Difference between revisions of "SdNOG DNS infrastructure"
(Created page with "= SDNOG DNS Structure Using PowerDNS = == Overview == The SDNOG DNS infrastructure is designed for high availability and reliability. It consists of a hidden master DNS serv...") |
|||
| (12 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:sdnog]] | ||
| + | [[Category:SdNOG_KnowBase]] | ||
| + | |||
= SDNOG DNS Structure Using PowerDNS = | = SDNOG DNS Structure Using PowerDNS = | ||
| − | |||
== Overview == | == Overview == | ||
| Line 10: | Line 12: | ||
=== Hidden Master DNS Server === | === Hidden Master DNS Server === | ||
| − | '''Role''': Manages DNS zone files and makes updates. This server is not publicly accessible. | + | * '''Role''': Manages DNS zone files and makes updates. This server is not publicly accessible. |
| − | '''Software''': PowerDNS Authoritative Server | + | * '''Software''': PowerDNS Authoritative Server |
| − | '''Responsibilities''': Primary source for DNS data, handles updates, and replicates changes to secondary servers. | + | * '''Responsibilities''': Primary source for DNS data, handles updates, and replicates changes to secondary servers. |
| − | '''Access''': Users do not interact with this server directly. Zone management is done through the PowerDNS web GUI. | + | * '''Access''': Users do not interact with this server directly. Zone management is done through the PowerDNS web GUI "https://powerdns.sdnog.sd". |
| + | |||
=== Public Secondary DNS Servers === | === Public Secondary DNS Servers === | ||
| − | '''Role''': Serve DNS records to the public, providing redundancy and load balancing. | + | * '''Role''': Serve DNS records to the public, providing redundancy and load balancing. |
| − | '''Software''': PowerDNS Authoritative Server | + | * '''Software''': PowerDNS Authoritative Server |
| − | '''Responsibilities''': Retrieve and serve DNS data from the master server. | + | * '''Responsibilities''': Retrieve and serve DNS data from the master server. |
| − | '''DNS Names''': ns1.hosting.sdnog.sd | + | * '''DNS Names''': |
| + | - ns1.hosting.sdnog.sd <br> | ||
| + | - ns2.hosting.sdnog.sd <br> | ||
| + | |||
== User Interaction == | == User Interaction == | ||
| Line 37: | Line 43: | ||
<code> | <code> | ||
sudo apt update | sudo apt update | ||
| − | sudo apt install pdns-server pdns-backend- | + | sudo apt install pdns-server pdns-backend-mysql |
</code> | </code> | ||
| − | + | follow this page to setup DB: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-powerdns-with-a-mariadb-backend-on-ubuntu-14-04 | |
=== 2. Configure the Hidden Master DNS Server === | === 2. Configure the Hidden Master DNS Server === | ||
| Line 58: | Line 64: | ||
==== Set Up the Database ==== | ==== Set Up the Database ==== | ||
| − | Configure the database connection in /etc/powerdns/pdns.conf. For | + | Configure the database connection in /etc/powerdns/pdns.conf. For mysql: |
| + | |||
| + | <code> | ||
| + | mysql -u powerdns_user -p | ||
| + | USE powerdns; | ||
| + | </code><br> | ||
| + | |||
| + | Next we will crate a new row in the supermasters table. This row will specify the master server IP address, and the Fully Qualified Domain Name (FQDN) of the slave server we are currently configuring.<br> | ||
| − | + | <code> | |
| − | + | insert into supermasters values ('111.111.111.111', 'ns2.example-dns.com', 'admin'); | |
| − | + | </code> | |
| − | |||
| − | |||
==== Add DNS Zones ==== | ==== Add DNS Zones ==== | ||
| Line 127: | Line 138: | ||
== Troubleshooting == | == Troubleshooting == | ||
| − | '''Check Logs''': Review logs in /var/log/syslog or /var/log/pdns.log for errors. | + | * '''Check Logs''': Review logs in /var/log/syslog or /var/log/pdns.log for errors. |
| − | '''Verify Connectivity''': Ensure all servers communicate properly and that firewalls are correctly configured. | + | * '''Verify Connectivity''': Ensure all servers communicate properly and that firewalls are correctly configured. |
| − | '''Zone Transfer Issues''': Confirm that allow-axfr-ips and notify-axfr-ips are set correctly. | + | * '''Zone Transfer Issues''': Confirm that allow-axfr-ips and notify-axfr-ips are set correctly. |
| − | == | + | |
| + | == How to mange your Zones using PowerDNS == | ||
| + | |||
| + | |||
| + | == How to link your Master DNS to SDNOG DNSs == | ||
| + | |||
| − | + | == Author == | |
| + | * '''Author''': [[User:Manhal.Mohamed|Manhal Mohamed]]'' , Sdnog Team | ||
Latest revision as of 11:58, 11 August 2024
Contents
- 1 SDNOG DNS Structure Using PowerDNS
- 1.1 Overview
- 1.2 Structure
- 1.3 User Interaction
- 1.4 Prerequisites
- 1.5 Step-by-Step Setup
- 1.6 Troubleshooting
- 1.7 How to mange your Zones using PowerDNS
- 1.8 How to link your Master DNS to SDNOG DNSs
- 1.9 Author
SDNOG DNS Structure Using PowerDNS
Overview
The SDNOG DNS infrastructure is designed for high availability and reliability. It consists of a hidden master DNS server and two publicly visible secondary DNS servers, all running PowerDNS. This structure ensures secure DNS management and effective load distribution.
Structure
Hidden Master DNS Server
- Role: Manages DNS zone files and makes updates. This server is not publicly accessible.
- Software: PowerDNS Authoritative Server
- Responsibilities: Primary source for DNS data, handles updates, and replicates changes to secondary servers.
- Access: Users do not interact with this server directly. Zone management is done through the PowerDNS web GUI "https://powerdns.sdnog.sd".
Public Secondary DNS Servers
- Role: Serve DNS records to the public, providing redundancy and load balancing.
- Software: PowerDNS Authoritative Server
- Responsibilities: Retrieve and serve DNS data from the master server.
- DNS Names:
- ns1.hosting.sdnog.sd
- ns2.hosting.sdnog.sd
User Interaction
Users need to contact their Domain provider (eg. for .sd domains contact Sudan Internet Society) to map their domain’s NS records to the SDNOG public secondary servers. They will manage their DNS zones using the PowerDNS web GUI provided by the hidden master server. Changes made in the master server are automatically replicated to the secondary servers.
Prerequisites
Three servers with PowerDNS installed: one hidden master and two public secondaries. Proper network configuration and access controls. Basic understanding of DNS and PowerDNS configuration.
Step-by-Step Setup
1. Install PowerDNS on All Servers
On each server (master and secondaries), install PowerDNS Authoritative Server. This example uses a Debian-based system:
sudo apt update
sudo apt install pdns-server pdns-backend-mysql
follow this page to setup DB: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-powerdns-with-a-mariadb-backend-on-ubuntu-14-04
2. Configure the Hidden Master DNS Server
Edit the PowerDNS Configuration File
Open /etc/powerdns/pdns.conf and configure the following parameters:
master=yes
allow-axfr-ips=IP_OF_SECONDARY1,IP_OF_SECONDARY2
webserver=yes
webserver-address=127.0.0.1
webserver-port=8081
Replace IP_OF_SECONDARY1 and IP_OF_SECONDARY2 with the IP addresses of the secondary servers. Ensure the web server is only accessible from internal IPs or localhost.
Set Up the Database
Configure the database connection in /etc/powerdns/pdns.conf. For mysql:
mysql -u powerdns_user -p
USE powerdns;
Next we will crate a new row in the supermasters table. This row will specify the master server IP address, and the Fully Qualified Domain Name (FQDN) of the slave server we are currently configuring.
insert into supermasters values ('111.111.111.111', 'ns2.example-dns.com', 'admin');
Add DNS Zones
Use the PowerDNS web GUI or pdnsutil tool to add and manage DNS zones:
pdnsutil create-zone example.com
pdnsutil add-record example.com www A 192.0.2.1
Restart PowerDNS
sudo systemctl restart pdns
3. Configure the Public Secondary DNS Servers
Edit the PowerDNS Configuration File
On each secondary server, open /etc/powerdns/pdns.conf and configure:
master=no
Set Up Zone Transfers
Configure the secondary servers to request zone transfers from the master server:
notify-axfr-ips=MASTER_IP
Replace MASTER_IP with the IP address of the hidden master server.
Reload DNS Zones
Use the pdnsutil tool to add the zones as secondary:
pdnsutil add-zone example.com ns1.hosting.sdnog.sd
Restart PowerDNS
sudo systemctl restart pdns
4. Update NS Records
Contact your Domain provider (eg.the Sudan Internet Society) to map your domain’s NS records to:
ns1.hosting.sdnog.sd ns2.hosting.sdnog.sd
5. Verify the Configuration
Test DNS resolution and replication using tools like dig:
dig @ns1.hosting.sdnog.sd example.com
dig @ns2.hosting.sdnog.sd example.com
Ensure that updates on the master are correctly replicated to the secondary servers.
Troubleshooting
- Check Logs: Review logs in /var/log/syslog or /var/log/pdns.log for errors.
- Verify Connectivity: Ensure all servers communicate properly and that firewalls are correctly configured.
- Zone Transfer Issues: Confirm that allow-axfr-ips and notify-axfr-ips are set correctly.
How to mange your Zones using PowerDNS
How to link your Master DNS to SDNOG DNSs
Author
- Author: Manhal Mohamed , Sdnog Team