PowerDNS

PowerDNS

Overview

Starchart uses the PowerDNS Authoritative Server for our DNS management. We chose it due to its ability to dynamically manage DNS records via an API.

This page collects various pieces of information related to PowerDNS, how we use it, and links to resources we need.

Resources

• PowerDNS
  • PowerDNS Authoritative Server
  • PowerDNS Open Source and github.com/PowerDNS
  • Docker Usage and hub.docker.com/u/powerdns images
• PowerDNS Docs
  • Installing PowerDNS
  • Basic Setup
  • Database Backends
  • Authoritative Server Settings
  • Built-in Webserver and HTTP API
  • pdnsutil command line tool

Running the Authoritative Server via Docker

Docker Hub Images

The "auth" server (short for Authoritative) can be run from Docker using one of the various the official powerdns/pdns-auth-* images on Docker Hub. NOTE: unlike many other Docker images, PowerDNS uses image names vs. tags to do releases. For example:

• powerdns/pdns-auth-master for the latest changes from the master branch
• powerdns/pdns-auth-47 for version v4.7.x
• powerdns/pdns-auth-46 for version v4.6.x
• and so on...

Running a Container

To run a container based on v4.7.x (there is likely a newer release) locally, you can do the following:

docker run --rm --name pdns-auth --env PDNS_AUTH_API_KEY=secret_key -p 1053:53 -p 1053:53/udp -p 8081:8081 powerdns/pdns-auth-47

This command does the following:

1. Starts a new container based the powerdns/pdns-auth-47 image, which will be removed automatically when we are finished
2. Names the container pdns-auth
3. Defines the PDNS_AUTH_API_KEY to be secret_key, which is needed to access the web API
4. Publishes 3 separate ports on the host (1053 tcp, 1053 udp, and 8081)

You can also add a trailing -d to run it in the background:

docker run --rm --name pdns-auth --env PDNS_AUTH_API_KEY=secret_key -p 1053:53 -p 1053:53/udp -p 8081:8081 powerdns/pdns-auth-47 -d

You can now login to the web server at http://127.0.0.1:8081 using the following credentials:

• username: root
• password: secret_key

Similarly, you can access the HTTP API by including the PDNS_AUTH_API_KEY we specified above:

$ curl -s -H "X-API-Key: secret_key" http://127.0.0.1:8081/api/v1/servers/localhost
{"autoprimaries_url": "/api/v1/servers/localhost/autoprimaries{/autoprimary}", "config_url": "/api/v1/servers/localhost/config{/config_setting}", "daemon_type": "authoritative", "id": "localhost", "type": "Server", "url": "/api/v1/servers/localhost", "version": "4.7.2", "zones_url": "/api/v1/servers/localhost/zones{/zone}"}