[Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

Tue Aug 18 18:44:05 UTC 2020

Hello Brian,
Thank you so much for all of that information. I think I understand a little bit more this DNS.
If I may ask you something more:
What I want to do is to build a website (https://www.mosaic.site) where people can open an account with us and create email and webhosting accounts. They will be able to create websites and in the future I want to dd more features.

For this, I bought the domain name "mosaic.site" on Namecheap.

The setup that I'm trying to build is as follow:

VM1 - CentOS - hostname: panel.mosaic.site - IP 45.62.203.200 - Software: DirectAdmin (Is a web hosting control panel)

VM2 - CentOS - hostname: my.mosaic.site - IP 45.62.203.201 - Software: WHMCS (for Web Hosting control)

VM3 - CentOS - hostname: ns1.mosaic.site - IP 45.62.203.202 - Software: PowerDNS (Authoritative - with Maria DB)

VM4 - CentOS - hostname: ns2.mosaic.site - IP 45.62.203.203 - Software: PowerDNS (Authoritative - with Maria DB)

On all 4 VMs I set:
/etc/resolv.conf

# Generated by NetworkManager

nameserver 45.62.203.202

nameserver 45.62.203.203

Based on what you said, I can either change VM3 and VM4 to be Recursive DNS servers and then add a VM5 as Authoritative or Just have VM3 and VM4 as Recursive without an Authoritative server?

What would be your recommendation from the DNS perspective? What configuration should I use?
What I didn't want to do is let Namecheap control my DNS settings.

Thank you again for all your assistance.

Regards,
Fabio Perez

From: Brian Candler <b.candler at pobox.com>
Sent: August 18, 2020 2:08 PM
To: Fabio Perez <fperez1 at corp.fibernetics.ca>
Cc: pdns-users Users <pdns-users at mailman.powerdns.com>
Subject: Re: [Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

On 18/08/2020 16:05, Fabio Perez wrote:
Hello Brian,
Thanks for getting back to me, but now I'm even more confuse.
I though that If I create an Authoritative DNS sever and add that IP on a different VM as a nameserver, the second VM will only receive answers from the DNS if the DNS has that record on it's Database.
And if I add a recursor DNS that means that if the DNS doesn't have the record It will ask over the internet to a different DNS server for that.

The roles involved in DNS are:

stub resolver --------> recursor ---------> authoritative

The stub resolver is the client library at the client host.  It's what you configure in /etc/resolv.conf [or via DHCP].  You configure the IP address of the recursor, or perhaps two or three recursors for redundancy.

The stub resolver sends its request to the recursor.

The recursor knows how to find authoritative nameservers on the Internet which hold the answers required.  It does this by following NS records (delegations).

If this is not the case, then why do we need Authoritative DNS?

The authoritative server contains the data which is published by the domain owner.

For example, say you send a query for "www.google.com<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.google.com%2F&data=01%7C01%7Cfperez1%40corp.fibernetics.ca%7C6c3f930f1a254bbf4f2408d843a1b457%7Cef011ae666f04660b7a4488d77a54e68%7C0&sdata=8BbTrE6DaobEdvX6nApXbacb8Mxga6HF6YaYFIxUCio%3D&reserved=0>".  The answer is held in the authoritative nameservers for google.com.  The recursor sends the queries to them, on behalf of the client, and caches the result in case another client asks the same query soon afterwards.  (Hence "recursor" is also known as "caching nameserver")

What I'm trying to do is:
VM1 running a WHMCS server
VM2 running DirectAdmin

I've no idea what WHMCS or DirectAdmin are, but I'm presuming these are just applications which need to make DNS queries as part of their operation.

VM3 and VM4 running PowerDNS

So, on the first 2 VMs I added both DNS servers as nameservers.

In other words: you configured /etc/resolv.conf (or the RedHat equivalent in /etc/sysconfig), such that VM1 and VM2 send all their DNS queries to VM3 and VM4?

In that case, VM3 and VM4 should be running PowerDNS recursor.

You do not need to install PowerDNS Authoritative unless you own a domain, and you want to publish information about that domain to the Internet.  And then you should run it in a *different* VM.

Although some DNS server software permits the bad practice of running both recursor and authoritative in the same server instance, PowerDNS does not let you do this.

Regards,

Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200818/a0e69e6f/attachment-0001.htm>