL,&nbsp;Oracle and&nbsp;<a href=\"https:\/\/doc.powerdns.com\/authoritative\/backends\/bind.html\" target=\"_blank\" rel=\"noreferrer noopener\">BIND zone files<\/a>&nbsp;to&nbsp;<a href=\"https:\/\/doc.powerdns.com\/authoritative\/backends\/pipe.html\" target=\"_blank\" rel=\"noreferrer noopener\">co-processes<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/doc.powerdns.com\/authoritative\/backends\/remote.html\" target=\"_blank\" rel=\"noreferrer noopener\">JSON API\u2019s<\/a>.<\/p>\n\n\n\n<p>Since we are going to easily install PowerDNS as our local authoritative nameserver, we will use one of the relational databases, and in this setup, we go with MariaDB.<\/p>\n\n\n\n<p>To install the latest and stable release version of MariaDB, you need to install MariaDB repos.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install software-properties-common gnupg2<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">curl -LsS https:\/\/r.mariadb.com\/downloads\/mariadb_repo_setup | sudo bash<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">apt update<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install mariadb-server<\/pre>\n\n\n\n<p>Once the installation is done, check if the MariaDB service is running (it should be running upon installation);<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status mariadb<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf mariadb.service - MariaDB 11.0.2 database server\n     Loaded: loaded (\/lib\/systemd\/system\/mariadb.service; enabled; vendor preset: enabled)\n    Drop-In: \/etc\/systemd\/system\/mariadb.service.d\n             \u2514\u2500migrated-from-my.cnf-settings.conf\n     Active: active (running) since Tue 2023-07-25 19:47:24 UTC; 46s ago\n       Docs: man:mariadbd(8)\n             https:\/\/mariadb.com\/kb\/en\/library\/systemd\/\n   Main PID: 29789 (mariadbd)\n     Status: \"Taking your SQL requests now...\"\n      Tasks: 13 (limit: 2257)\n     Memory: 79.4M\n     CGroup: \/system.slice\/mariadb.service\n             \u2514\u250029789 \/usr\/sbin\/mariadbd\n\nJul 25 19:47:24 focal mariadbd[29789]: 2023-07-25 19:47:24 0 [Note] Plugin 'wsrep-provider' is disabled.\nJul 25 19:47:24 focal mariadbd[29789]: 2023-07-25 19:47:24 0 [Note] InnoDB: Loading buffer pool(s) from \/var\/lib\/mysql\/ib_buffer_pool\nJul 25 19:47:24 focal mariadbd[29789]: 2023-07-25 19:47:24 0 [Note] Server socket created on IP: '127.0.0.1'.\nJul 25 19:47:24 focal mariadbd[29789]: 2023-07-25 19:47:24 0 [Note] InnoDB: Buffer pool(s) load completed at 230725 19:47:24\nJul 25 19:47:24 focal mariadbd[29789]: 2023-07-25 19:47:24 0 [Note] \/usr\/sbin\/mariadbd: ready for connections.\nJul 25 19:47:24 focal mariadbd[29789]: Version: '11.0.2-MariaDB-1:11.0.2+maria~ubu2004'  socket: '\/run\/mysqld\/mysqld.sock'  port: 3306  mariadb.org binary distribution\nJul 25 19:47:24 focal systemd[1]: Started MariaDB 11.0.2 database server.\nJul 25 19:47:24 focal \/etc\/mysql\/debian-start[29805]: Upgrading MySQL tables if necessary.\nJul 25 19:47:24 focal \/etc\/mysql\/debian-start[29816]: Checking for insecure root accounts.\nJul 25 19:47:24 focal \/etc\/mysql\/debian-start[29820]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables\n<\/code><\/pre>\n\n\n\n<p>Run the initial MySQL security script to remove anonymous users and test databases, disallow remote root login.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mysql_secure_installation<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"setting-up-power-dns-on-ubuntu-20-04\">Setting up PowerDNS on Ubuntu 20.04<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"disable-systemd-resolved-service\">Disable <code><strong>systemd-resolved<\/strong><\/code> service<\/h4>\n\n\n\n<p>Before you can install PowerDNS on Ubuntu 20.04, you need to disable <code><strong>systemd-resolved<\/strong><\/code> service&nbsp;(<em>system service that provides network name resolution to local applications<\/em>).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl disable --now systemd-resolved<\/pre>\n\n\n\n<p>Update <code><strong>resolv.conf<\/strong><\/code> file with your custom DNS server details to enable you do the installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"nameserver 8.8.8.8\" &gt; \/etc\/resolv.conf<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-power-dns-on-ubuntu-20-04\">Install PowerDNS on Ubuntu 20.04<\/h4>\n\n\n\n<p>Once that is done, install PowerDNS on Ubuntu 20.04. PowerDNS is provided by the <strong><code>pdns-server<\/code><\/strong> package.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install pdns-server<\/pre>\n\n\n\n<p>You also need to install PowerDNS nameserver MySQL backend;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install pdns-backend-mysql<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-power-dns-database-on-ubuntu-20-04\">Create PowerDNS Database on Ubuntu 20.04<\/h4>\n\n\n\n<p>Now that PowerDNS and its MySQL backend packages are installed, login to MariaDB and create a database for PowerDNS nameserver.<\/p>\n\n\n\n<p>Be sure to use your preferred database names and database usernames. Names used here are not standard.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u root -p -e \"create database kifarunixdemopdns;\"<\/pre>\n\n\n\n<p>Create a PowerDNS database user and grant all privileges on the PowerDNS database. Replace the password accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u root -p -e \"grant all on kifarunixdemopdns.* to pdnsadmin@localhost identified by 'PdnSPassW0rd';\"<\/pre>\n\n\n\n<p>Reload the privileges tables;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u root -p -e \"flush privileges;\"<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"import-power-dns-database-schema\">Import PowerDNS Database Schema<\/h4>\n\n\n\n<p>The default PowerDNS database schema is available under <code><strong>\/usr\/share\/pdns-backend-mysql\/schema\/<\/strong><\/code> directory as <code><strong>schema.mysql.sql<\/strong><\/code>. You need to import this schema to the PowerDNS database created above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u pdnsadmin -p kifarunixdemopdns &lt; \/usr\/share\/pdns-backend-mysql\/schema\/schema.mysql.sql <\/pre>\n\n\n\n<p>To verify the PowerDNS database schema import, try to list available tables;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb-show kifarunixdemopdns<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nDatabase: kifarunixdemopdns\n+----------------+\n|     Tables     |\n+----------------+\n| comments       |\n| cryptokeys     |\n| domainmetadata |\n| domains        |\n| records        |\n| supermasters   |\n| tsigkeys       |\n+----------------+\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-power-dns-database-connection-details\">Configure PowerDNS Database Connection Details<\/h4>\n\n\n\n<p>Create a configuration file, as shown below, where to define the PowerDNS database connection details.<\/p>\n\n\n\n<p>Be sure to update your database connection details accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vim \/etc\/powerdns\/pdns.d\/pdns.local.gmysql.conf<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n# MySQL Configuration\n#\n# Launch gmysql backend\nlaunch+=gmysql\n\n# gmysql parameters\ngmysql-host=127.0.0.1\ngmysql-port=3306\ngmysql-dbname=kifarunixdemopdns\ngmysql-user=pdnsadmin\ngmysql-password=PdnSPassW0rd\ngmysql-dnssec=yes\n# gmysql-socket=\n<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>Adjust the permissions of the database connection details.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">chmod 640 \/etc\/powerdns\/pdns.d\/pdns.local.gmysql.conf<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-power-dns-database-connection\">Verify PowerDNS database connection<\/h4>\n\n\n\n<p>If PowerDNS is already running, stop it and run it in the foreground to verify if it can connect to the database;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl stop pdns.service<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">pdns_server --daemon=no --guardian=no --loglevel=9<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nJul 25 20:03:11 Loading '\/usr\/lib\/x86_64-linux-gnu\/pdns\/libbindbackend.so'\nJul 25 20:03:11 [bind2backend] This is the bind backend version 4.2.1 (with bind-dnssec-db support) reporting\nJul 25 20:03:11 Loading '\/usr\/lib\/x86_64-linux-gnu\/pdns\/libgmysqlbackend.so'\nJul 25 20:03:11 [gmysqlbackend] This is the gmysql backend version 4.2.1 reporting\nJul 25 20:03:11 This is a standalone pdns\nJul 25 20:03:11 Listening on controlsocket in '\/var\/run\/pdns.controlsocket'\nJul 25 20:03:11 UDP server bound to 0.0.0.0:53\nJul 25 20:03:11 UDPv6 server bound to [::]:53\nJul 25 20:03:11 TCP server bound to 0.0.0.0:53\nJul 25 20:03:11 TCPv6 server bound to [::]:53\nJul 25 20:03:11 PowerDNS Authoritative Server 4.2.1 (C) 2001-2019 PowerDNS.COM BV\nJul 25 20:03:11 Using 64-bits mode. Built using gcc 9.2.1 20200202.\nJul 25 20:03:11 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.\nJul 25 20:03:11 Set effective group id to 119\nJul 25 20:03:11 Set effective user id to 115\nJul 25 20:03:11 Creating backend connection for TCP\nJul 25 20:03:11 [bindbackend] Parsing 0 domain(s), will report when done\nJul 25 20:03:11 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed\nJul 25 20:03:11 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.\nJul 25 20:03:11 About to create 3 backend threads for UDP\nJul 25 20:03:11 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.\nJul 25 20:03:11 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.\nJul 25 20:03:12 gmysql Connection successful. Connected to database 'kifarunixdemopdns' on '127.0.0.1'.\nJul 25 20:03:12 Done launching threads, ready to distribute questions\n<\/code><\/pre>\n\n\n\n<p>If you encounter any error, please fix it before you can proceed.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"restart-power-dns\">Restart PowerDNS<\/h4>\n\n\n\n<p>Restart PowerDNS to apply the changes made.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart pdns<\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status pdns<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf pdns.service - PowerDNS Authoritative Server\n     Loaded: loaded (\/lib\/systemd\/system\/pdns.service; enabled; vendor preset: enabled)\n     Active: active (running) since Tue 2023-07-25 20:03:58 UTC; 19s ago\n       Docs: man:pdns_server(1)\n             man:pdns_control(1)\n             https:\/\/doc.powerdns.com\n   Main PID: 31590 (pdns_server)\n      Tasks: 8 (limit: 2257)\n     Memory: 6.1M\n     CGroup: \/system.slice\/pdns.service\n             \u2514\u250031590 \/usr\/sbin\/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no\n\nJul 25 20:03:58 focal pdns_server[31590]: TCPv6 server bound to [::]:53\nJul 25 20:03:58 focal pdns_server[31590]: PowerDNS Authoritative Server 4.2.1 (C) 2001-2019 PowerDNS.COM BV\nJul 25 20:03:58 focal pdns_server[31590]: Using 64-bits mode. Built using gcc 9.2.1 20200202.\nJul 25 20:03:58 focal pdns_server[31590]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms >\nJul 25 20:03:58 focal pdns_server[31590]: Creating backend connection for TCP\nJul 25 20:03:58 focal pdns_server[31590]: [bindbackend] Parsing 0 domain(s), will report when done\nJul 25 20:03:58 focal pdns_server[31590]: [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed\nJul 25 20:03:58 focal systemd[1]: Started PowerDNS Authoritative Server.\nJul 25 20:03:58 focal pdns_server[31590]: About to create 3 backend threads for UDP\nJul 25 20:03:58 focal pdns_server[31590]: Done launching threads, ready to distribute questions\n<\/code><\/pre>\n\n\n\n<p>Verify the DNS port UDP\/TCP port 53 are opened<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ss -alnp4 | grep pdns<\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code>\nudp    UNCONN  0       0                     0.0.0.0:53           0.0.0.0:*      users:((\"pdns_server\",pid=31590,fd=5))                                         \ntcp    LISTEN  0       128                   0.0.0.0:53           0.0.0.0:*      users:((\"pdns_server\",pid=31590,fd=7)) \n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"creating-power-dns-forward-zone-records\">Creating PowerDNS Forward Zone Records<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"define-power-dns-operation-mode\">Define PowerDNS Operation Mode<\/h4>\n\n\n\n<p>The basic configuration of PowerDNS is now done. You can proceed to add your DNS records into the database.<\/p>\n\n\n\n<p>Login into the PowerDNS database;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u pdnsadmin -p -D kifarunixdemopdns<\/pre>\n\n\n\n<p>To begin with, define the PowerDNS operation mode. There are various <a aria-label=\"DNS operation modes (opens in a new tab)\" href=\"https:\/\/doc.powerdns.com\/authoritative\/modes-of-operation.html\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">DNS operation modes<\/a> you can define while inserting records into PowerDNS database. In this basic tutorial, we will go with the default Native operation mode.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">insert into domains (name, type) values ('kifarunix-demo.com', 'NATIVE');<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-the-domain-soa-start-of-authority-record\">Create the domain SOA (Start Of Authority) record. <\/h4>\n\n\n\n<p>The SOA stored format is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>primary hostmaster serial refresh retry expire default_ttl<\/strong><\/pre>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>primary:&nbsp;<a href=\"https:\/\/doc.powerdns.com\/authoritative\/settings.html#setting-default-soa-name\" target=\"_blank\" rel=\"noopener\">default-soa-name<\/a>&nbsp;configuration option<\/li>\n\n\n\n<li>hostmaster:&nbsp;<code>hostmaster@domain-name<\/code><\/li>\n\n\n\n<li>serial: 0<\/li>\n\n\n\n<li>refresh: 10800 (3 hours)<\/li>\n\n\n\n<li>retry: 3600 (1 hour)<\/li>\n\n\n\n<li>expire: 604800 (1 week)<\/li>\n\n\n\n<li>default_ttl: 3600 (1 hour)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-nameserver-ns-records\">Create Nameserver NS records<\/h4>\n\n\n\n<p>Sample NS record;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','ns1.kifarunix-demo.com','NS',86400,NULL);<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"insert-a-records-for-the-nameserver\">Insert A Records for the Nameserver<\/h4>\n\n\n\n<p>Sample A records;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns1.kifarunix-demo.com','192.168.57.3','A',120,NULL);<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'news.kifarunix-demo.com','192.168.58.45','A',120,NULL);<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"insert-mx-records\">Insert MX records<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'kifarunix-demo.com','mail.kifarunix-demo.com','MX',120,25);<\/pre>\n\n\n\n<p>So far so good,  that is enough for our demo and this is how our records look like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">select * from records;<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n| id | domain_id | name                    | type | content                                                     | ttl   | prio | disabled | ordername | auth |\n+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n|  1 |         1 | kifarunix-demo.com      | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |\n|  2 |         1 | kifarunix-demo.com      | NS   | ns1.kifarunix-demo.com                                      | 86400 | NULL |        0 | NULL      |    1 |\n|  3 |         1 | ns1.kifarunix-demo.com  | A    | 192.168.57.3                                                |   120 | NULL |        0 | NULL      |    1 |\n|  4 |         1 | news.kifarunix-demo.com | A    | 192.168.58.45                                               |   120 | NULL |        0 | NULL      |    1 |\n|  5 |         1 | kifarunix-demo.com      | MX   | mail.kifarunix-demo.com                                     |   120 |   25 |        0 | NULL      |    1 |\n+----+-----------+-------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n5 rows in set (0.001 sec)\n<\/code><\/pre>\n\n\n\n<p>Exit the database;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\\q<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-power-dns-forward-resolution\">Verify PowerDNS Forward Resolution<\/h4>\n\n\n\n<p>Once the records are populated into the DB, very the PowerDNS resolution;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dig ns1.kifarunix-demo.com @127.0.0.1<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\n; <<>> DiG 9.16.1-Ubuntu <<>> ns1.kifarunix-demo.com @127.0.0.1\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51535\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n;; WARNING: recursion requested but not available\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 1232\n;; QUESTION SECTION:\n;ns1.kifarunix-demo.com.\t\tIN\tA\n\n;; ANSWER SECTION:\nns1.kifarunix-demo.com.\t120\tIN\tA\t192.168.57.3\n\n;; Query time: 4 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Tue Jul 25 20:11:11 UTC 2023\n;; MSG SIZE  rcvd: 67\n\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">dig MX kifarunix-demo.com @127.0.0.1 +short<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">25 mail.kifarunix-demo.com.<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"creating-power-dns-reverse-zone-records\">Creating PowerDNS Reverse Zone Records<\/h3>\n\n\n\n<p>Login into the PowerDNS database again;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mariadb -u pdnsadmin -p -D kifarunixdemopdns<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"insert-soa-record-for-the-reverse-zone\">Insert SOA Record for the Reverse Zone<\/h4>\n\n\n\n<p>Sample reverse SOA record;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600','SOA',86400,NULL);<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"insert-ns-reverse-zone-record\">Insert NS Reverse Zone Record<\/h4>\n\n\n\n<p>Sample NS record;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','NS',120,NULL);<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"insert-ptr-records-for-ns\">Insert PTR Records for NS<\/h4>\n\n\n\n<p>Sample PTR records;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'3.57.168.192.in-addr.arpa','ns1.kifarunix-demo.com','PTR',120,NULL);<\/pre>\n\n\n\n<p>Insert Other Domains PTR Records<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'45.58.168.192.in-addr.arpa','news.kifarunix-demo.com','PTR',120,NULL);<\/pre>\n\n\n\n<p>Now the general database records look like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">select * from records;<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n| id | domain_id | name                       | type | content                                                     | ttl   | prio | disabled | ordername | auth |\n+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n|  1 |         1 | kifarunix-demo.com         | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |\n|  2 |         1 | kifarunix-demo.com         | NS   | ns1.kifarunix-demo.com                                      | 86400 | NULL |        0 | NULL      |    1 |\n|  3 |         1 | ns1.kifarunix-demo.com     | A    | 192.168.57.3                                                |   120 | NULL |        0 | NULL      |    1 |\n|  4 |         1 | news.kifarunix-demo.com    | A    | 192.168.58.45                                               |   120 | NULL |        0 | NULL      |    1 |\n|  5 |         1 | kifarunix-demo.com         | MX   | mail.kifarunix-demo.com                                     |   120 |   25 |        0 | NULL      |    1 |\n|  6 |         2 | 57.168.192.in-addr.arpa    | SOA  | localhost admin.kifarunix-demo.com 1 10380 3600 604800 3600 | 86400 | NULL |        0 | NULL      |    1 |\n|  7 |         2 | 57.168.192.in-addr.arpa    | NS   | ns1.kifarunix-demo.com                                      |   120 | NULL |        0 | NULL      |    1 |\n|  8 |         2 | 3.57.168.192.in-addr.arpa  | PTR  | ns1.kifarunix-demo.com                                      |   120 | NULL |        0 | NULL      |    1 |\n| 12 |         2 | 45.58.168.192.in-addr.arpa | PTR  | news.kifarunix-demo.com                                     |   120 | NULL |        0 | NULL      |    1 |\n+----+-----------+----------------------------+------+-------------------------------------------------------------+-------+------+----------+-----------+------+\n9 rows in set (0.000 sec)\n<\/code><\/pre>\n\n\n\n<p><strong>So what is domain_id, name, type, prio, ttl<\/strong>? Read about them on the <a aria-label=\"PowerDNS Regular Queries page (opens in a new tab)\" class=\"rank-math-link\" href=\"https:\/\/doc.powerdns.com\/authoritative\/backends\/generic-sql.html#regular-queries\" target=\"_blank\" rel=\"noreferrer noopener\">PowerDNS Regular Queries page<\/a>.<\/p>\n\n\n\n<p>Exit the database connection;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\\q<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-power-dns-reverse-resolution\">Verify PowerDNS Reverse Resolution<\/h4>\n\n\n\n<p>Exit the database and run the reverse DNS queries to confirm if all is well.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dig -x 192.168.58.45 @127.0.0.1 +short<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">news.kifarunix-demo.com.<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">dig -x 192.168.57.3 @127.0.0.1 +short<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">ns1.kifarunix-demo.com.<\/pre>\n\n\n\n<p>Magnificent!!!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"manage-dns-zones-and-records-from-web-interface\">Manage DNS Zones and Records from Web Interface<\/h3>\n\n\n\n<p>Note that all this can be easily be done from the web;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/easily-install-and-setup-powerdns-admin-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Easily Install and Setup PowerDNS Admin on Ubuntu 20.04<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"open-dns-port-on-ufw\">Open DNS Port on UFW<\/h3>\n\n\n\n<p>For the remote hosts to be able to use the PowerDNS for their name resolution, you need to open the DNS port 53\/UDP;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ufw allow from 192.168.0.0\/16 to any port 53 proto udp<\/pre>\n\n\n\n<p>This allows DNS queries from 192.168.0.0\/16 subnet.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-dns-server-on-client-systems\">Configure DNS Server on Client Systems<\/h3>\n\n\n\n<p>For testing purposes, overwrite your <strong><code>\/etc\/resolv.conf<\/code><\/strong>&nbsp;file with PowerDNS nameserver entry.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"nameserver 192.168.57.3\" &gt; \/etc\/resolv.conf<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-client-forward-dns-resolution\">Verify Client Forward DNS Resolution<\/h4>\n\n\n\n<p>Next, perform DNS resolution using any DNS utilities.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dig news.kifarunix-demo.com<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\n; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> news.kifarunix-demo.com\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30215\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n;; WARNING: recursion requested but not available\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 1232\n;; QUESTION SECTION:\n;news.kifarunix-demo.com.\tIN\tA\n\n;; ANSWER SECTION:\nnews.kifarunix-demo.com. 120\tIN\tA\t192.168.58.45\n\n;; Query time: 4 msec\n;; SERVER: 192.168.57.3#53(192.168.57.3) (UDP)\n;; WHEN: Tue Jul 25 20:23:57 UTC 2023\n;; MSG SIZE  rcvd: 68\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">nslookup ns1.kifarunix-demo.com<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nServer:\t\t192.168.57.3\nAddress:\t192.168.57.3#53\n\nName:\tns1.kifarunix-demo.com\nAddress: 192.168.57.3\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">host ns1.kifarunix-demo.com<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">ns1.kifarunix-demo.com has address 192.168.57.3<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-client-reverse-dns-resolution\">Verify Client Reverse DNS Resolution<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">dig -x 192.168.57.3 +short<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">ns1.kifarunix-demo.com.<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">nslookup 192.168.57.3<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">3.57.168.192.in-addr.arpa name = ns1.kifarunix-demo.com.<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">host 192.168.57.3<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">3.57.168.192.in-addr.arpa domain name pointer ns1.kifarunix-demo.com.<\/pre>\n\n\n\n<p>Beautiful. In our next guide, we will learn how to manage PowerDNS using a web tool called PowerDNS Admin (link is provided below).<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/easily-install-and-setup-powerdns-admin-on-ubuntu-20-04\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Easily Install and Setup PowerDNS Admin on Ubuntu 20.04<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reference\">Reference<\/h3>\n\n\n\n<p><a aria-label=\"PowerDNS Authoritative Nameserver (opens in a new tab)\" href=\"https:\/\/doc.powerdns.com\/authoritative\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">PowerDNS Authoritative Nameserver Documentatio<\/a><a href=\"https:\/\/doc.powerdns.com\/authoritative\/\" target=\"_blank\" aria-label=\"PowerDNS Authoritative Nameserver (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">n<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"related-tutorials\">Related Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-local-dns-server-using-dnsmasq-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Local DNS Server using Dnsmasq on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-caching-only-dns-server-using-bind9-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our tutorial on how to easily install and setup PowerDNS on Ubuntu 20.04. PowerDNS &#8220;is a premier supplier of open source DNS software,<\/p>\n","protected":false},"author":1,"featured_media":18096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[971,121,972],"tags":[2757,136,2760,974,2759,2761,2758,1200],"class_list":["post-7092","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dns","category-howtos","category-powerdns","tag-install-powerdns-on-ubuntu-20-04","tag-mariadb","tag-powerdn-reverse-zone","tag-powerdns","tag-powerdns-forward-zone","tag-powerdns-mariadb-database","tag-setup-powerdns-on-ubuntu-20-04","tag-ubuntu-20-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7092"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=7092"}],"version-history":[{"count":16,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7092\/revisions"}],"predecessor-version":[{"id":21539,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7092\/revisions\/21539"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/18096"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=7092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=7092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=7092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}