From 65e66b7bffe764763a306fa60de6cb5121a84809 Mon Sep 17 00:00:00 2001
From: RealStickman <mrc@frm01.net>
Date: Fri, 26 May 2023 16:07:27 +0200
Subject: [PATCH] Add postgresql backend to powerdns

---
 pages/02.linux/powerdns/default.en.md | 105 +++++++++++++++++---------
 1 file changed, 68 insertions(+), 37 deletions(-)

diff --git a/pages/02.linux/powerdns/default.en.md b/pages/02.linux/powerdns/default.en.md
index c33615f..3c26299 100644
--- a/pages/02.linux/powerdns/default.en.md
+++ b/pages/02.linux/powerdns/default.en.md
@@ -8,17 +8,71 @@ media_order: powerdns-admin-api-settings.png
 
 ## Installation
 
+### Debian
+
 For the autoriative server install this package  
 `# apt install pdns-server`  
 This is the PowerDNS resolver package  
 `# apt install pdns-recursor`
 
-### Different Backends can be installed on Debian
+PowerDNS offers different backends, which are packaged separately on Debian.
 
-Mysql Backend  
-`# apt install pdns-backend-mysql mariadb-server`
+**Mysql Backend**
 
-## Configuration Authoritative Server
+```sh
+apt install pdns-backend-mysql mariadb-server
+```
+
+**PostgreSQL Backend**
+
+```sh
+sudo apt install pdns-backend-pgsql postgresql
+```
+
+## Authoritative Server
+
+> [List of all available backends](https://doc.powerdns.com/authoritative/backends/index.html)
+
+### PostgreSQL Backend
+
+Edit the configuration file in `/etc/powerdns/pdns.conf`
+
+```
+...
+launch=gpgsql
+...
+gpgsql-host=127.0.0.1
+gpgsql-port=5432
+gpgsql-dbname=pdns
+gpgsql-user=<user>
+gpgsql-password=<password>
+gpgsql-dnssec=yes
+```
+
+Prepare database
+
+```sh
+sudo -u postgres psql
+```
+
+```sql
+CREATE DATABASE pdns;
+CREATE USER <user> WITH ENCRYPTED PASSWORD '<password>';
+GRANT ALL PRIVILEGES ON DATABASE pdns TO powerdns;
+```
+
+Import the schema utilised by PowerDNS. This can be done with the user you just created  
+Do note the `-h` parameter is required unless `pg_hba.conf` has been modified to password based authentication locally as well.
+
+```sh
+psql -U <user> -d <database> -h 127.0.0.1 -f /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql
+```
+
+```sh
+systemctl restart pdns
+```
+
+### MySQL Backend
 
 Set the backend you chose in the `launch=` option of PowerDNS' configuration file.  
 The config can be found under `/etc/powerdns/pdns.conf`
@@ -60,7 +114,7 @@ mysql -u pdns -p pdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql
 systemctl restart pdns
 ```
 
-### Zones
+## PowerDNS CLI
 
 Create Zone and add a name server  
 `# pdnsutil create-zone (domain) ns1.(domain)`
@@ -69,7 +123,7 @@ Add "A"-Record. **Mind the (.) after the domain**
 "Name" is the hostname you wish to assign.  
 `# pdnsutil add-record (domain). (name) A (ip address)`
 
-### Dynamic DNS
+## Dynamic DNS
 
 `# apt install bind9utils`
 
@@ -92,7 +146,7 @@ And for reverse-zone
 
 You also have to configure the DHCP server to provide updates, see [the DHCP article](https://wiki.realstickman.net/en/linux/services/dhcp-server)
 
-#### Testing with nsupdate
+### Testing with nsupdate
 
 `# nsupdate -k Kdhcpdupdate.+157+12673.key`
 
@@ -119,8 +173,6 @@ To bind to all interfaces, use `local-address=::,0.0.0.0`
 
 ### Authoritative Server
 
-> _TODO_
-
 > https://doc.powerdns.com/authoritative/dnssec/index.html
 
 ### Recursor Server
@@ -140,17 +192,16 @@ Show domains with disabled DNSSEC
 ### PowerDNS-Admin
 
 ```sh
-mkdir /etc/pda-data
-chmod 777 -R /etc/pda-data
+sudo mkdir /etc/powerdns-admin
 ```
 
 ```sh
-podman run -d \
+sudo podman run -d \
     --name powerdns-admin \
-    -e SECRET_KEY='q5dNwUVzbdn6gc7of6DvO0syIhTHVq1t' \
-    -v /etc/pda-data:/data \
-    --net=host \
-    docker://ngoduykhanh/powerdns-admin:latest
+    -e SECRET_KEY='<key>' \
+    -v /etc/powerdns-admin:/data \
+    -p 9191:80 \
+    docker.io/powerdnsadmin/pda-legacy:latest
 ```
 
 #### Enabling API
@@ -159,7 +210,7 @@ A few settings in `/etc/powerdns/pdns.conf` need to be changed.
 
 ```
 api=yes
-api-key=(random key)
+api-key=<key>
 webserver=yes
 ```
 
@@ -167,23 +218,3 @@ Following this, the API access can be configured in the webgui
 ![Configuration options in PowerDNS Admin](powerdns-admin-api-settings.png)
 
 Now you should see all your configured Domains and be able to modify records
-
-#### Systemd Service
-
-`/etc/systemd/system/powerdns-admin.service`
-
-```systemd
-[Unit]
-Description=Powerdns Admin Podman container
-[Service]
-Restart=always
-ExecStart=/usr/bin/podman start -a powerdns-admin
-ExecStop=/usr/bin/podman stop -t 10 powerdns-admin
-[Install]
-WantedBy=multi-user.target
-```
-
-```sh
-systemctl daemon-reload
-systemctl enable --now powerdns-admin
-```