alphanumeric3's website

Trying out PowerDNS

In this post, I’m going to set up PowerDNS Authoritative Server on Alpine Linux for my virtual lab. Alpine Linux is a lightweight Linux distribution, and PowerDNS is a widely known DNS server software.

It’ll mainly be used to resolve .an3 domains for the virtual network.

Setup

First I need to install PowerDNS (do not forget pdns-doc, otherwise you won’t have database schemas):

doas apk update
doas apk upgrade
doas apk add pdns pdns-doc

I’m using SQLite3 to store my data, so I need to initialise the database and make sure PowerDNS can access it:

doas mkdir -p /var/lib/powerdns
doas sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns/schema.sqlite3.sql
doas chown -R pdns:pdns /var/lib/powerdns

And before starting the server, it needs to be configured in /etc/pdns/pdns.conf to use the database:

launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3

doas rc-service pdns start

To test if it works, try making a query. It should respond with REFUSED since there are no zones to serve yet.

$ dig +noall +comments @192.168.122.95
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 3113
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232

You can also check the version over DNS!

$ dig +short version.bind ch txt @192.168.122.95
"PowerDNS Authoritative Server 4.9.2 (built Oct  3 2024 12:46:06 by buildozer@localhost)"

My first zone

Time to create a zone. On the server, I used pdnsutil to create one named after me - alphanumeric3, with ns1 as the primary.

pdns:~$ doas pdnsutil create-zone an3 ns1.an3
Creating empty zone 'an3'
Also adding one NS record
pdns:~$ doas pdnsutil list-zone an3
$ORIGIN .
an3     3600    IN      NS      ns1.an3
an3     3600    IN      SOA     a.misconfigured.dns.server.invalid hostmaster.an3 0 10800 3600 604800 3600

(Note: while I doubt my made up TLD will be registered for the global internet, it could still happen. Buying a domain or using a reserved name like .home.arpa is a safer idea.)

The zone is working!

$ dig +short an3 NS @192.168.122.95
ns1.an3.

However, there are two problems.

The SOA (Start of Authority) record is wrong and says the primary is a.misconfigured.dns.server.invalid.

This is the default content and needs to be corrected with pdnsutil replace-rrset:

pdns:~$ doas pdnsutil replace-rrset an3 '' SOA 3600 "ns1.an3 hostmaster.an3 1 10800 3600 604800 3600"
Current records for an3 IN SOA will be replaced
New rrset:
an3. 3600 IN SOA ns1.an3 hostmaster.an3 1 10800 3600 604800 3600

You may notice I bumped the serial from 0 to 1. I don’t have any secondary nameservers (yet!), but if I did have any, this would tell them that the zone has changed.

Also, ns1.an3 points nowhere, so I need to make an A record for it:

pdns:~$ doas pdnsutil add-record an3 ns1 a 192.168.122.95
New rrset:
ns1.an3. 3600 IN A 192.168.122.95

Which works!

$ dig ns1.an3 @192.168.122.95 +short
192.168.122.95

What’s next?

So I set up PowerDNS Authoritative Server and am now the proud owner of .an3, at least if you’re using my computer.

But that’s not much. Next I plan to set up a secondary, automate the setup of secondaries, and use fun PowerDNS features like Lua records and the REST API.

Until the next post, see you!