- 08 Feb 2023
- 9 Minutes to read
- Print
- DarkLight
PowerDNS
- Updated on 08 Feb 2023
- 9 Minutes to read
- Print
- DarkLight
PowerDNS is an open-source Domain Name System (DNS) server. You can use this service as a DNS server for hosts and services on your local network.
Note that PowerDNS service requires the PostgreSQL service to store DNS data.
- Select PowerDNS to add PowerDNS service.
- Enter a name for the service instance.
- Select the Network to which this service instance will connect.
- IP Address: Specify the static IP Address for this service instance. It should be in the same IP subnet as the local network CIDR, but must be outside the range of DHCP offered IP addresses. For example, say the network CIDR of the local network is 10.10.0.0/24, and the DHCP server offers IP addresses in the range 10.10.0.15 - 10.10.0.253. Then the static IP address for this service instance can be in the range 10.10.0.1 - 10.10.0.14.
- Kind: Visible only if you're adding the service to an iNode cluster. Select an option that specifies how to run the service in the cluster:
- Daemon: One instance of the service runs on all iNodes in the cluster.
- Replica: One instance of the service runs on a set of iNodes that you select using labels in the Run Services in iNodes dropdown.
- Singleton: One instance of the service runs only on the master iNode. If the master fails, it runs on the iNode that gets elected as the new master.
- Singleton mode: Choose this option to run a single instance of PowerDNS. This ensures that the PowerDNS service runs only on the master iNode in the cluster.
- Replica mode: Choose this option to ensure that an instance of PowerDNS is running in all the candidate nodes of the cluster. The Replica PowerDNS mode with service restart avoidance configuration effectively reduces the downtime in DNS resolution on cluster master failovers.
To configure Replica mode, select the Replica option. In the Run Services in iNodes dropdown menu, select the label Candidate.
- Singleton mode: Choose this option to run a single instance of PowerDNS. This ensures that the PowerDNS service runs only on the master iNode in the cluster.
- Select Next to go to the Databasetab. Specify the following:
- PostgreSQL Service IP Address: PowerDNS service requires the PostgreSQL service to store DNS data. Specify the IP address of the PostgreSQL service for PowerDNS service to access its database.
- Database Name: Specify the name of the PostgreSQL database that PowerDNS service will use.
- User Name: Specify the user name that PowerDNS service will use to access its PostgreSQL database.
- Password: Please specify the password that PowerDNS service will use to access its PostgreSQL database.The Database Name, User Name, and Password settings must match the corresponding PostgreSQL configuration.
- Select Next to go to the DNS Zone tab to provide DNS zone configuration.
- Select an option for the DNS Zone configuration:
- Either upload a new DNS Zone configurationFile extension of the DNS zone file must be .zone.
- OR use a DNS zone configuration you've uploaded previously.
- Either upload a new DNS Zone configuration
- Secure Dynamic DNS Updates: Turn this on if you want to secure dynamic DNS updates using TSIG keys.
- Select an option for the TSIG DNS update configuration:
- Either upload a new TSIG DNS update configuration.File extension of the TSIG DNS update configuration file must be .conf.
- Either upload a new TSIG DNS update configuration.
- OR use a TSIG DNS update configuration you've uploaded previously.The TSIG key name in the TSIG DNS update configuration file must match the corresponding key name in the Kea DDNS configuration file.
- Select an option for the TSIG DNS update configuration:
- Select Next to go to the Service tab.
- Select Version: Select the PowerDNS image version.With PowerDNS version 4.5.4-1, the authoritative and the recursor part of PowerDNS runs as two separate containers within the same service.PowerDNS authoritative service used for Dynamic DNS updates listens on port 5300. PowerDNS recursor service used for Recursive queries listens on port 53.
- Allow DNS Updates From: PowerDNS service allows dynamic DNS updates on any domain. By default, dynamic DNS updates are not allowed from any host. If you want to dynamically update DNS data, specify a comma separated list of IP addresses or IP address ranges (in CIDR format) that are allowed to perform DNS updates. For example, to allow the host 192.168.1.100 and hosts in the 192.168.2.0/24 subnet, specify 192.168.1.100,192.168.2.0/24.To allow the Kea service to dynamically update DNS mapping based on DHCP lease change events, configure the Kea DDNS server and specify the IP address of the Kea service here.
- Allow API Access From: PowerDNS service includes a built-in webserver on port 83 that exposes a REST API. By default, API access is restricted to the local host. If you want to provide access to specific hosts, specify a comma separated list of IP addresses or IP address ranges (in CIDR format) that are allowed to access the API. For example, to allow the host 192.168.1.100 and hosts in the 192.168.2.0/24 subnet, specify 192.168.1.100,192.168.2.0/24.
- API Key: PowerDNS service includes a built-in webserver on port 83 that exposes a REST API. Set the static pre-shared authentication key that hosts need to use to access the API.
- To avoid service restart on cluster master failover, enable the Avoid Service Restart On Failure option.
- Choose the custom DNS server option.
- Set the PowerDNS service IP address as the DNS server IP address.Set the DNS Server IP address to the PowerDNS service IP address. This ensures that across the failovers, the DNS IP address for the postgres service remains the same, and the service mode seamlessly switches from backup to master without any service restart.
- Select Next to go to the DNS Recursiontab. This is an optional configuration to forward DNS queries unresolved by this PowerDNS service to a Recursor (another DNS server that can resolve these queries).
- Allow DNS Recursion From: PowerDNS service supports recursive DNS queries on any domain. By default, recursive queries are restricted to the local host. If you want to allow recursive queries to specific hosts, specify a comma-separated list of IP address ranges (in CIDR format) that are allowed to perform recursive DNS queries. For example, to allow the hosts in the 192.168.2.0/24 subnet, specify 192.168.2.0/24.
- DNS Recursor: PowerDNS service supports forwarding recursive DNS queries it receives to a DNS Recursor. Specify the IP address of the DNS Recursor that will resolve the recursive DNS queries. For example, you can specify the IP address of a public DNS server such as those provided by your Internet Service Provider.On PowerDNS version 4.5.4-1, the recursor server runs as a separate container and listens on port 53 within the PowerDNS service.
- Select Next to go to the Remote Logging tab.
- Turn on Remote Loggingif you want to send service logs to a remote destination of your choice using Fluent Bit, an open-source log processor and forwarder.
- Select Fluent Bit Version: Select the Fluent Bit image version.
- Select an option for the Fluent Bit configuration:
- Either upload a new Fluent Bit configuration (file name of the Fluent Bit configuration must be fluent-bit.conf)
- OR use a Fluent Bit configuration you've uploaded previously.
Zone Files and Image Version pdns-4.0.8-4 (Image tag: iotium/powerdns:4.0.8-4-amd64)
The PowerDNS image supports reloading of edited zone files. You can now edit and reload your zone files for existing zones with pre-seeded contents. If you are updating an existing secret, please restart the PowerDNS container for the new secret content (zone files) to take effect. Images prior to pdns-4.0.8-4 do not support zone-file updates.
The default behavior for the following settings has been changed:
- Allow DNS Recursion From: By default, the access is restricted to local host on image iotium/powerdns:4.0.8-4-amd64. This is a change from previous images where, by default, the access was open to all.
- Allow API Access From: By default, the access is restricted to local host on image iotium/powerdns:4.0.8-4-amd64. This is a change from previous images where, by default, the access was open to all.
Migrating an Existing PowerDNS Service from pdns-4.0.8-3 to pdns-4.0.8-4 (Image tag: iotium/powerdns:4.0.8-4-amd64)
To use the PowerDNS image supporting the zone edits, you can migrate from pdns-4.0.8-3 to pdns-4.0.8-4 image version in the Service→Image Version drop-down and update the existing service. Make sure that you update the image to the latest version, and then try updating the zone files.
Image Version powerdns-4.5.4-1 (Image tag: iotium/powerdns:4.5.4-1amd64)
This version has been released due to powerdns 4.0.8 now at end-of-life (eol). PowerDNS version 4.5.4-1 has two containers:
- Authoritative server — The powerdns 4.5.4 authoritative server is used for dynamic DNS updates and it listens on port 5300. Make sure to configure the Kea-dhcp-ddns config file to update the DNS server for this port.
- Recursive server — The powerdns 4.5.8 recursive server is used for handling DNS queries and it listens on port 53.
Migrating an Existing PowerDNS Deployment to powerdns-4.5.4-1
To use the powerdns-4.5.4-1 image, from the Service→ Select Version dropdown, select the new image and update the existing service.
PostgreSQL
PostgreSQL, also known as Postgres, is an open-source object-relational database system.
Note that Kea and PowerDNS services require the PostgreSQL service to store data.
- Select PostgreSQL to add the PostgreSQL service.
- Enter a name for this service instance.
- Set the password for the built-in postgres superuser account. This password is used to create the respective databases for the Kea and PowerDNS services.
- Select the Network to which this service instance will connect.
- IP Address: Specify the static IP Address for this service instance. It should be in the same IP subnet as the local network CIDR, but must be outside the range of DHCP offered IP addresses. For example, say the network CIDR of the local network is 10.10.0.0/24, and the DHCP server offers IP addresses in the range 10.10.0.15 - 10.10.0.253. Then the static IP address for this service instance can be in the range 10.10.0.1 - 10.10.0.14.
- Kind: Visible only if you' adding the service to an iNode cluster. Select an option that specifies how to deploy the service in the cluster:
- Daemon: One instance of the service runs on all iNodes in the cluster.
- Replica: One instance of the service runs on a set of iNodes that you select using labels in the Run Services in iNodes dropdown.
- Singleton: One instance of the service runs only on the master iNode. If the master fails, it runs on the iNode that gets elected as the new master.The PostgreSQL service stores DHCP data for Kea service and DNS data for PowerDNS service. To prevent loss of this data when a master iNode fails, we recommend you run PostgreSQL service on all iNodes in the cluster that are candidates in the master election. To do this, select the Replica option. In the Run Services in iNodes dropdown select the label Candidate.
- Select Next to go to the DHCP Databasetab. Set the following:
- Database Name: Set the name of the database that the Kea service will use.
- User Name: Set the user name that the Kea service will use to access its database.
- Password: Set the password that the Kea service will use to access its database.The Database Name, User Name, and Password settings must match the corresponding Kea DHCPv4 configuration.
- Select Next to go to the DNS Databasetab. Set the following:
- Database Name: Set the name of the database that the PowerDNS service will use.
- User Name: Set the user name that the PowerDNS service will use to access its database.
- Password: Set the password that the PowerDNS service will use to access its database.The Database Name, User Name, and Password settings must match the corresponding PowerDNS configuration.
- Select Next to go to the Service tab. Select the PostgreSQL image version.
- Enable Avoid Service Restart On Failover to seamlessly switch from backup to master mode on cluster failover.
- Provide the DNS service IP address that the Replica instances of the service will use.
- Use the Custom option to configure the DNS server IP address.
- Set the DNS Server IP address to the PowerDNS service IP address. This ensures that across the failovers, the DNS IP address for the postgres service remains the same, and the service mode seamlessly switches from backup to master without any service restart.
- Select Next to go to the Remote Logging tab.
- Turn on Remote Loggingif you want to send service logs to a remote destination of your choice using Fluent Bit, an open-source log processor and forwarder.
- Select Fluent Bit Version: Select the Fluent Bit image version.
- Select an option for the Fluent Bit configuration:
- Either upload a new Fluent Bit configuration (file name of the Fluent Bit configuration must be fluent-bit.conf)
- OR use a Fluent Bit configuration you've uploaded previously.