Configuring PowerDNS with SolusVM on CentOS 7

The SolusVM documentation has detailed instructions on configuring PowerDNS to work with SolusVM for rDNS configurations, however their instructions only work with CentOS 5 and 6. This guide shows you how to do it on CentOS 7.

Note that we’ve stuck with very similar steps to the SolusVM docs, with adjustments where necessary for remotely better security and to work with newer versions of MySQL (mariadb specifically).

These instructions are identical for the Master DNS server and the Slave DNS server, except in one spot: the second GRANT statement in step 2. Do not run that statement on the slave DNS server — only run it on the master. Be sure to pay close attention to this, as security-wise we don’t want to provide access to a server if it’s not necessary.

1. Install

yum -y install epel-release
yum -y install mariadb mariadb-server pdns pdns-backend-mysql
systemctl enable mariadb
systemctl enable pdns

2. Set MySQL root password and powerdns user

It’s important to note that you must replace the following parts with their true values:

  • new_root_password => randomly generated password. Keep note of this just in case you need it later.
  • new_powerdns_user_password => randomly generated password.
  • solusvms_master_server_hostname => The hostname (or IP) of your solusvm master server (not of your DNS master)

DO NOT run the second GRANT statement on the slave DNS server.

systemctl restart mariadb && systemctl stop mariadb
mysqld_safe --skip-grant-tables &
mysql
MariaDB [(none)]> use mysql;
MariaDB [mysql]> UPDATE user SET password=PASSWORD("new_root_password") WHERE User='root';
MariaDB [mysql]> quit;
systemctl restart  mariadb.service
mysql -uroot -p
MariaDB [mysql]> GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY "new_powerdns_user_password";
MariaDB [mysql]> GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'solusvms_master_server_hostname' IDENTIFIED BY "new_powerdns_user_password";
MariaDB [mysql]> FLUSH PRIVILEGES;
MariaDB [mysql]> quit;

3. Download and import the SolusVM PowerDNS SQL config

wget http://files.soluslabs.com/solusvm/pdns/pdns.sql

For compatibility with MySQL 5.6+ Edit pdns.sql and find/replace all instances of type=InnoDB to Engine=InnoDB. In Vim you can press esc-colon then enter: %s/type=InnoDB/Engine=InnoDB/g

mysql --user=root --password="ROOT_MYSQL_PASSWORD" < pdns.sql

4. Connect pdns to mysql:

Edit /etc/pdns/pdns.conf and enter the following config. Be sure to replace $(new_powerdns_user_password) with the matching password you created in step 2.

launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-password=$(new_powerdns_user_password)
gmysql-dbname=powerdns

Then run:

systemctl restart pdns

When configuring replication, it’s probably best to make use of the ‘additional config’ directory provided by MariaDB, rather than editing my.cnf directly: /etc/my.cnf.d/replicate.cnf
Just remember to add “[mysqld]” to the top of the config supplied by the SolusVM Docs.

When configuring the slave, leave out “master-connect-retry=60” as it’s not configurable from files any longer. Instead, add it to the list of “change master to […]” options in the command. Details here.

On the Master run this to allow through firewall:

systemctl stop iptables && systemctl mask iptables
 systemctl enable firewalld.service
 systemctl start firewalld.service
 firewall-cmd --zone=public --add-port=3306/tcp && firewall-cmd --zone=public --add-port=3306/tcp --permanent

Jordan is a computer, security, and network systems expert and a lover of all things web and tech. Jordan consults with project management for software companies. Jordan is a founder and managing partner at Websavers Inc.

Leave a Comment