Installation of PowerDNS and PowerAdmin on Ubuntu for Intranet DNS Server
VM:
Ubuntu LInux
1 Processor, 512MB, 20GB Disk Space w/thin deployment
1. Install Ubuntu:
a. Download and install the Ubuntu 16.04 server installable and connect the ISO to the VM's CDROM drive.
b. Add only SSH package / service.
2. Install Prerequisites.
$ sudo apt-get update && apt-get upgrade -y
a. Install MariaDB
$ sudo apt-get install software-properties-common
$ sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
$ sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu xenial main'
$ sudo apt update
$ sudo apt install mariadb-server
$ sudo apt-get -y install git python python-pip python-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev libdbd-mysql-perl libaio1 libdbi-perl mariadb-common mysql-common mariadb-server libnet-daemon-perl libplrpc-perl mariadb-client
Note: As the install proceeds, it will prompt for the MariaDB "root" user, enter a password for the db server.
For PHP 7, you can use the 7.0 that comes with Ubuntu 16.04 or use a ppa to get PHP 7.1. Below is to take the stock Ubuntu version.
$ sudo apt-get install php -y
$ sudo apt-get install mcrypt php7.0-mcrypt
$ sudo systemctl start php7.0-fpm
$ sudo systemctl enable php7.0-fpm
Verify running:
$ sudo systemctl status php7.0-fpm
Review the php.ini and update if needed:
$ vi /etc/php/7.0/fpm/php.ini
$ sudo systemctl restart php7.0-fpm
For PHP 7.1, add a ppa. Then issue similar to:
$ sudo apt-get install php7-fpm php7-cli php7-gd mcrypt php7-mysqlnd php7-mcrypt php-fpm php-mysql
Review the php.ini and update if needed:
$ vi /etc/php/7.1/fpm/php.ini
$ vi /etc/php/7.1/fpm/pool.d/www.conf
$ sudo systemctl restart php7.1-fpm
Test and set the server startup:
$ mysql -V
$ sudo systemctl start mariadb.service
$ sudo systemctl enable mariadb.service
b. Secure the server:
$ sudo /user/bin/mysql_secure_installation
Note:
Since you have already set the root password, answer "n" to the "Change root password" prompt.
At the "Remove anonymous users" prompt, answer "Y".
At the "Disallow root login remotely" prompt, answer "Y".
At the "Remove test database and access to it" prompt, answer "Y".
At the "Reload privilege tables now" prompt, answer "Y".
c. Update the log size if desired, and change so it listens on all IPs and names if desired:
$ sudo service mysql stop
$ sudo rm -f /var/lib/mysql/ib_logfile*
$ sudo vi /etc/mysql/my.cnf
Under the *InnoDB section, add or uncomment the following line, and save the file.
innodb_log_file_size = 64M
Update the bind-address line so it is commented out:
# bind-address = 127.0.0.1
$ sudo service mysql start
3. Install PowerDNS:
a. Install the PowerDNS server and the connector for mySQL:
$ sudo apt-get install pdns-server pdns-backend-mysql
Note: If you get a conflict on the client, run $ sudo apt-get -f purge mysql-client.
Note: Select "Yes" to configure the database.
i. Enter the MariaDB/mySQL root password entered in 2a above.
ii. Add the new PowerDNS for the backend user and write down its password.
b. Add the PowerDNS database:
$ sudo mysql -u root -p
<enter the MariaDB/mySQL root password you created in step 2a>
We will use powerdns as the database name, and powerdns_user as its database admin id. Enter the following commands with the trailing ";":
> CREATE DATABASE powerdns;
> GRANT ALL ON powerdns.* TO 'powerdns_user'@'localhost' IDENTIFIED BY 'newpasswordforthisuser';
> FLUSH PRIVILEGES;
> USE powerdns;
Create the tables per the current version of PowerDNS documentation. It should look like this:
> CREATE TABLE domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
);
> CREATE UNIQUE INDEX name_index ON domains(name);
> CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
);
> CREATE INDEX rec_name_index ON records(name);
> CREATE INDEX nametype_index ON records(name,type);
> CREATE INDEX domain_id ON records(domain_id);
> CREATE TABLE supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);
> \q
c. Update the /etc/powerdns/pdns.d/pdns.local.gmysql.conf file and update for the database and the database user created.
$ sudo vi /etc/powerdns/pdns.d/pdns.local.gmysql.conf
gmysql-host=localhost
gmysql-dbname=powerdns
gmysql-user=powerdns_user
gmysql-password=newpasswordforthisuser
d. Start the service and verify running okay.
$ sudo service pdns restart
$ sudo service pdns status
or
$ netstat -tap | grep pdns
You should get a result saying it is listen on port 5525
e. verify that the server can use the PowerDNS server:
$ dig @localhost
or
$ dig @127.0.0.1
The output should return, 1 server found, and give the query time, and the message info received.
4. Install PowerAdmin Prerequisites:
a. Install nginx.
$ sudo apt-get install nginx
b. Set-up the site in sites-available, and sites-enabled.
$ sudo vi /etc/nginx/sites-available/pdns.mwdnsint
Add your server config. Ours is named pdns.mwdnsint:
server {
server_name pdns.mwdnsint dnsint.mindwatering.local 192.168.99.99;
listen 80;
root /var/www/html/pdns.mwdnsint;
access_log /var/log/nginx/pdns-access.log;
error_log /var/log/nginx/pdns-error.log;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /\.ht {
deny all;
}
}
Create the link:
$ sudo ln -s /etc/nginx/sites-available/pdns.mwdnsint /etc/nginx/sites-enabled/pdns.mwdnsint
Test the new config and restart:
$ sudo nginx -t
$ sudo service nginx restart
b. Install power admin via git.
$ sudo git clone https://github.com/poweradmin/poweradmin.git /var/www/html/pdns.mwdnsint/
$ sudo chown -R www-data: /var/www/html/pdns.mwdnsint/
$ sudo service nginx reload
5. Install PowerAdmin:
http://192.168.99.99/poweradmin/install/
Step 1: Proceed in English [Go to step 2]
Step 2: [Go to step 3]
Step 3: Enter the following:
Username: powerdns_user
Password: <newpasswordforthisuser> Step 3b
Database type: MySQL
Hostname: 127.0.0.1
DB Port: 3306
Database: powerdns
Poweradmin administrator password: <newpasswordforwebuser>
Note: The web login ID is: admin.
[Go to step 4]
Step 4: Enter the following:
Username: powerdns_user
Password: <newpasswordforthisuser> Step 3b
Hostmaster: hostmaster.mindwatering.internal
Primary nameserver: ns1.mindwatering.internal
Secondary nameserver: ns2.mindwatering.internal
Note: ns1 is the same as our dnsint server name.
[Go to step 5]
Step 5: Use the MySQL command listed in Step 5 and enter into MySQL console.
$ sudo mysql -u root -p
<enter the MariaDB/mySQL root password you created in step 2a>
Copy/paste, enter the command, your command will be similar to below:
> GRANT SELECT, INSERT, UPDATE, DELETE
ON powerdns.*
TO 'powerdns_user'@'localhost'
IDENTIFIED BY 'powerdns_user_password';
> /q
[Go to step 6]
Step 6: Note what update it make to ../inc/config.inc.php
In my case, it created a file which I just had to overwrite my config.ini.php. Otherwise, you don't need to do the commands immediately below.
$ sudo mv /var/www/html/pdns.mwdnsint/inc/config-me.inc.php /var/www/html/pdns.mwdnsint/inc/config.inc.php
$ sudo chown www-data: /var/www/html/pdns.mwdnsint/config.inc.php
$ sudo chmod /var/www/html/pdns.mwdnsint/config.inc.php
[Go to step 7]
Step 7: Confirmation page.
Note: That the admin id is "admin".
d. Move or kill the install folder
$ cd /var/www/html/pdns.mwdnsint/
$ sudo mv install/ installdeleteme/
or
$ sudo rm -rf /var/www/html/pdns.mwdnsint/install/
e. Restart nginx. (I don't think necessary; but did it just in case.)
$ sudo service nginx restart
If you have any errors check the following:
$ sudo tail /var/log/nginx/pdns-error.log
6. Log into PowerAdmin Web Site:
http://192.168.99.99/poweradmin/
Create a test Master Zone and test it with Dig.
Warning:
Never enable recursive nameserver support into a production nameserver, especially an external authoritative server. Instead setup a separate non-authoritative server for "fake" domains and recursive support.
Update to pdns.conf for recursive:
recursive=192.168.99.199
allow-recursion=192.168.99.0/24, 192.168.199.0/24
previous page
|