Raspberry Pi powerdns setup for local DNS resolution

I wanted to leverage the power of the Pi that I bought and finally found time to setup a DNS server on it for local usage. The following article http://matthewdba.wordpress.com/2014/02/09/raspberry-pi-dns-server/ helped a bit with it.

For debugging I started it with the following command:

pi@raspi ~ $ sudo pdns_server --daemon=no

My setup of files is:

pi@raspi ~ $ ls /etc/powerdns/*
/etc/powerdns/bindbackend.conf  /etc/powerdns/pdns.conf

/etc/powerdns/bind:
2.168.192.in-addr.arpa  zuber.local.zone

/etc/powerdns/pdns.d:
pdns.simplebind
pi@raspi ~ $ cat /etc/powerdns/bindbackend.conf
zone "zuber.local" {
  type master;
  file "/etc/powerdns/bind/zuber.local.zone";
  allow-update { none; };
};
zone "2.168.192.in-addr.arpa" IN {
  type master;
  file "/etc/powerdns/bind/2.168.192.in-addr.arpa";
  allow-update { none; };
};
pi@raspi ~ $ cat /etc/powerdns/bind/2.168.192.in-addr.arpa
; /etc/powerdns/bind/2.168.192.in-addr.arpa
$ORIGIN 2.168.192.in-addr.arpa
$TTL 1h
@       IN SOA ns.zuber.local hostmaster.zuber.local (
            2014120716; serial
            3h; refresh
            2h; retry
            4w; expire
            1h; minimum time-to-live
        )
        IN  NS     ns
        IN  A      192.168.2.3
1       IN  PTR    router.zuber.local.
2       IN  PTR    jarvis.zuber.local.
4       IN  PTR    mike.zuber.local.
7       IN  PTR    tms.zuber.local.
9       IN  PTR    zeus.zuber.local.

; EOF
pi@raspi ~ $ cat /etc/powerdns/bind/zuber.local.zone
; /etc/powerdns/bind/zuber.local.zone
$ORIGIN zuber.local
$TTL 1h
@       IN SOA ns.zuber.local hostmaster.zuber.local (
            2014120716; serial
            3h; refresh
            2h; retry
            4w; expire
            1h; minimum time-to-live
        )
        IN  NS      ns
        IN  A       192.168.2.3
ns      IN  A       192.168.2.3
router  IN  A       192.168.2.1
jarvis  IN  A       192.168.2.2
mike    IN  A       192.168.2.4
tms     IN  A       192.168.2.7
zeus    IN  A       192.168.2.9

; EOF
pi@raspi ~ $ cat /etc/powerdns/pdns.conf
# Autogenerated configuration file template
#################################
# allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
#                   IP addresses
#
# allow-axfr-ips=

#################################
# allow-recursion	List of netmasks that are allowed to recurse
#
allow-recursion=127.0.0.1/8,192.168.2.0/24

#################################
# allow-recursion-override   Local data even about hosts that don't exist will
#                            override the internet. (on/off)
#
# allow-recursion-override=

#################################
# cache-ttl	Seconds to store packets in the PacketCache
#
# cache-ttl=20

#################################
# chroot	If set, chroot to this directory for more security
#
# chroot=/var/spool/powerdns

#################################
# config-dir	Location of configuration directory (pdns.conf)
#
config-dir=/etc/powerdns

#################################
# config-name	Name of this virtual configuration - will rename the binary image
#
# config-name=

#################################
# control-console	Debugging switch - don't use
#
# control-console=no

#################################
# daemon	Operate as a daemon
#
daemon=yes

#################################
# default-soa-name	name to insert in the SOA record if none set in the backend
#
# default-soa-name=a.misconfigured.powerdns.server

#################################
# disable-axfr	Disable zonetransfers but do allow TCP queries
#
disable-axfr=yes

#################################
# disable-tcp	Do not listen to TCP queries
#
# disable-tcp=no

#################################
# distributor-threads	Default number of Distributor (backend) threads to start
#
# distributor-threads=3

#################################
# fancy-records	Process URL and MBOXFW records
#
# fancy-records=no

#################################
# guardian	Run within a guardian process
#
guardian=yes

#################################
# launch	Which backends to launch and order to query them in
#
#launch=bind

#################################
# lazy-recursion	Only recurse if question cannot be answered locally
#
lazy-recursion=yes

#################################
# load-modules	Load this module - supply absolute or relative path
#
# load-modules=

#################################
# local-address	Local IP address to which we bind
#
local-address=127.0.0.1,192.168.2.3

#################################
# local-ipv6	Local IP address to which we bind
#
# local-ipv6=

#################################
# local-port	The port on which we listen
#
local-port=53

#################################
# log-dns-details	If PDNS should log failed update requests
#
log-dns-details=yes

#################################
# log-failed-updates	If PDNS should log failed update requests
#
# log-failed-updates=

#################################
# logfile	Logfile to use
#
logfile=/var/log/pdns.log

#################################
# logging-facility	Log under a specific facility
#
# logging-facility=

#################################
# loglevel	Amount of logging. Higher is more. Do not set below 3
#
# loglevel=4

#################################
# master	Act as a master
#
# master=no

#################################
# max-queue-length	Maximum queuelength before considering situation lost
#
# max-queue-length=5000

#################################
# max-tcp-connections	Maximum number of TCP connections
#
# max-tcp-connections=10

#################################
# module-dir	Default directory for modules
#
module-dir=/usr/lib/powerdns

#################################
# negquery-cache-ttl	Seconds to store packets in the PacketCache
#
# negquery-cache-ttl=60

#################################
# out-of-zone-additional-processing	Do out of zone additional processing
#
# out-of-zone-additional-processing=no

#################################
# query-cache-ttl	Seconds to store packets in the PacketCache
#
# query-cache-ttl=20

#################################
# query-logging	Hint backends that queries should be logged
#
# query-logging=no

#################################
# queue-limit	Maximum number of milliseconds to queue a query
#
# queue-limit=1500

#################################
# query-local-address   The IP address to use as a source address for sending
#                       queries.
# query-local-address=

#################################
# receiver-threads	Number of receiver threads to launch
#
# receiver-threads=1

#################################
# recursive-cache-ttl	Seconds to store packets in the PacketCache
#
# recursive-cache-ttl=10

#################################
# recursor	If recursion is desired, IP address of a recursing nameserver
#
recursor=217.145.192.3

#################################
# setgid	If set, change group id to this gid for more security
#
setgid=pdns

#################################
# setuid	If set, change user id to this uid for more security
#
setuid=pdns

#################################
# skip-cname	Do not perform CNAME indirection for each query
#
# skip-cname=no

#################################
# slave	Act as a slave
#
# slave=no

#################################
# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
#
# slave-cycle-interval=60

#################################
# smtpredirector	Our smtpredir MX host
#
# smtpredirector=a.misconfigured.powerdns.smtp.server

#################################
# soa-minimum-ttl	Default SOA mininum ttl
#
# soa-minimum-ttl=3600

#################################
# soa-refresh-default  Default SOA refresh
#
# soa-refresh-default=10800

#################################
# soa-retry-default    Default SOA retry
#
# soa-retry-default=3600

#################################
# soa-expire-default   Default SOA expire
#
# soa-expire-default=604800

#################################
# soa-serial-offset	Make sure that no SOA serial is less than this number
#
# soa-serial-offset=0

#################################
# socket-dir	Where the controlsocket will live
#
socket-dir=/var/run

#################################
# strict-rfc-axfrs	Perform strictly rfc compliant axfrs (very slow)
#
# strict-rfc-axfrs=no

#################################
# urlredirector	Where we send hosts to that need to be url redirected
#
# urlredirector=127.0.0.1

#################################
# use-logfile	Use a log file
#
# use-logfile=yes

#################################
# webserver	Start a webserver for monitoring
#
# webserver=yes

#################################
# webserver-address	IP Address of webserver to listen on
#
# webserver-address=192.168.2.3

#################################
# webserver-password	Password required for accessing the webserver
#
# webserver-password=

#################################
# webserver-port	Port of webserver to listen on
#
# webserver-port=8081

#################################
# webserver-print-arguments	If the webserver should print arguments
#
# webserver-print-arguments=no

#################################
# wildcard-url	Process URL and MBOXFW records
#
# wildcard-url=no

#################################
# wildcards	Honor wildcards in the database
#
# wildcards=

#################################
# version-string   What should PowerDNS return for version
#                  allowed methods are anonymous / powerdns / full / custom
version-string=powerdns

include=/etc/powerdns/pdns.d
pi@raspi ~ $ cat /etc/powerdns/pdns.d/pdns.simplebind
launch=bind
bind-config=/etc/powerdns/bindbackend.conf

For debugging:

pi@raspi ~ $ sudo pdns_server --daemon=no
Nov 29 17:47:52 Listening on controlsocket in '/var/run/pdns.controlsocket'
Nov 29 17:47:52 Guardian is launching an instance
Nov 29 17:47:52 Reading random entropy from '/dev/urandom'
Nov 29 17:47:52 This is a guarded instance of pdns
Nov 29 17:47:52 UDP server bound to 192.168.2.3:53
Nov 29 17:47:52 TCP server bound to 192.168.2.3:53
Nov 29 17:47:52 PowerDNS 3.1 (C) 2001-2012 PowerDNS.COM BV (Feb  8 2014, 18:34:09, gcc 4.6.3) starting up
Nov 29 17:47:52 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Nov 29 17:47:52 DNS Proxy launched, local port 55845, remote 217.145.192.3:53
Nov 29 17:47:52 Creating backend connection for TCP
Nov 29 17:47:52 Error parsing bind configuration: Error in bind configuration '/etc/powerdns/bindbackend.conf' on line 11: syntax error
Nov 29 17:47:52 Caught an exception instantiating a backend, cleaning up
Nov 29 17:47:52 TCP server is unable to launch backends - will try again when questions come in: Error in bind configuration '/etc/powerdns/bindbackend.conf' on line 11: syntax error
Nov 29 17:47:52 About to create 3 backend threads for UDP
Nov 29 17:47:52 Error parsing bind configuration: Error in bind configuration '/etc/powerdns/bindbackend.conf' on line 11: syntax error

Start the service:

pi@raspi ~ $ sudo service pdns start
pi@raspi ~ $ sudo service pdns status
[ ok ] pdns is running: 7716: Child running on pid 7718.

Finally DNS lookup test

pi@raspi ~ $ dig local

; <> DiG 9.8.4-rpz2+rl005.12-P1 <> local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64542
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;local.				IN	A

;; ANSWER SECTION:
local.			3600	IN	A	192.168.2.3

;; Query time: 7 msec
;; SERVER: 192.168.2.3#53(192.168.2.3)
;; WHEN: Sat Nov 29 17:49:20 2014
;; MSG SIZE  rcvd: 39

pi@raspi ~ $ dig microsoft.com

; <> DiG 9.8.4-rpz2+rl005.12-P1 <> microsoft.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8605
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 8

;; QUESTION SECTION:
;microsoft.com.			IN	A

;; ANSWER SECTION:
microsoft.com.		2424	IN	A	134.170.188.221
microsoft.com.		2424	IN	A	134.170.185.46

;; AUTHORITY SECTION:
microsoft.com.		85425	IN	NS	ns3.msft.net.
microsoft.com.		85425	IN	NS	ns4.msft.net.
microsoft.com.		85425	IN	NS	ns1.msft.net.
microsoft.com.		85425	IN	NS	ns2.msft.net.

;; ADDITIONAL SECTION:
ns1.msft.net.		73	IN	A	208.84.0.53
ns1.msft.net.		73	IN	AAAA	2620:0:30::53
ns2.msft.net.		4560	IN	A	208.84.2.53
ns2.msft.net.		4560	IN	AAAA	2620:0:32::53
ns3.msft.net.		2843	IN	A	213.199.180.53
ns3.msft.net.		2843	IN	AAAA	2a01:111:2020::1:1
ns4.msft.net.		4560	IN	A	208.76.45.53
ns4.msft.net.		4560	IN	AAAA	2620:0:37::53

;; Query time: 11 msec
;; SERVER: 192.168.2.3#53(192.168.2.3)
;; WHEN: Sat Nov 29 17:51:53 2014
;; MSG SIZE  rcvd: 319

To check statistics or purge cache use pdns_control:

pi@raspi ~ $ sudo pdns_control help
bind-domain-status [domains]     bindbackend: list status of all domains
bind-list-rejects                bindbackend: list rejected domains
bind-reload-now         bindbackend: reload domains
ccounts                          get cache statistics
cycle                            restart instance
notify                   queue a notification
notify-host        notify host for specific domain
ping                             ping guardian
purge []                 purge entries from packet cache
quit                             quit daemon
rediscover                       discover any new zones
reload                           reload all zones
retrieve                 retrieve slave domain
rping                            ping instance
set                  set config variables
show                  show a specific statistic or * to get a list
status                           get instance status from guardian
uptime                           get instance uptime
version                          get instance version
Advertisements

Author: Michal Zuber

Full stack developer, biker and rollerblader. Owner and developer at https://nevilleweb.sk/ Co-founded http://neville.sk/ Blog at https://michalzuber.wordpress.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s