If you want a powerful and flexible DNS solution that can hook in with IP Management, then look no further than PowerDNS with PHPIPAM.
Today I am going to install PowerDNS, the PowerDNS Recursor, and PHPIpam.
As a pre-requisite I will be using an Ubuntu 20.04 server OS.
Part1 MYSQL , Part2 POWERDNS, Part 3 PDNS-RECURSOR, Part 4 PHPIPAM
PART ONE INSTALLING MYSQL
PowerDNS stores its records in a database. I am going to leverage MySQL. There are also other database backends available like sqlite3, Postgres or even Bind.
Before setting up PowerDNS and the PowerDNS recursor I will have to disable Ubuntu’s internal resolver which listens on the DNS port 53.
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo systemctl mask systemd-resolved
Don’t forget to remove the symlink:
Sudo rm /etc/resolv.conf
After this I will need to set my DNS nameserver in ubuntu manually:
vi /etc/resolv.conf
I will add the internet dns server of my choice:
nameserver 8.8.8.8
Next I install the MySQL server:
sudo apt install mysql-server
As best practices warrant, the following script should be run to harden the installation:
sudo mysql_secure_installation
I accepted all of the defaults.
You can find more information about this script here: https://mariadb.com/kb/en/mysql_secure_installation/
I will now set the MySQL password
sudo mysql
ALTER USER ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘your password’;
FLUSH PRIVILEGES;
QUIT;
PART TWO INSTALLING PowerDNS and the PowerDNS MySQL backend component
The pdns-server package contains the main application and pdsn-backend-mysql package is what will connect it up to the MySQL database that I just created.
sudo apt install pdns-server pdns-backend-mysql
Next I will need to create the database and a specific user which will be leveraged by PowerDNS.
mysql -u root -p
CREATE DATABASE powerdns;
A non root user needs to be created for the database with all the necessary priviledges
CREATE USER 'pdnsadmin'@'localhost' IDENTIFIED BY 'yournewpassword';
GRANT ALL on powerdns.* to pdnsadmin@localhost identified by ‘yourpassword’;
FLUSH PRIVILEGES;
QUIT;
For this database I could create the tables manually but it is easier to import the schema that comes with the PowerDNS MySQL backend package.
mysql -u pdnsadmin -p powerdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
There should be 7 tables. I will check to see if this was successful
mysqlshow -u pdnsadmin -p powerdns
There is an issue with the latest schema in relation to phpIPAM and I will need to make one adjustment in the database.
Mysql -u pdnsadmin -p
USE powerdns;
ALTER TABLE records ADD change_date int;
I can now connect PowerDNS to the MySQL database:
Systemctl stop pdns
I create a new file in /etc/powerdns/pdns.d/mysql.conf and input the connection details
# Define the gmysql backend
launch+=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=pdnsadmin
gmysql-password=yourPdnsPasswd
gmysql-dnssec=yes
Following that I will change the permissions on the file and start the service
sudo chmod 640 /etc/powerdns/pdns.d/gmysql.conf
Start the pdns
sudo systemctl start pdns
sudo systemctl status pdns
All good and running.
PART THREE INSTALLING THE POWERDNS RECURSOR
Powerdns is an authoritative DNS server, therefore it can only answer queries for the DNS records that it knows about. In my case it will be able to answer queries about computers in my domain. However if a request comes in for an external site like google, it will not be able to answer this. To solve this problem I will install the Powerdns Recursor server and have it listen on port 53. Its job will be to forward queries. If a DNS query comes in for a computer in my subnet the recursor will forward the requests to the PowerDNS instance but for all other requests it will forward to internet DNS servers like google 8.8.8.8.
Since the PowerDNS recursor application will be handling requests and be listening on port 53 I need to change the PowerDNS authoritative server’s local port in the /etc/powerdns/pdns.conf file. I chose port 5300 and set it to the local address to 127.0.0.1 because it only needs to take queries from the Recursor server running on the same machine.
After restarting the pdns service I check to see if it is listening on the correct port
“sudo ss -ltnp”
I will now install the PowerDNS recursor server
Sudo apt install pdns-recursor
Next I edit the /etc/powerdns/recursor.conf file stating the port, address and forward zones.
Local-address=0.0.0.0
Local-port 53
forward-zones=yourdomain.local=127.0.0.1:5300, 0.168.192.in-addr.arpa=127.0.0.1:5300
sudo systemctl restart pdns-recursor.service
At this point I can test the setup by trying a query from a computer on the local network using my ubuntu server with PowerDNS recursor being set as the DNS server.
PART FOUR PHPIPAM INSTALLATION
I can now move on to the phpIPAM installation.
Once again I need to create a database and user it for the application.
sudo mysql -u root -p
CREATE DATABASE phpipam;
CREATE USER ‘phpipam’@’localhost’ IDENTIFIED BY ‘yourpassword’;
GRANT ALL ON phpipam.* TO phpipam@localhost;
FLUSH PRIVILEGES;
QUIT;
Next I will install the pre-requisites for PhpIPAM
sudo apt update
sudo apt -y install php php-{mysql,curl,gd,intl,pear,imap,memcache,pspell,tidy,xmlrpc,mbstring,gmp,json,xml,fpm}
To get the latest version I will clone the phpIPAM git repository.
sudo git clone –recursive https://github.com/phpipam/phpipam.git /var/www/html/phpipam
Next cd to the /var/www/html/phpipam directory
cd /var/www/html/phpipam
I will copy the default config and edit it with my database connection details
sudo cp config.dist.php config.php
$ sudo vim config.php
/**
* database connection details
******************************/
$db[‘host’] = ‘localhost’;
$db[‘user’] = ‘phpipam‘;
$db[‘pass’] = ‘StrongDBPassword‘;
$db[‘name’] = ‘phpipam‘;
$db[‘port’] = 3306;
$api_allow_unsafe = true;
Next I will install the schema that comes with the application:
mysql -u root -p phpipam < db/SCHEMA.sql
Being a PHP application PHPIpam needs to run on a web server.
I am going to use apache:
The next step make sure nginx is not enabled and will setup the apache virtualhost:
sudo systemctl stop nginx && sudo systemctl disable nginx
Now I can setup the apache virtualhost:
sudo a2dissite 000-default.conf
sudo a2enmod rewrite
Php modules for apache
sudo apt -y install libapache2-mod-php php-curl php-xmlrpc php-intl php-gd
add the configuration for apache
sudo vim /etc/apache2/sites-available/phpipam.conf
create the virtualsite
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot “/var/www/html/phpipam”
ServerName ipam.example.com
ServerAlias www.ipam.example.com
<Directory “/var/www/html/phpipam”>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog “/var/log/apache2/phpipam-error_log”
CustomLog “/var/log/apache2/phpipam-access_log” combined
</VirtualHost>
sudo chown -R www-data:www-data /var/www/html
sudo a2ensite phpipam
sudo systemctl restart apache2
At this point the site should be ready
Use the VM of the Ubuntu server and login to PHPIPam using the default user and password.
username: ADMIN
password: ipamadmin
PHPIPAM will prompt you change the password upon first login
Once logged in you can go to the PowerDNS menu under the phpIPAM settings and connect to your PowerDNS instance.
In my next post I will run through this simple connection procedure and demonstrate how you can add subnets and DNS records in the phpIPAM web gui which will be automatically added to the DNS server’s records.