PowerDNS
(Geobackend configuration) |
(Provisioning) |
||
| Line 1: | Line 1: | ||
| − | '''PowerDNS''' [http://www.powerdns.com] is the DNS server we use for ''geographic DNS balancing'', and possibly "normal" authoritative DNS in future as well. This page explains configuration. | + | '''[[Wikipedia:PowerDNS|PowerDNS]]''' [http://www.powerdns.com] is the DNS server we use for ''geographic DNS balancing'', and possibly "normal" authoritative DNS in future as well. This page explains configuration. |
== Configuration == | == Configuration == | ||
| Line 10: | Line 10: | ||
A backend like ''geobackend'' can't make use of caching, since returned results will be different depending on "who's asking". Therefor, disable caching: | A backend like ''geobackend'' can't make use of caching, since returned results will be different depending on "who's asking". Therefor, disable caching: | ||
| − | query-cache-ttl=0 | + | query-cache-ttl=''0'' |
| − | cache-ttl=0 | + | cache-ttl=''0'' |
| − | negquery-cache-ttl=300 | + | negquery-cache-ttl=''300'' |
If just geobackend is used, multithreading is unneccessary, and may even impact performance. Make pdns singlethreaded with: | If just geobackend is used, multithreading is unneccessary, and may even impact performance. Make pdns singlethreaded with: | ||
| − | distributor-threads=1 | + | distributor-threads=''1'' |
In geobackend itself, there are no wildcard records, so pdns shouldn't have to check for them: | In geobackend itself, there are no wildcard records, so pdns shouldn't have to check for them: | ||
| − | wildcards=no | + | wildcards=''no'' |
Running privileged is unnecessary (of course make sure these user/group exist): | Running privileged is unnecessary (of course make sure these user/group exist): | ||
| − | setuid=pdns | + | setuid=''pdns'' |
| − | setgid=pdns | + | setgid=''pdns'' |
| − | Launch the backend that will be used, in the specified order: | + | Launch the backend that will be used, in the specified order, seperated by commas: |
| − | launch=geo | + | launch=''geo'' |
=== Geobackend configuration === | === Geobackend configuration === | ||
| Line 45: | Line 45: | ||
geo-ns-records=''gdns0.mediawiki.org'',''gdns1.mediawiki.org'' | geo-ns-records=''gdns0.mediawiki.org'',''gdns1.mediawiki.org'' | ||
| − | Geobackend reads in an [[Wikipedia:rbldnsd]]-style zonefile, to map specific IPs to countries. Specify the path to this file: | + | Geobackend reads in an [[Wikipedia:rbldnsd|rbldnsd]]-style zonefile, to map specific IPs to countries. Specify the path to this file: |
geo-ip-map-zonefile=''/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd'' | geo-ip-map-zonefile=''/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd'' | ||
| Line 57: | Line 57: | ||
geo-ttl=''3600'' | geo-ttl=''3600'' | ||
geo-ns-ttl=''86400'' | geo-ns-ttl=''86400'' | ||
| + | |||
| + | == Provisioning == | ||
| + | |||
| + | To maintain an identical configuration of geomaps, the following rsync cronjob can be used: | ||
| + | |||
| + | */15 * * * * pdns NR=$(rsync -rt --delete \ | ||
| + | rsync://''rsync-path'' /usr/local/etc/powerdns/directormaps | \ | ||
| + | awk '/Number of files transferred/ { print $5 }'); \ | ||
| + | [ $NR != "0" ] && /usr/local/bin/pdns_control rediscover > /dev/null | ||
| + | |||
| + | This rsyncs the geo map files from a central repository, and sends PowerDNS a signal to reread them if they've actually been changed. | ||
| + | |||
| + | The DNSBL should be regularly updated as well, for example daily: | ||
| + | |||
| + | 07 04 * * * pdns rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd \ | ||
| + | /usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd && \ | ||
| + | /usr/local/bin/pdns_control rediscover > /dev/null | ||
== External links == | == External links == | ||
* [http://docs.powerdns.com PowerDNS documentation] | * [http://docs.powerdns.com PowerDNS documentation] | ||
* [http://cvs.blitzed.org/geo-dns/README?rev=HEAD Geobackend README] | * [http://cvs.blitzed.org/geo-dns/README?rev=HEAD Geobackend README] | ||
Revision as of 18:16, 11 January 2005
PowerDNS [1] is the DNS server we use for geographic DNS balancing, and possibly "normal" authoritative DNS in future as well. This page explains configuration.
Contents |
Configuration
It's best to bind PowerDNS to a specific IP, instead of INADDR_ANY. To do that, put:
local-address=IP query-local-address=IP
A backend like geobackend can't make use of caching, since returned results will be different depending on "who's asking". Therefor, disable caching:
query-cache-ttl=0 cache-ttl=0 negquery-cache-ttl=300
If just geobackend is used, multithreading is unneccessary, and may even impact performance. Make pdns singlethreaded with:
distributor-threads=1
In geobackend itself, there are no wildcard records, so pdns shouldn't have to check for them:
wildcards=no
Running privileged is unnecessary (of course make sure these user/group exist):
setuid=pdns setgid=pdns
Launch the backend that will be used, in the specified order, seperated by commas:
launch=geo
Geobackend configuration
Specify the zone that will contain the "georecords":
geo-zone=gdns.wikimedia.org
Every zone needs a SOA record, and so does a geo-zone. Only the SOA name and hostmaster fields are important. Specify them comma separated:
geo-soa-values=gdns0.mediawiki.org,hostmaster@mediawiki.org
Every zone needs to have NS records as well, to specify the authoritative servers:
geo-ns-records=gdns0.mediawiki.org,gdns1.mediawiki.org
Geobackend reads in an rbldnsd-style zonefile, to map specific IPs to countries. Specify the path to this file:
geo-ip-map-zonefile=/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd
Every record in the "geo zone" has its own "map file", mapping every country to some CNAME. Geobackend will read all files in the directory specified here, and use the filename as the recordname:
geo-maps=/usr/local/etc/powerdns/directormaps/
Every DNS record has a TTL, and geobackend currently only allows to specify these globally. Default is 1 hour for normal (CNAME) records, 1 day for NS records:
geo-ttl=3600 geo-ns-ttl=86400
Provisioning
To maintain an identical configuration of geomaps, the following rsync cronjob can be used:
*/15 * * * * pdns NR=$(rsync -rt --delete \
rsync://rsync-path /usr/local/etc/powerdns/directormaps | \
awk '/Number of files transferred/ { print $5 }'); \
[ $NR != "0" ] && /usr/local/bin/pdns_control rediscover > /dev/null
This rsyncs the geo map files from a central repository, and sends PowerDNS a signal to reread them if they've actually been changed.
The DNSBL should be regularly updated as well, for example daily:
07 04 * * * pdns rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd \
/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd && \
/usr/local/bin/pdns_control rediscover > /dev/null
