Install a PowerDNS resolver on CentOS 7

October 3, 2017

There are two versions of PowerDNS:

Why run your own DNS?

You may want to run your own DNS resolver if you have a number of servers or a large network of computers;  if you find public DNS servers or those provided by your ISP too slow; or if you want to ensure your DNS is unfiltered and not tracked.

Why PowerDNS over BIND?

Much of the decision is down to user preference and experience, both are extremely capable.  I use PowerDNS as I prefer the mySQL rather than flat file back-end for authoritative use.  I also find it quicker and more predictable under heavy load.

Other users prefer lighter distributions such as MaraDNS – so it’s worth looking around to see what’s best for you.

PowerDNS resolver install guide

You’ll need to enable the EPEL repository.

You can now install the PowerDNS resolver

[user@server] sudo yum install pdns-recursor

We’ll need to make a couple of changes to the configuration before we start the server

[user@server] sudo nano /etc/pdns-recursor/recursor.conf

You’ll see a line called ‘allow-from’.
Remove the # symbol from before this line.
It’s important that you add IP addresses, or IP ranges here that you want to serve recursive DNS for.  By default will be listed to allow the local server to use its own service, it’s safe to leave that in place.

The second line to edit is ‘local-address=’
Again, remove the # from the beginning.
You then need to add a comma-separated list of IP addresses that you want this server to listen on.  This will usually just be and the main IP of your server.  eg:


Ctrl+O to save and Ctrl+X to exit.

You can now start your server.

[user@server] sudo service pdns-recursor start

To make sure that the DNS server starts on boot, you can use

[user@server] sudo chkconfig pdns-recursor on

You can check the server is responding using the dig command.

[user@server] dig @

If all is well, it would be advisable to set up a firewall at this point to only allow access from the IP addresses that will be using the server as an added precaution.  CSF works very well.

No comments

Leave a Reply

Your email address will not be published. Required fields are marked *