Install a PowerDNS resolver on CentOS 7

October 3, 2017
Phil

There are two versions of PowerDNS:

Why run your own DNS?

You may want to run your own DNS resolver if you have a number of servers or a large network of computers;  if you find public DNS servers or those provided by your ISP too slow; or if you want to ensure your DNS is unfiltered and not tracked.

Why PowerDNS over BIND?

Much of the decision is down to user preference and experience, both are extremely capable.  I use PowerDNS as I prefer the mySQL rather than flat file back-end for authoritative use.  I also find it quicker and more predictable under heavy load.

Other users prefer lighter distributions such as MaraDNS – so it’s worth looking around to see what’s best for you.

PowerDNS resolver install guide

You’ll need to enable the EPEL repository.

You can now install the PowerDNS resolver

[user@server] sudo yum install pdns-recursor

We’ll need to make a couple of changes to the configuration before we start the server

[user@server] sudo nano /etc/pdns-recursor/recursor.conf

You’ll see a line called ‘allow-from’.
Remove the # symbol from before this line.
It’s important that you add IP addresses, or IP ranges here that you want to serve recursive DNS for.  By default 127.0.0.0/8 will be listed to allow the local server to use its own service, it’s safe to leave that in place.

The second line to edit is ‘local-address=’
Again, remove the # from the beginning.
You then need to add a comma-separated list of IP addresses that you want this server to listen on.  This will usually just be 127.0.0.1 and the main IP of your server.  eg:

local-address=127.0.0.1, 10.0.0.123

Ctrl+O to save and Ctrl+X to exit.

You can now start your server.

[user@server] sudo service pdns-recursor start

To make sure that the DNS server starts on boot, you can use

[user@server] sudo chkconfig pdns-recursor on

You can check the server is responding using the dig command.

[user@server] dig @127.0.0.1 www.netweaver.uk

If all is well, it would be advisable to set up a firewall at this point to only allow access from the IP addresses that will be using the server as an added precaution.  CSF works very well.

No comments

Leave a Reply

Your email address will not be published. Required fields are marked *