[Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

Brian Candler b.candler at pobox.com
Wed Aug 19 08:15:27 UTC 2020

On 18/08/2020 19:44, Fabio Perez wrote:
> Hello Brian,
> Thank you so much for all of that information. I think I understand a 
> little bit more this DNS.
> If I may ask you something more:
> What I want to do is to build a website (https://www.mosaic.site) 
> where people can open an account with us and create email and 
> webhosting accounts. They will be able to create websites and in the 
> future I want to dd more features.
> For this, I bought the domain name “mosaic.site” on Namecheap.
Namecheap is already running authoritative DNS for that domain. The 
authoritative servers are:

$ dig +short mosaic.site. ns


> The setup that I'm trying to build is as follow:
> VM1 - CentOS - hostname: panel.mosaic.site - IP - 
> Software: DirectAdmin (Is a web hosting control panel)
> VM2 - CentOS - hostname: my.mosaic.site - IP - Software: 
> WHMCS (for Web Hosting control)
> VM3 - CentOS - hostname: ns1.mosaic.site - IP - 
> Software: PowerDNS (Authoritative – with Maria DB)
> VM4 - CentOS - hostname: ns2.mosaic.site - IP - 
> Software: PowerDNS (Authoritative – with Maria DB)
> On all 4 VMs I set:
> /etc/resolv.conf
> # Generated by NetworkManager
> nameserver
> nameserver
> Based on what you said, I can either change VM3 and VM4 to be 
> Recursive DNS servers and then add a VM5 as Authoritative or Just have 
> VM3 and VM4 as Recursive without an Authoritative server?
If you are new to DNS, I'd start with the second option: use VM3 and VM4 
as recursive, and don't have an authoritative server.  Any changes to 
mosaic.site can be done via Namecheap's control panel.

You only need to run your own authoritative nameservers if you are 
making lots of changes to mosaic.site dynamically, and even then only if 
Namecheap don't provide an API for you do to this on their servers.

If you run your own authoritative nameservice then there are a bunch of 
other requirements on you.  The most important is that you must have 
multiple authoritative nameservers on *different autonomous systems* for 
resilience - read RFC 2182 for more information on this topic.

> What would be your recommendation from the DNS perspective? What 
> configuration should I use?
> What I didn’t want to do is let Namecheap control my DNS settings.
Why don't you want that? Namecheap may be cheap, but they have been 
running nameservers for longer than you have.

If you don't like Namecheap then I suggest you take hosted DNS from 
another provider.  There are lots of options in this space. Dnsmadeeasy 
is one that springs to mind and I've had good experience with; if cost 
is the number one concern then Godaddy Premium DNS is very cheap.  Cloud 
providers like AWS have managed DNS services too, and there are other 
more specialist DNS service providers that you can find easily via a 
Google search.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200819/3c86a97e/attachment.htm>

More information about the Pdns-users mailing list