External PowerDNS Server Configuration

[mediumfriedchips]

Hello

I have set up an external PowerDNS Zone that I would like to run instead of the DirectAdmin DNS Zone, so let me explain

The PowerDNS is running okay, I have a master and a slave (2 different locations) and so I have disabled access to the clients from accessing the direct admin DNS zone editor as I would like them to only manage the zones from the external DNS zone editor I get for them.

So the issue I am facing is that the zones that are created from the direct admin DNS zone (e.g when someone creates a new subdomain) the records are pushed to the external PowerDNS server but it overwrites everything and changes the SOA as well as the nameservers of the domain in the powerDNS installation .

What I want is it to only copy the modified zones except the nameservers as well as the SOA records.

Any ideas how I can resolve this ?

 

[kristian]

Maybe I'm misunderstanding your problem, but if your DA servers already push the zones to your PowerDNS servers, why not make DA the hidden master (very common setup) and make sure the settings in the zone in DA is correct in regards to NS and SOA records? That way you'll only need to access DA for all the setup needs including DNS.

 

[Driesp]

Indeed, I can confirm what kristian says.

In our network, the DirectAdmin servers are dns master.
They hold the correct DNS zones, users can change their zones via DirectAdmin.

Our powerdns servers are the slave servers (or autoprimary as it is called in powerdns terms).

Kr
Dries

 

[Richard G]

@Driesp or @Active8 do you know any easy to set up guide (preferable in Dutch) for PowerDNS? Or just look at Youtube video's?
What is best to use (uses less resources) mysql or postrgresql or something?
I also wonder if we can run it on a same small server as Directslave can or if it requires more resources.

 

[Active8]

@Richard G I had used this guide and this one in the past to setup PowerDNS on an cheap VPS

After install is finished( including PowerAdmin GUI) :

1. Alter the NS template for the 3th nameserver like mentioned here:

General DNS | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

2. I made this change in config pdns: (/etc/pdns/pdns.conf)
slave=yes
master=no
disable-axfr=yes
slave-cycle-interval=60

3. Added : Config vhost : (/etc/httpd/conf/httpd.conf)

<VirtualHost *:80>
ServerName ns3.myservername.nl
DocumentRoot /var/www/html
</VirtualHost>

4. Add an A (and AAAA if you are using ipv6) record for ns3 in myservername.nl dns
e.g. NS3 A 185.185.185.185
(for new sites this will be added automatically because of the ns template)

5. Add this in named.conf of your DA server :
// Eigen DNS BEGIN
allow-transfer {185.185.185.185; };
notify yes;
also-notify {185.185.185.185; };

Where the 185.185.185.185 is the ip adres of your PowerDNS server

6. Add your server in the "Supermasters" section of PowerDNS and you are good to go

7. For the security I have installed CSF with restrictions, I can share the setup by PM if needed

 

[Richard G]

Great, thanks @Active8 I will have a look at it and see if I can use it too instead of Directslave maybe. If PDNS is not using too many resources.
Got 8 GB ram and 200 GB disk space and I believe 4 vCpu cores.

 

[Active8]

if PDNS is not using too many resources.

This is working on a VPS with 1 vcore and 756 MB with 15 GB HD space so dont bother the resources

 

[Richard G]

Oh LoL indeed. thanks!

@mediumfriedchips sorry for the short off-topic part in your topic.

 

[Driesp]

In addition to active8's configuration examples.
If you use IPv6 dualstack for your nameservers, you need to use 'notify explicit' in place of 'notify yes'.
Notify explicit will only notify explicitly to the IP addresses listed in also-notify.
I am using ipv4 only for notifications and dns zone transfers.
If you use notify yes, bind could notify over ipv6, and in that case you need to specify the IPv6 addresses in the supermasters mysql table of the pdns server.

This is my pdns.conf configuration file.

daemon=yes

launch=gmysql
gmysql-host=localhost
gmysql-user=your-mysql-username-here
gmysql-password=your-mysql-password-here
gmysql-dbname=your-mysql-database-here

secondary=yes
autosecondary=yes
allow-axfr-ips=127.0.0.1
disable-axfr=yes

local-address=0.0.0.0,::
max-tcp-connections=100

version-string=anonymous

webserver=yes
webserver-address=::
webserver-password=change-password-here
webserver-port=8080
webserver-allow-from=your-ip-range-here

I am also using packet cache and query cache.
Only use this if you know what you are doing. Because you need to run a cronscript to purge the cache when a zone transfer has happened.
A packet cache and query cache prevents your server to go down when a DDOS happens.
A DDOS could overload your mysql backend quickly. A cache like this configuration will help to a degree.

 

[Marius B]

@Active8 did you used Poweradmin or PowerDNS-Admin GUI ?

 

[Active8]

PowerDNS+Admin GUI (its part of the Poweradmin)

 

[DrWizzle]

I have to ask, on several occasions i've attempted to install PowerDNS + PowerAdmin and its gone tits up so naturally, i give up.

What's the secret? As the current docs advise Ubuntu 22.04, and even that doesn't work!
Just asking, not as I want to use, as I don't. Others might need specific DA install / integration instructions

 

[Marius B]

Where you got stuck ?

 

[DrWizzle]

Where you got stuck ?

At the Admin panel installation. I can spin up a server that has PDNS working in a few seconds.

To be fair, for a few dollars, I'm happy paying for a couple of DA licenses to run an extra 2 DNS servers, and have them run well. My DirectSlave servers still work, but not with the same authority as the multiserver DNS setup through DA.

 

[Marius B]

Same, i try to install PowerDNS-Admin not PowerAdmin and i get stuck with an error with sqlalchemy..

 

[DrWizzle]

Things like this, you need an active community that talk to each other, or at least leave notes. Software OS Distro's evolve, projects get left behind and abandoned far to often. Shame as there's some promising freemium stuff out there!!

 

[Marius B]

Yea, i tried for 6 hours but i give up. I used Almalinux not Ubuntu.

 

[DrWizzle]

I'm the polar opposite. I'm a Ubuntu Pro user, only ever used Alma for DirectSlave.

For me, I'm happy with my DirectSlave VPS setups for my personal projects. If they tank, I can have them up again in a day or 2. Not important! For Customer Sites and mission critical shit, I'll pay the $10 a month for 2 DA personal plus licenses. At least all the servers talk to each other, even if it is ephemeral.

Past 6 months i've considered allsorts, tried allsorts with tens of VPS instances, and still come back to DirectAdmin. I honestly can't beat it, trump it for the price.

Plus the learning curve here is amazing. I've been using DA for near on 5 years now and got right into the nuts and bolts of it all. It's a great active community, and to be honest when this lot sell out, i'm done with hosting (and by then i'll be retired anyways!!)

 

[Marius B]

I run same setup, directadmin is great but if they had something like cpanel dnsonly, i'm sure many would migrate to directadmin.

 

[DrWizzle]

I run same setup, directadmin is great but if they had something like cpanel dnsonly, i'm sure many would migrate to directadmin.

I did mention this and enquire a few months ago. And being fair, it's really $5 per Nameserver if you use main DA Install also. $60 a year.

Free with cPanel and their DNS Only Package, but if you're paying $30+ per month for a few accounts and $15 for example on DA , you can see you're saving even though DA charge.

I'd like to see DA "Cluster" plans. DNS Clusters, Server Clusters, Email and SQL Clusters, Backup clusters. That would be a f**king game changer!!!