DNS/PowerDNS
PowerDNS [1] is the DNS server we use for geographic DNS balancing, and possibly "normal" authoritative DNS in future as well. This page explains configuration. More can be found on DNS.
Configuration
It's best to bind PowerDNS to a specific IP, instead of INADDR_ANY. To do that, put:
local-address=IP query-local-address=IP
A backend like geobackend can't make use of caching, since returned results will be different depending on "who's asking". Therefore, disable caching:
query-cache-ttl=0 cache-ttl=0 negquery-cache-ttl=300
If just geobackend is used, multithreading is unnecessary, and may even impact performance. Make pdns single-threaded with:
distributor-threads=1
In geobackend itself, there are no wildcard records, so pdns shouldn't have to check for them:
wildcards=no
Running privileged is unnecessary (of course make sure these user/group exist):
setuid=pdns setgid=pdns
Launch the backend that will be used, in the specified order, seperated by commas:
launch=geo
Geobackend configuration
Specify the zone that will contain the "georecords":
geo-zone=wikimedia.org
Every zone needs a SOA record, and so does a geo-zone. Only the SOA name and hostmaster fields are important. Specify them comma separated:
geo-soa-values=ns0.wikimedia.org,hostmaster@wikimedia.org
Every zone needs to have NS records as well, to specify the authoritative servers:
geo-ns-records=ns0.wikimedia.org,ns1.wikimedia.org,ns2.wikimedia.org
Geobackend reads in an rbldnsd-style zonefile, to map specific IPs to countries. Specify the path to this file:
geo-ip-map-zonefile=/etc/powerdns/zz.countries.nerd.dk.rbldnsd
Every record in the "geo zone" has its own "map file", mapping every country to some CNAME. Geobackend will read all files in the directory specified here, and use the filename as the recordname:
geo-maps=/etc/powerdns/geomaps/
Every DNS record has a TTL, and geobackend currently only allows to specify these globally. Default is 1 hour for normal (CNAME) records, 1 day for NS records:
geo-ttl=3600 geo-ns-ttl=86400
Provisioning
- This is not the way Wikimedia's setup works. For that, see DNS
To maintain an identical configuration of geomaps, the following rsync cronjob can be used:
*/15 * * * * pdns NR=$(rsync -rt --delete \ rsync://rsync-path /etc/powerdns/directormaps | \ awk '/Number of files transferred/ { print $5 }'); \ [ $NRÂ != "0" ] && /usr/local/bin/pdns_control rediscover > /dev/null
This rsyncs the geo map files from a central repository, and sends PowerDNS a signal to reread them if they've actually been changed.
The DNSBL should be regularly updated as well, for example daily:
07 04 * * * pdns rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd \ /usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd && \ /usr/local/bin/pdns_control rediscover > /dev/null