How I manage PowerDNS in a Linux environment using cPanel’s Zone editor. After 20+ years of using bind, I switched to PowerDNS, due to the lower memory requirements and convenience of a GUI to manage the zone records. I use cPanel’s zone editor to manage
Configuration Files
The default configuration files can be found here:
/etc/pdns/pdns.conf
Pdns uses the bind zone structures, which makes troubleshooting easier for those familiar with bind. The main zone file starts here:
/etc/named.conf
Within named.conf you will find include statements for each of the zones. Each zone has it’s own file and can be found here:
/var/named
Maintenance Commands
There are several commands that I find useful when troubleshooting PowerDNS. They are
systemctl start pdns.service
systemctl status -l pdns.service
Securing PowerDNS
While we are looking at the pdns.conf file, you should verify that the AXFR option is disabled. This is done using the following option within pdsn.conf
disable-axfr=yes
Once enabled, you will find in your logs AXFR attempts from nefarious sources. The log entries will look like this.
<Date> <TIME> <your server name> pdns_server: AXFR of domain 'somedomain.tld' failed: <nefarious ip address> cannot request AXFR
For more information on AXFR check out this Wiki Page.
Advanced DNS troubleshooting
If you are having troubles with DNS and need to get more detailed logging, you have some additional options in pdns.conf. DO NOT leave these enabled on a production system. The relevant loggin options are:
# log-dns-details=no - Change to yes to log non-erroneous details
# log-dns-queries=no - change to yes to log all incoming queries
# logging-facility= - Specify a value to log to other than syslog
# loglevel=4 - Specify a higher value for more details. Do not use levels 1 or 2.