added initial walkthrough for setting up authoritative dns server

2021-03-13 15:45:04 -08:00 · 2021-03-13 15:45:04 -08:00 · 7014e8f7ad
commit 7014e8f7ad
parent adefa990e5
1 changed files with 131 additions and 0 deletions
--- a/pdns-server_notes.md
+++ b/pdns-server_notes.md
@ -0,0 +1,131 @@
 # installing and configuring PowerDNS for use as an authoritative server on a private network
 ## ubuntu 20.04 on raspberry pi 4 edition
 ## updated 2021-03-13 by sundog <sundog@reclaim.technology>
 # overview
 the goal of this exercise is to set up an authoritative domain name server that listens on a VPN interface and provides lookups for custom private domains to VPN clients. to accomplish this goal, I will be installing PowerDNS' authoritative server on a raspberry pi 4 running ubuntu 20.04 that was [previously configured as a wireguard VPN server](./wg-portal_notes.md).
 # initial test network configuration
 the server needs to listen on 10.42.1.1:53 and provide name resolution for hosts in the .sundogistan top-level domain. see the aforementioned wireguard server setup notes for more details about the VPN configuration; this document will be concentrating solely on the configuration of the DNS server.
 # setting up prerequisites
 ## installing the powerdns authoritative server
 as PowerDNS' debian/ubuntu repositories do not provide arm64 packages I will be using the ubuntu versions, currently at 4.2.1-1
 ```
 sudo apt install -y pdns-server pdns-backend-sqlite3
 ```
 ## configuring pdns
 the service won't start because the configuration isn't set up to use the backend, so we need to change that.
 as root, edit `/etc/powerdns/pdns.d/` and add the following content:
 ```
 launch=gsqlite3
 gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
 local-address=10.42.1.1
 ```
 then `sudo rm /etcpowerdns/pdns.d/bind.conf`
 now we're ready to set up the sqlite database itself:
 ```
 sudo apt install -y sqlite3     # oops, almost forgot
 sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql
 sudo chown -R pdns:pdns /var/lib/powerdns
 sudo systemctl start pdns
 ```
 if all goes well, running `sudo systemctl status pdns` should show an active running status.
 let's query it:
 ```
 sudo apt install -y net-tools
 dig a www.example.com @10.42.1.1
 ```
 hopefully you get back an answer with status: REFUSED because we haven't set up any zones yet, and definitely not the example.com zone, but if it responds then it's running!
 my partially truncated output:
 ```
 root@bbs:~# dig a www.example.com @10.42.1.1
 ; <<>> DiG 9.16.1-Ubuntu <<>> a www.example.com @10.42.1.1
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58344
 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
 ;; WARNING: recursion requested but not available
 ```
 at this point I could start using `pdnsutil` to create a zone and populate it with some records and such, but I'm in this for the long haul and I also am lazy and like web-based interfaces, so I'm going to proceed and set up [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin) which provides exactly that web-based interface I'm looking for.
 # installing and configuring powerdns-admin
 first we'll need a bunch more prereqs:
 ```
 sudo apt install -y python3-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential libmysqlclient-dev
 # and nodejs too
 curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
 curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
 sudo apt update && sudo apt install -y nodejs yarn
 ```
 now it's time to clone the repo and set some stuff up
 might as well be root!
 ```
 sudo -i
 git clone https://github.com/ngoduykhanh/PowerDNS-Admin /opt/web/powerdns-admin
 cd /opt/web/powerdns-admin
 virtualenv -p python3 flask
 source ./flask/bin/activate
 pip install -r requirements
 ```
 that should leave us ready to get it up and going
 # running powerdns-admin
 first we need to get some database stuff set up
 ```
 cp ./powerdnsadmin/default_config.py ./powerdnsadmin/local_config.py
 ```
 edit that new `local_config.py`
 - switch up the salt and secret key
 - set the bind address to the VPN interface address (in my examples 10.42.1.1)
 - comment out the mysql database uri
 - uncomment the sqlite databse uri
 then save the file.
 back at the root virtualenv shell:
 ```
 # use our new config
 export FLASK_CONF=local_config.py
 # do the initial database migration
 export FLASK_APP=powerdnsadmin/__init__.py
 flask db upgrade
 # generate web asset files
 yarn install --pure-lockfile
 flask assets build
 ```
 at this point we should be able to `./run.py` and have the web application start at http://10.42.1.1:9191 
 there's a big **TODO** sitting right here to walk through the configuration of connecting the admin web app to the actual pdns server's api, but that will be in the next revision so I can get this committed.  more soon.