exu/wiki-grav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add postgresql backend to powerdns

Browse Source
This commit is contained in:
RealStickman 2023-05-26 16:07:27 +02:00
parent fae366d167
commit 65e66b7bff
1 changed files with 68 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
pages/02.linux/powerdns/default.en.md
View File

@ -8,17 +8,71 @@ media_order: powerdns-admin-api-settings.png
## Installation ## Installation
### Debian
For the autoriative server install this package For the autoriative server install this package
`# apt install pdns-server` `# apt install pdns-server`
This is the PowerDNS resolver package This is the PowerDNS resolver package
`# apt install pdns-recursor` `# apt install pdns-recursor`
### Different Backends can be installed on Debian PowerDNS offers different backends, which are packaged separately on Debian.
Mysql Backend **Mysql Backend**
`# apt install pdns-backend-mysql mariadb-server`
## Configuration Authoritative Server ```sh
apt install pdns-backend-mysql mariadb-server
```
**PostgreSQL Backend**
```sh
sudo apt install pdns-backend-pgsql postgresql
```
## Authoritative Server
> [List of all available backends](https://doc.powerdns.com/authoritative/backends/index.html)
### PostgreSQL Backend
Edit the configuration file in `/etc/powerdns/pdns.conf`
```
...
launch=gpgsql
...
gpgsql-host=127.0.0.1
gpgsql-port=5432
gpgsql-dbname=pdns
gpgsql-user=<user>
gpgsql-password=<password>
gpgsql-dnssec=yes
```
Prepare database
```sh
sudo -u postgres psql
```
```sql
CREATE DATABASE pdns;
CREATE USER <user> WITH ENCRYPTED PASSWORD '<password>';
GRANT ALL PRIVILEGES ON DATABASE pdns TO powerdns;
```
Import the schema utilised by PowerDNS. This can be done with the user you just created
Do note the `-h` parameter is required unless `pg_hba.conf` has been modified to password based authentication locally as well.
```sh
psql -U <user> -d <database> -h 127.0.0.1 -f /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql
```
```sh
systemctl restart pdns
```
### MySQL Backend
Set the backend you chose in the `launch=` option of PowerDNS' configuration file. Set the backend you chose in the `launch=` option of PowerDNS' configuration file.
The config can be found under `/etc/powerdns/pdns.conf` The config can be found under `/etc/powerdns/pdns.conf`
@ -60,7 +114,7 @@ mysql -u pdns -p pdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql
systemctl restart pdns systemctl restart pdns
``` ```
### Zones ## PowerDNS CLI
Create Zone and add a name server Create Zone and add a name server
`# pdnsutil create-zone (domain) ns1.(domain)` `# pdnsutil create-zone (domain) ns1.(domain)`
@ -69,7 +123,7 @@ Add "A"-Record. **Mind the (.) after the domain**
"Name" is the hostname you wish to assign. "Name" is the hostname you wish to assign.
`# pdnsutil add-record (domain). (name) A (ip address)` `# pdnsutil add-record (domain). (name) A (ip address)`
### Dynamic DNS ## Dynamic DNS
`# apt install bind9utils` `# apt install bind9utils`
@ -92,7 +146,7 @@ And for reverse-zone
You also have to configure the DHCP server to provide updates, see [the DHCP article](https://wiki.realstickman.net/en/linux/services/dhcp-server) You also have to configure the DHCP server to provide updates, see [the DHCP article](https://wiki.realstickman.net/en/linux/services/dhcp-server)
#### Testing with nsupdate ### Testing with nsupdate
`# nsupdate -k Kdhcpdupdate.+157+12673.key` `# nsupdate -k Kdhcpdupdate.+157+12673.key`
@ -119,8 +173,6 @@ To bind to all interfaces, use `local-address=::,0.0.0.0`
### Authoritative Server ### Authoritative Server
> _TODO_
> https://doc.powerdns.com/authoritative/dnssec/index.html > https://doc.powerdns.com/authoritative/dnssec/index.html
### Recursor Server ### Recursor Server
@ -140,17 +192,16 @@ Show domains with disabled DNSSEC
### PowerDNS-Admin ### PowerDNS-Admin
```sh ```sh
mkdir /etc/pda-data sudo mkdir /etc/powerdns-admin
chmod 777 -R /etc/pda-data
``` ```
```sh ```sh
podman run -d \ sudo podman run -d \
--name powerdns-admin \ --name powerdns-admin \
-e SECRET_KEY='q5dNwUVzbdn6gc7of6DvO0syIhTHVq1t' \ -e SECRET_KEY='<key>' \
-v /etc/pda-data:/data \ -v /etc/powerdns-admin:/data \
--net=host \ -p 9191:80 \
docker://ngoduykhanh/powerdns-admin:latest docker.io/powerdnsadmin/pda-legacy:latest
``` ```
#### Enabling API #### Enabling API
@ -159,7 +210,7 @@ A few settings in `/etc/powerdns/pdns.conf` need to be changed.
``` ```
api=yes api=yes
api-key=(random key) api-key=<key>
webserver=yes webserver=yes
``` ```
@ -167,23 +218,3 @@ Following this, the API access can be configured in the webgui
![Configuration options in PowerDNS Admin](powerdns-admin-api-settings.png) ![Configuration options in PowerDNS Admin](powerdns-admin-api-settings.png)
Now you should see all your configured Domains and be able to modify records Now you should see all your configured Domains and be able to modify records
#### Systemd Service
`/etc/systemd/system/powerdns-admin.service`
```systemd
[Unit]
Description=Powerdns Admin Podman container
[Service]
Restart=always
ExecStart=/usr/bin/podman start -a powerdns-admin
ExecStop=/usr/bin/podman stop -t 10 powerdns-admin
[Install]
WantedBy=multi-user.target
```
```sh
systemctl daemon-reload
systemctl enable --now powerdns-admin
```