chrisss404 / powerdns Goto Github PK
View Code? Open in Web Editor NEWPowerDNS dnsdist, recursor, authoritative, and admin interface. Supports DNSCrypt, DoH, and DoT.
Home Page: https://hub.docker.com/r/chrisss404/powerdns
License: MIT License
PowerDNS dnsdist, recursor, authoritative, and admin interface. Supports DNSCrypt, DoH, and DoT.
Home Page: https://hub.docker.com/r/chrisss404/powerdns
License: MIT License
It would be nice to be able to change timezone using env vars.
environment:
- TZ=America/Argentina/Buenos_Aires
Using chrisss404/powerdns:1.7.0-dnsdist
Caught exception: Outgoing DNS over HTTPS support requested (via 'dohPath' on newServer()) but nghttp2 support is not available
Using this config..
addLocal('127.0.0.1:53',{doTCP=true, reusePort=true})
addACL('127.0.0.0/8')
pc = newPacketCache(4096)
getPool(""):setCache(pc)
setServerPolicy(leastOutstanding)
newServer({address="9.9.9.9:853", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, name="dot-quad9"})
newServer({address="9.9.9.9:443", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, dohPath="/dns-query", name="doh-quad9"})
version: '3.7'
services:
dnsdist:
container_name: dnsdist-chriss404
restart: unless-stopped
volumes:
- '/etc/dnsdist:/etc/dnsdist'
network_mode: host
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "5"
compress: "true"
ulimits:
nofile:
soft: 65535
hard: 65535
image: 'chrisss404/powerdns:1.7.0-dnsdist'
tty: true
stdin_open: true
Can you help with that error (exit 127):
Error loading shared library liblmdb.so.0: No such file or directory (needed by /usr/bin/dnsdist)
Error relocating /usr/bin/dnsdist: mdb_env_create: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_commit: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_begin: symbol not found
Error relocating /usr/bin/dnsdist: mdb_drop: symbol not found
Error relocating /usr/bin/dnsdist: mdb_dbi_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_get_flags: symbol not found
Error relocating /usr/bin/dnsdist: mdb_get: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_mapsize: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_maxdbs: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_abort: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_strerror: symbol not found
Using the example Private Authoritative Server I get the down status of recursor in webui dnsdist, and there is also an entry a.root-servers.net/A in the table Servfail domain in webui recursor.
If I do as written here #10 (comment) then the recursor will start working
My goal:
I have two windows server DNS servers DC1 and DC2 and I want to add forwarding to pdns to receive static records added through admin webui
i am trying to run the default config private-authoritative.yml from the readme
and this is what i get
authoritative-db_1 | 2021-04-04 18:31:33.562 UTC [42] FATAL: password authentication failed for user "pdns"
authoritative-db_1 | 2021-04-04 18:31:33.562 UTC [42] DETAIL: Password does not match for user "pdns".
authoritative-db_1 | Connection matched pg_hba.conf line 95: "host all all all md5"
authoritative_1 | Waiting for connection to postgres db
admin-db_1 | 2021-04-04 18:31:33.824 UTC [42] FATAL: password authentication failed for user "pda"
admin-db_1 | 2021-04-04 18:31:33.824 UTC [42] DETAIL: Password does not match for user "pda".
admin-db_1 | Connection matched pg_hba.conf line 95: "host all all all md5"
admin_1 | Waiting for connection to postgres db
i was running pdns without docker fine with only one server and one public ip
but using docker my domain wont propagate
this is my config
version: '2.1'
services:
admin:
image: chrisss404/powerdns:latest-admin
depends_on:
- admin-db
- authoritative
environment:
- ADMIN_PDNS_API_KEY=******
- ADMIN_USER_PASSWORD=******
- ADMIN_DB_PASS=******
- ADMIN_DB_USER=pda
- ADMIN_DB_NAME=pda
- ADMIN_DB_HOST=admin-db
networks:
- admin-db
- authoritative
ports:
- "80:3031"
admin-db:
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pda
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=******
- POSTGRES_USER=pda
networks:
- admin-db
authoritative:
image: chrisss404/powerdns:latest-authoritative
depends_on:
- authoritative-db
environment:
- AUTHORITATIVE_API=yes
- AUTHORITATIVE_API_KEY=******
- AUTHORITATIVE_WEBSERVER=yes
- AUTHORITATIVE_WEBSERVER_PASSWORD=******
- AUTHORITATIVE_DB_PASS=******
- AUTHORITATIVE_DB_USER=pdns
- AUTHORITATIVE_DB_NAME=pdns
- AUTHORITATIVE_DB_HOST=authoritative-db
networks:
authoritative:
ipv4_address: 172.31.118.118
authoritative-db:
ports:
- "8081:8081/tcp"
authoritative-db:
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pdns
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=******
- POSTGRES_USER=pdns
networks:
- authoritative-db
dnsdist:
image: chrisss404/powerdns:latest-dnsdist
environment:
- DNSDIST_API_KEY=******
- DNSDIST_PLAIN=yes
- DNSDIST_QUIET=no
- DNSDIST_WEBSERVER=yes
- DNSDIST_WEBSERVER_PASSWORD=******
networks:
- recursor
ports:
- "53:53/tcp"
- "53:53/udp"
- "8083:8083/tcp"
recursor:
image: chrisss404/powerdns:latest-recursor
environment:
- RECURSOR_API_KEY=******
- RECURSOR_DNSSEC=validate
- RECURSOR_FORWARD_ZONES=sys=172.31.118.118
- RECURSOR_QUIET=no
- RECURSOR_TRUST_ANCHORS=sys=54970 13 1 27efe1c1a790c3cbb43b947d6d6dfac62507097e
- RECURSOR_WEBSERVER=yes
- RECURSOR_WEBSERVER_PASSWORD=******
sysctls:
- net.ipv6.route.max_size=16384
networks:
recursor:
ipv4_address: 172.31.117.117
authoritative:
ports:
- "8082:8082/tcp"
networks:
admin-db:
authoritative:
ipam:
driver: default
config:
- subnet: "172.31.118.0/24"
authoritative-db:
recursor:
ipam:
driver: default
config:
- subnet: "172.31.117.0/24"
i keep seeing logs like this
Nameserver zeus.domain.fun IPs: 135.531.135.33(915.82ms)
recursor_1 peertube.app.domain.fun: Resolved 'domain.fun' NS zeus.domain.fun to: 135.531.135.33
recursor_1 peertube.app.domain.fun: Trying IP 135.531.135.33:53, asking 'peertube.app.domain.fun|A'
recursor_1 peertube.app.domain.fun: query throttled 135.531.135.33, peertube.app.domain.fun; A
recursor_1 peertube.app.domain.fun: Failed to resolve via any of the 2 offered NS at level 'domain.fun'
recursor_1 peertube.app.domain.fun: failed (res=-1)
recursor_1 QM peertube.app.domain.fun.|A child=app.domain.fun: Step5 End resolve: Server Failure/0
recursor_1 [267/1] answer to question 'peertube.app.domain.fun|A': 0 answers, 1 additional, took 0 packets, 0 netw ms, 0 tot ms, 4 throttled, 0 timeouts, 0 tcp connections, rcode=2, dnssec=Indeterminate
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:44257
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:58791
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:52712
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:38241
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:45096
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:60271
How do i fix this.
Sorry if this is a dumb question
When building and starting private-authoritative.yml
from the README, the admin
container fails with the following error message:
admin | Usage: flask db upgrade [OPTIONS] [REVISION]
admin |
admin | Error: While importing "powerdnsadmin", an ImportError was raised:
admin |
admin | Traceback (most recent call last):
admin | File "/usr/lib/python3.8/site-packages/flask/cli.py", line 240, in locate_app
admin | __import__(module_name)
admin | File "/var/www/pdns-admin/powerdnsadmin/__init__.py", line 8, in <module>
admin | from .lib import utils
admin | File "/var/www/pdns-admin/powerdnsadmin/lib/utils.py", line 4, in <module>
admin | import requests
admin | ModuleNotFoundError: No module named 'requests'
admin |
admin | [2020-10-26 15:38:14 +0000] [1] [INFO] Starting gunicorn 20.0.4
admin | [2020-10-26 15:38:14 +0000] [1] [INFO] Listening at: http://0.0.0.0:3031 (1)
admin | [2020-10-26 15:38:14 +0000] [1] [INFO] Using worker: sync
admin | [2020-10-26 15:38:14 +0000] [7] [INFO] Booting worker with pid: 7
admin | [2020-10-26 15:38:14 +0000] [8] [INFO] Booting worker with pid: 8
admin | [2020-10-26 15:38:14 +0000] [7] [ERROR] Exception in worker process
admin | Traceback (most recent call last):
admin | File "/usr/lib/python3.8/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
admin | worker.init_process()
admin | File "/usr/lib/python3.8/site-packages/gunicorn/workers/base.py", line 119, in init_process
admin | self.load_wsgi()
admin | File "/usr/lib/python3.8/site-packages/gunicorn/workers/base.py", line 144, in load_wsgi
admin | self.wsgi = self.app.wsgi()
admin | File "/usr/lib/python3.8/site-packages/gunicorn/app/base.py", line 67, in wsgi
admin | self.callable = self.load()
admin | File "/usr/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 49, in load
admin | return self.load_wsgiapp()
admin | File "/usr/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 39, in load_wsgiapp
admin | return util.import_app(self.app_uri)
admin | File "/usr/lib/python3.8/site-packages/gunicorn/util.py", line 358, in import_app
admin | mod = importlib.import_module(module)
admin | File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
admin | return _bootstrap._gcd_import(name[level:], package, level)
admin | File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
admin | File "<frozen importlib._bootstrap>", line 991, in _find_and_load
admin | File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
admin | File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
admin | File "<frozen importlib._bootstrap_external>", line 783, in exec_module
admin | File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
admin | File "/var/www/pdns-admin/powerdnsadmin/__init__.py", line 8, in <module>
admin | from .lib import utils
admin | File "/var/www/pdns-admin/powerdnsadmin/lib/utils.py", line 4, in <module>
admin | import requests
admin | ModuleNotFoundError: No module named 'requests'
admin | [2020-10-26 15:38:14 +0000] [7] [INFO] Worker exiting (pid: 7)
[...]
I'm not sure why this happens as the Dockerfile includes a command to install all requirements (https://github.com/chrisss404/powerdns/blob/master/admin/Dockerfile#L29) which include requests
(https://github.com/ngoduykhanh/PowerDNS-Admin/blob/master/requirements.txt#L10).
Interestingly, everything works fine when using chrisss404/powerdns:202005-admin
instead of chrisss404/powerdns:latest-admin
.
Hello sir,
Do I need to mount the blacklist.txt or can I just drop it into /etc/dnsdist/ if I already mounted that?
volumes:
- '/etc/dnsdist:/etc/dnsdist'
(I mount it locally to get it caught in etckeeper..)
hblock -H none -F none --output /etc/dnsdist/blacklist.txt -T '%D'
and reloading dnsdist (using the current latest) seems to still resolve the domain.
I just re-read your docker hub page and not sure how I missed all the great features you have in this image..
Thanks in advance.
hi,
it seems like powerdns-admin wont update to the latest version.
the latest version should self host the fonts and not get them from google fonts anymore but it doesn't do this in your pdns-admin image.
any idea why?
cool project! thank you!
best
paul
hi your project is working great for me its resolving my records without problems now. thank you!
my only problem now is that it doesn't resolve authoritative queries with the AA flag. its just missing.
i can't find out why and how i would set it.
in the faq this can be found but it should still send the AA bit shouldn't it?
https://doc.powerdns.com/authoritative/appendices/FAQ.html#powerdns-does-not-give-authoritative-answers-how-come
best
compose now looks like this
version: '2.1'
services:
admin:
restart: always
image: chrisss404/powerdns:latest-admin
depends_on:
- admin-db
- authoritative
environment:
- ADMIN_PDNS_API_KEY=KEY
- ADMIN_USER_PASSWORD=PASSWORD
networks:
- admin-db
- authoritative
ports:
- "127.0.0.1:85:3031"
admin-db:
restart: always
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pda
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=pda
- POSTGRES_USER=pda
networks:
- admin-db
volumes:
- ./admin-db:/var/lib/postgresql/data
authoritative:
restart: always
image: chrisss404/powerdns:latest-authoritative
depends_on:
- authoritative-db
environment:
- AUTHORITATIVE_API=yes
- AUTHORITATIVE_API_KEY=KEY
ports:
- 127.0.0.1:8081:8081
networks:
authoritative:
ipv4_address: 172.31.118.118
authoritative-db:
authoritative-db:
restart: always
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pdns
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=pdns
- POSTGRES_USER=pdns
networks:
- authoritative-db
volumes:
- ./authoritative-db:/var/lib/postgresql/data
dnsdist:
restart: always
image: chrisss404/powerdns:latest-dnsdist
environment:
- DNSDIST_API_KEY=KEY
- DNSDIST_PLAIN=yes
- DNSDIST_QUIET=no
networks:
recursor:
ipv4_address: 172.31.117.118
ports:
- "53:53/tcp"
- "53:53/udp"
recursor:
restart: always
image: chrisss404/powerdns:latest-recursor
environment:
- RECURSOR_API_KEY=KEY
- RECURSOR_FORWARD_ZONES=sys=172.31.118.118,fdsl.eu=172.31.118.118
- RECURSOR_TRUST_ANCHORS=sys=54970 13 1 27efe1c1a790c3cbb43b947d6d6dfac62507097e,fdsl.eu=38731 13 1 32525245899859e208b00966b0242447ff6b00ee
- RECURSOR_QUIET=yes
- RECURSOR_DNSSEC=validate
sysctls:
- net.ipv6.route.max_size=16384
networks:
recursor:
ipv4_address: 172.31.117.117
authoritative:
networks:
admin-db:
authoritative:
ipam:
driver: default
config:
- subnet: "172.31.118.0/24"
authoritative-db:
recursor:
ipam:
driver: default
config:
- subnet: "172.31.117.0/24"
Grüß dich!
Wollte dir nur ein, zwei Zeilen hinterlassen...
Ist echt schwierig gute DNSDIST Beispiele im Web zu finden, echt genialer Input hier..!
LG
Bernd
Hi, I noticed that in c95814c you removed the master/slave DNS capabilities which you added/extended in ae885b4, because "native replication is easier to setup and maintain".
As I'm not sure how to setup native replication (I have two distinct servers) and I don't find master/slave setup that complicated (I haven't got it to work yet because you disabled it, but I think it'd work) I'd like it if you re-enable the master/slave options. I don't think it hurts anyone if they're available.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.