Install a PowerDNS resolver on CentOS 7
There are two versions of PowerDNS:
- PowerDNS Server – used to power authoritative DNS servers
- PowerDNS recursor – used to provide a resolver, typically not open to the public
Why run your own DNS?
You may want to run your own DNS resolver if you have a number of servers or a large network of computers; if you find public DNS servers or those provided by your ISP too slow; or if you want to ensure your DNS is unfiltered and not tracked.
Why PowerDNS over BIND?
Much of the decision is down to user preference and experience, both are extremely capable. I use PowerDNS as I prefer the mySQL rather than flat file back-end for authoritative use. I also find it quicker and more predictable under heavy load.
PowerDNS resolver install guide
If you need a server to try this out on, we recommend our friends at Linode.
You’ll need to enable the EPEL repository.
You can now install the PowerDNS resolver
[user@server] sudo yum install pdns-recursor
We’ll need to make a couple of changes to the configuration before we start the server
[user@server] sudo nano /etc/pdns-recursor/recursor.conf
You’ll see a line called ‘allow-from’.
Remove the # symbol from before this line.
It’s important that you add IP addresses, or IP ranges here that you want to serve recursive DNS for. By default 127.0.0.0/8 will be listed to allow the local server to use its own service, it’s safe to leave that in place.
The second line to edit is ‘local-address=’
Again, remove the # from the beginning.
You then need to add a comma-separated list of IP addresses that you want this server to listen on. This will usually just be 127.0.0.1 and the main IP of your server. eg:
Ctrl+O to save and Ctrl+X to exit.
You can now start your server.
[user@server] sudo service pdns-recursor start
To make sure that the DNS server starts on boot, you can use
[user@server] sudo chkconfig pdns-recursor on
You can check the server is responding using the dig command.
[user@server] dig @127.0.0.1 www.netweaver.uk
If all is well, it would be advisable to set up a firewall at this point to only allow access from the IP addresses that will be using the server as an added precaution. CSF works very well.