Jump to content

DNS/PowerDNS

From Wikitech
< DNS
See DNS for current information. Around 2013, Wikimedia switched from PowerDNS to gdnsd.
This page contains historical information. It may be outdated or unreliable.
2008

PowerDNS [1] is the DNS server we use for geographic DNS balancing, and possibly "normal" authoritative DNS in future as well. This page explains configuration. More can be found on DNS.

Configuration

It's best to bind PowerDNS to a specific IP, instead of INADDR_ANY. To do that, put:

local-address=IP
query-local-address=IP

A backend like geobackend can't make use of caching, since returned results will be different depending on "who's asking". Therefore, disable caching:

query-cache-ttl=0
cache-ttl=0
negquery-cache-ttl=300

If just geobackend is used, multithreading is unnecessary, and may even impact performance. Make pdns single-threaded with:

distributor-threads=1

In geobackend itself, there are no wildcard records, so pdns shouldn't have to check for them:

wildcards=no

Running privileged is unnecessary (of course make sure these user/group exist):

setuid=pdns
setgid=pdns

Launch the backend that will be used, in the specified order, seperated by commas:

launch=geo

Geobackend configuration

Specify the zone that will contain the "georecords":

geo-zone=wikimedia.org

Every zone needs a SOA record, and so does a geo-zone. Only the SOA name and hostmaster fields are important. Specify them comma separated:

geo-soa-values=ns0.wikimedia.org,hostmaster@wikimedia.org

Every zone needs to have NS records as well, to specify the authoritative servers:

geo-ns-records=ns0.wikimedia.org,ns1.wikimedia.org,ns2.wikimedia.org

Geobackend reads in an rbldnsd-style zonefile, to map specific IPs to countries. Specify the path to this file:

geo-ip-map-zonefile=/etc/powerdns/zz.countries.nerd.dk.rbldnsd

Every record in the "geo zone" has its own "map file", mapping every country to some CNAME. Geobackend will read all files in the directory specified here, and use the filename as the recordname:

geo-maps=/etc/powerdns/geomaps/

Every DNS record has a TTL, and geobackend currently only allows to specify these globally. Default is 1 hour for normal (CNAME) records, 1 day for NS records:

geo-ttl=3600
geo-ns-ttl=86400

Provisioning

This is not the way Wikimedia's setup works. For that, see DNS

To maintain an identical configuration of geomaps, the following rsync cronjob can be used:

*/15 * * * *    pdns    NR=$(rsync -rt --delete \
                        rsync://rsync-path /etc/powerdns/directormaps | \
                        awk '/Number of files transferred/ { print $5 }'); \
                        [ $NR != "0" ] && /usr/local/bin/pdns_control rediscover > /dev/null

This rsyncs the geo map files from a central repository, and sends PowerDNS a signal to reread them if they've actually been changed.

The DNSBL should be regularly updated as well, for example daily:

07 04 * * *     pdns    rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd \
                        /usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd && \
                        /usr/local/bin/pdns_control rediscover > /dev/null