It’s been a while since I wrote about PowerDNS, but I recently had the opportunity to look at the BIND backend. This backend enables PowerDNS to serve BIND-format zone files – which is a boon for any migration from BIND to PowerDNS. The BIND backend also supports serving DNSSEC RRs.
In this article, I will cover the installation of the latest version of PowerDNS Authoritative Server on a pair of CentOS 7.1 hosts – one set up as a master (centos-ns1) and the other as a slave (centos-ns2). Both of these servers will use the BIND backend. I’ll cover setting up these servers to run under
systemd, and appropriate firewall configuration using
firewall-cmd. Read my previous article for more detail on PowerDNS, the MySQL backend, chroot-ing the installation, and other topics.
I have been an avid PowerDNS Authoritative Server (hereafter referred to as PowerDNS – there is also a separate Recursor available that we shall ignore for now – both available at http://www.powerdns.com) user since early in the 2.x series of releases. I replaced a global BIND infrastructure with PowerDNS for many reasons – instant provisioning to an easily replicated MySQL backend being the main one. PowerDNS is also RFC-compliant, powerful, and reliable.
The infrastructure I commissioned served well over 200,000 zones across three nameserver sites – each site receiving well over 100,000,000 queries per day. Two servers at each site, each with their own MySQL backend, replicated to from a hidden MySQL master to which we provisioned, handled this load with ease. Of course, this will depend entirely on the server specifications you use to host PowerDNS. PowerDNS offers support for multiple backends, however MySQL suits my needs well – I’m familiar with it, it’s more suited to DNS provisioning than LDAP (IMHO) and supports native replication (unlike PostgreSQL).
Rather than hacking a provisioning solution around BIND 9, moving to PowerDNS provided a technical advantage as well as a business advantage – customers could have their DNS data provisioned near-instantly – something that BIND 9 with a large number of zones and a cron’d rndc reconfig/reload would not achieve. PowerDNS 3.x introduces support for DNSSEC, something PowerDNS 2.x didn’t have – so it’s time to move to PowerDNS 3.x where possible.
I will use this article to walk through an installation of PowerDNS 3.2 from source on CentOS 6.3, perform basic configuration, load a basic zone, and serve the zone data authoritatively. This article will only scrape the surface of what PowerDNS has to offer, and further articles will be written in due course to cover interesting concepts in finer detail.
Have a good read over the manual available on the PowerDNS documentation site (http://doc.powerdns.com) too.