Comprehensive Guide To Install PowerDNS on Debian 11

This comprehensive guide, brought to you by Orcacore, will walk you through the process of installing PowerDNS on Debian 11. You’ll also learn how to set up PowerAdmin, a web-based interface, to manage your DNS server efficiently. Let’s dive in!

PowerDNS (pdns) is an open-source authoritative DNS server, offering a robust alternative to the traditional BIND (named) DNS server. Known for its superior performance and minimal memory footprint, PowerDNS supports a wide array of backends. These range from simple zone files to sophisticated database setups, accommodating various SQL platforms like MySQL, MariaDB, Oracle, and PostgreSQL.

PowerDNS Admin provides a user-friendly web interface for managing PowerDNS. Unlike older front-end applications that directly interacted with the PowerDNS database, PowerDNS Admin leverages the PowerDNS application programming interface (API), introduced in more recent versions of PowerDNS, for a more secure and maintainable approach. This guide will show you how to get it up and running with PowerDNS on Debian 11.

Steps To Install PowerDNS and PowerDNS Admin on Debian 11

Before we begin, ensure you’re logged into your Debian 11 server as a non-root user with sudo privileges. If needed, refer to our guide on Initial Server Setup with Debian 11 for assistance.

Additionally, ensure you have a domain name pointed to your server’s IP address.

1. Install MariaDB for PowerDNS Setup

We’ll be using MariaDB as the backend storage for PowerDNS zone files.

First, update your local package index:

sudo apt update

Next, install the necessary packages and dependencies:

sudo apt install software-properties-common gnupg2 curl git -y

Install MariaDB on Debian 11:

sudo apt install mariadb-server mariadb-client

Start and enable the MariaDB service:

# sudo systemctl start mariadb
# sudo systemctl enable mariadb

Create PowerDNS Database

Log in to the MariaDB shell:

sudo mysql -u root

Create a PowerDNS database (we’ll name it powerdb):

MariaDB [(none)]> CREATE DATABASE powerdb;

Create a PowerDNS user and grant all privileges to it (we’ll name it poweruser. Remember to choose a strong password):

MariaDB [(none)]> GRANT ALL ON powerdb.* TO 'poweruser'@'%' IDENTIFIED BY 'password';

Flush privileges and exit the MariaDB shell:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT

2. Disable systemd-resolved Service on Debian 11

systemd-resolved is a system service that provides network name resolution to local applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR and MulticastDNS resolver and responder.

Disable and stop the systemd-resolved service:

# sudo systemctl stop systemd-resolved
# sudo systemctl disable systemd-resolved

Remove the symbolic link for the /etc/resolv.conf file:

# ls -lh /etc/resolv.conf
#-rw-r--r-- 1 root root 102 Nov  6 05:11 /etc/resolv.conf
# sudo unlink /etc/resolv.conf

Update the /etc/resolv.conf file:

echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

3. Install PowerDNS on Debian 11

Install PowerDNS from the APT repository:

sudo apt install pdns-server pdns-backend-mysql -y

After installation, configure your PowerDNS database.

4. Configure PowerDNS Database on Debian 11

Import the PowerDNS database schema using the PowerDNS user and database created earlier:

mysql -u poweruser -p powerdb < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql

Configure the PowerDNS connection details to the database. Create and open the file:

sudo vi /etc/powerdns/pdns.d/pdns.local.gmysql.conf

Add the following lines, replacing the placeholders with your PowerDNS database values:

# MySQL Configuration
# Launch gmysql backend
launch+=gmysql
# gmysql parameters
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=powerdb
gmysql-user=poweruser
gmysql-password=password
gmysql-dnssec=yes
# gmysql-socket=

Save and close the file. Set the correct ownership and permissions:

# sudo chown pdns: /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# sudo chmod 640 /etc/powerdns/pdns.d/pdns.local.gmysql.conf

Verify your PowerDNS database connection:

# sudo systemctl stop pdns.service
# sudo pdns_server --daemon=no --guardian=no --loglevel=9

You should see output similar to the image provided in the original article, indicating a successful database connection.

Start and Enable PowerDNS Service

Start and enable the PowerDNS service:

# sudo systemctl restart pdns
# sudo systemctl enable pdns

Check PowerDNS Port

Verify that port 53 is open for PowerDNS:

sudo ss -alnp4 | grep pdns

You should see output similar to the image provided in the original article.

Check if PowerDNS is responding to requests:

dig @127.0.0.1

You should see output similar to the image provided in the original article, confirming that PowerDNS is functioning correctly. Now the installation of PowerDNS on Debian 11 is complete.

5. Install PowerDNS Admin on Debian 11

PowerDNS Admin provides a web-based interface for managing your PowerDNS server.

Install Required Packages for PowerAdmin

Install the Python development package:

sudo apt install python3-dev -y

Install the required build tools:

sudo apt install libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv python3-venv build-essential libmariadb-dev git python3-flask -y

Install Node.js on Debian 11:

# curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
# sudo apt install -y nodejs

Install Yarn:

# curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
# echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list

# sudo apt update
# sudo apt install yarn -y

Clone PowerDNS Admin Source Code

Clone the PowerDNS Admin source code:

# sudo su -
# git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /var/www/html/pdns

Create a Virtual Environment

Switch to the /var/www/html/pdns/ directory and create a virtual environment:

# cd /var/www/html/pdns/
# virtualenv -p python3 flask

Activate the environment and install the libraries specified in requirements.txt:

# source ./flask/bin/activate
# pip install --upgrade pip
# pip install -r requirements.txt

Deactivate the environment:

deactivate

Configure PowerDNS Admin Connection to PowerDNS Database

Edit the following file:

vi /var/www/html/pdns/powerdnsadmin/default_config.py

Find the lines below and update them with your PowerDNS database details:

### DATABASE CONFIG
SQLA_DB_USER = 'poweruser'
SQLA_DB_PASSWORD = 'password'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_NAME = 'powerdb'
SQLALCHEMY_TRACK_MODIFICATIONS = True
....

Save and close the file.

Create a Database Schema

Run the following commands:

# cd /var/www/html/pdns/
# source ./flask/bin/activate
# export FLASK_APP=powerdnsadmin/__init__.py
# flask db upgrade

You should see output similar to the image provided in the original article.

Generate the asset files using Yarn:

# yarn install --pure-lockfile
# flask assets build

Deactivate your virtual environment:

deactivate

6. Enable PowerDNS API Access on Debian 11

Edit the following file to enable PowerDNS API access:

sudo vi /etc/powerdns/pdns.conf

Find the sections below and add the following lines:

# api   Enable/disable the REST API (including HTTP listener)
#
# api=no
api=yes

#################################
# api-key       Static pre-shared authentication key for access to the REST API
#
# api-key=
api-key=3ce1af6c-981d-4190-a559-1e691d89b90e #You can generate one from https://codepen.io/corenominal/pen/rxOmMJ

Save and close the file. Restart PowerDNS to apply the changes:

sudo systemctl restart pdns

7. Create PowerDNS Admin Virtual Host File on Debian 11

Install Nginx:

sudo apt install nginx

Create and open a PowerDNS virtual host file:

sudo vi /etc/nginx/conf.d/powerdns-admin.conf

Add the following content to the file:

server {
  listen  *:80;
  server_name               your-domain-name;

  index                     index.html index.htm index.php;
  root                      /var/www/html/pdns;
  access_log                /var/log/nginx/pdnsadmin_access.log combined;
  error_log                 /var/log/nginx/pdnsadmin_error.log;

  client_max_body_size              10m;
  client_body_buffer_size           128k;
  proxy_redirect                    off;
  proxy_connect_timeout             90;
  proxy_send_timeout                90;
  proxy_read_timeout                90;
  proxy_buffers                     32 4k;
  proxy_buffer_size                 8k;
  proxy_set_header                  Host $host;
  proxy_set_header                  X-Real-IP $remote_addr;
  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size    64;

  location ~ ^/static/  {
    include  /etc/nginx/mime.types;
    root /var/www/html/pdns/powerdnsadmin;

    location ~*  .(jpg|jpeg|png|gif)$ {
      expires 365d;
    }

    location ~* ^.+.(css|js)$ {
      expires 7d;
    }
  }

  location / {
    proxy_pass            http://unix:/run/pdnsadmin/socket;
    proxy_read_timeout    120;
    proxy_connect_timeout 120;
    proxy_redirect        off;
  }

}

Save and close the file. Rename the default Nginx file:

sudo mv /etc/nginx/sites-enabled/default{,.old}

Check the syntax of your created file:

nginx -t

You should see the "ok" and "successful" output.

Set the correct ownership for the file:

sudo chown -R www-data: /var/www/html/pdns

Restart Nginx to apply the changes:

sudo systemctl restart nginx

8. Manage PowerDNS Admin on Debian 11

Create a system unit file for PowerDNS Admin:

sudo vi /etc/systemd/system/pdnsadmin.service

Add the following content to the file:

[Unit]
Description=PowerDNS-Admin
Requires=pdnsadmin.socket
After=network.target

[Service]
PIDFile=/run/pdnsadmin/pid
User=pdns
Group=pdns
WorkingDirectory=/var/www/html/pdns
ExecStart=/var/www/html/pdns/flask/bin/gunicorn --pid /run/pdnsadmin/pid --bind unix:/run/pdnsadmin/socket 'powerdnsadmin:create_app()'
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Save and close the file.

Create a socket file for PowerDNS Admin:

sudo vi /etc/systemd/system/pdnsadmin.socket

Add the following content to the file:

[Unit]
Description=PowerDNS-Admin socket

[Socket]
ListenStream=/run/pdnsadmin/socket

[Install]
WantedBy=sockets.target

Save and close the file.

Next, create an environment file:

# mkdir /run/pdnsadmin/
# echo "d /run/pdnsadmin 0755 pdns pdns -" >> /etc/tmpfiles.d/pdnsadmin.conf

Set the correct permissions for it:

# chown -R pdns: /run/pdnsadmin/
# chown -R pdns: /var/www/html/pdns/powerdnsadmin/

Finally, reload the system daemon:

sudo systemctl daemon-reload

Start and enable the PowerDNS Admin service:

sudo systemctl enable --now pdnsadmin.service pdnsadmin.socket

Verify your PowerDNS Admin is active and running:

#sudo systemctl status pdnsadmin.service
#sudo systemctl status pdnsadmin.socket

You should see the status as active (running).

9. Access PowerDNS Admin Dashboard via Web Interface

Access your PowerDNS Admin web interface by typing your server’s IP or domain name in your web browser:

http://domain_name
or
http://IP_address

Create the admin user account and log in. Provide the PowerDNS API URL to connect to PowerDNS and manage it.

You should see the PowerDNS admin dashboard. You’ve successfully configured PowerDNS on Debian 11 and PowerDNS Admin!

Conclusion

You have successfully learned how to Install PowerDNS on Debian 11 and PowerDNS Admin. You can now leverage PowerDNS’s power and flexibility, managed through the convenient web UI of PowerDNS Admin.

Alternative Solutions

While the above method is a well-established approach, here are two alternative ways to achieve similar results, each with its own advantages and disadvantages:

1. Using Docker Containers:

Docker allows you to containerize PowerDNS and PowerAdmin, simplifying deployment and management. This approach offers isolation, portability, and easier scaling.

• Explanation: Instead of installing PowerDNS and its dependencies directly on the Debian 11 host, you can use Docker to create containers for both PowerDNS and PowerAdmin. These containers encapsulate all the necessary software and libraries, ensuring consistent behavior across different environments. Docker Compose can then be used to orchestrate the deployment of these containers, defining the relationships and configurations between them.

• Example docker-compose.yml:

version: "3.8"
services:
  powerdns:
    image: powerdns/pdns-server:latest # Or a specific version
    environment:
      PDNS_API: "yes"
      PDNS_API_KEY: "your_api_key"
      PDNS_BACKEND: "mysql"
      PDNS_DATABASE_HOST: "db"
      PDNS_DATABASE_NAME: "powerdb"
      PDNS_DATABASE_USER: "poweruser"
      PDNS_DATABASE_PASSWORD: "password"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    depends_on:
      - db
  poweradmin:
    image: ngoduykhanh/powerdns-admin:latest
    ports:
      - "8080:80"
    environment:
      APPLICATION_SETTINGS: "config.DevelopmentConfig"
      SQLALCHEMY_DATABASE_URI: "mysql+pymysql://poweruser:password@db/powerdnsadmin"
      PDNS_API_URL: "http://powerdns:8081"
      PDNS_API_KEY: "your_api_key"
    depends_on:
      - powerdns
      - db
  db:
    image: mariadb:latest
    environment:
      MYSQL_ROOT_PASSWORD: "root_password"
      MYSQL_DATABASE: "powerdb"
      MYSQL_USER: "poweruser"
      MYSQL_PASSWORD: "password"
    volumes:
      - db_data:/var/lib/mysql
volumes:
  db_data:

*   This example sets up PowerDNS, PowerAdmin, and MariaDB in separate containers. Adjust the environment variables to match your desired configuration. `docker-compose up -d` would then be used to start all of these containers.

2. Using a Managed DNS Service (Cloudflare, AWS Route 53, etc.):

For many users, the complexity of managing their own DNS server is not necessary. Managed DNS services offer a simplified, highly available, and scalable solution.

• Explanation: Instead of hosting your own PowerDNS server, you delegate your domain’s DNS management to a specialized provider like Cloudflare or AWS Route 53. These services handle all the underlying infrastructure, security, and performance optimizations. You interact with their web interfaces or APIs to create and manage your DNS records.

• Advantages:

  • High Availability: Managed DNS services are designed for redundancy and uptime, ensuring your domain remains accessible even during outages.
  • Scalability: They can handle massive traffic spikes without performance degradation.
  • Security: They often include built-in DDoS protection and DNSSEC support.
  • Simplified Management: You don’t have to worry about server maintenance, patching, or scaling.
  • Geographic Distribution: Many offer globally distributed DNS servers for faster resolution times.

• Code Example (AWS CLI for Route 53 – Creating a DNS Record):

aws route53 change-resource-record-sets 
    --hosted-zone-id ZXXXXXXXXXXXXXXX 
    --change-batch '{
        "Changes": [
            {
                "Action": "CREATE",
                "ResourceRecordSet": {
                    "Name": "www.example.com",
                    "Type": "A",
                    "TTL": 300,
                    "ResourceRecords": [
                        {
                            "Value": "192.0.2.1"
                        }
                    ]
                }
            }
        ]
    }'

*   This command creates an A record for `www.example.com` pointing to the IP address `192.0.2.1`.  Replace `ZXXXXXXXXXXXXXXX` with your Route 53 hosted zone ID. While not a full-fledged installation, this illustrates the interaction with a managed DNS service via its API.

These alternative solutions provide different approaches to DNS management, catering to varying levels of technical expertise and infrastructure requirements. The original article details a robust solution for those wanting full control, while these alternatives offer ease of use or scalability.