PowerDNS and recursion

Tue, 20/02/2007 - 10:18 by pariviere   Tags:

These days I needed to install a small DNS architecture for internal purpose. Criteria choise for the DNS server were:

  • simple
  • possibility to use a LDAP directory for zones definition
  • and foremost, available via apt

After "apt-cache search" a bit, I found PowerDNS which seems to provide all the functionnalities I needed. Bind9 DNS server seems not to provide LDAP support without patch.

$ sudo aptitude install pdns-server pdns-recursor pdns-backend-ldap

pdns-recursor package is important because it will allow to PowerDNS to call other DNS servers for queries it can not handle.

LDAP configuration is really simple and the online doc is just enough. But I needed to search a bit before understood how PowerDNS interacts with the recursor. Finally it pretty simple:

  • use PowerDNS just as a DNS server
  • allow recursion on local interfaces
  • give PowerDNS IP and port for recursor
  • launch recursor

In the /etc/powerdns/pdns.conf file

allow-recursion=127.0.0.1 10.1.10.0/24
allow-recursion-override=on
recursor=127.0.0.1:5353

Then for /etc/powerdns/recursor.conf

allow-from=127.0.0.0/8
local-port=5353
local-address=127.0.0.1

Finally start the whole thing

$ sudo /etc/init.d/pdns restart

Restarting PowerDNS authoritative nameserver: stopping and waiting..done
Starting PowerDNS authoritative nameserver: started
$ sudo /etc/init.d/pdns-recursor restart
Restarting PowerDNS recursor: pdns-recursorFeb 19 23:17:12 PowerDNS recursor 3.1.4 (C) 2001-2006 PowerDNS.COM BV (Nov 12 2006, 23:19:09, gcc 4.1.2 20061028 (prerelease) (Debian 4.1.1-19)) starting up
Feb 19 23:17:12 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Feb 19 23:17:12 Operating in 32 bits mode
Feb 19 23:17:12 Only allowing queries from: 127.0.0.0/8
Feb 19 23:17:12 Inserting rfc 1918 private space zones
Feb 19 23:17:12 Listening for UDP queries on 127.0.0.1:5353
Feb 19 23:17:12 Listening for TCP queries on 127.0.0.1:5353
Feb 19 23:17:12 Done priming cache with root hints
Feb 19 23:17:12 Calling daemonize, going to background

»

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.