chrisss404 / powerdns Goto Github PK

PowerDNS dnsdist, recursor, authoritative, and admin interface. Supports DNSCrypt, DoH, and DoT.

Home Page: https://hub.docker.com/r/chrisss404/powerdns

License: MIT License

Dockerfile 41.76% Shell 53.20% Python 5.04%

authoritative dns dns-over-https dns-over-tls dnscrypt dnsdist powerdns powerdns-admin powerdns-authoritative powerdns-dnsdist powerdns-recursor recursor

powerdns's People

Contributors

Stargazers

Watchers

Forkers

yanchii nthien fork-for-review hikikou jampajeen websda zoonderkins adampielak hugmatj power-dns themeier gunzy83 nibblegap gromr1 marcosoleniuk ksangan81 power-dns hpcmtint

powerdns's Issues

Allow TZ environment variable to set timezone

It would be nice to be able to change timezone using env vars.

    environment:
      - TZ=America/Argentina/Buenos_Aires

Outgoing DNS over HTTPS.. not available.

Using chrisss404/powerdns:1.7.0-dnsdist

Caught exception: Outgoing DNS over HTTPS support requested (via 'dohPath' on newServer()) but nghttp2 support is not available

Using this config..

addLocal('127.0.0.1:53',{doTCP=true, reusePort=true})
addACL('127.0.0.0/8')

pc = newPacketCache(4096)      
getPool(""):setCache(pc)
setServerPolicy(leastOutstanding)

newServer({address="9.9.9.9:853", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, name="dot-quad9"})

newServer({address="9.9.9.9:443", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, dohPath="/dns-query", name="doh-quad9"})

version: '3.7'
services:

  dnsdist:
    container_name: dnsdist-chriss404
    restart: unless-stopped
    volumes:
      - '/etc/dnsdist:/etc/dnsdist'
    network_mode: host
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "5"
        compress: "true"
    ulimits:
      nofile:
        soft: 65535
        hard: 65535
    image: 'chrisss404/powerdns:1.7.0-dnsdist'
    tty: true
    stdin_open: true

chrisss404/powerdns:latest-dnsdist is failing

Can you help with that error (exit 127):

Error loading shared library liblmdb.so.0: No such file or directory (needed by /usr/bin/dnsdist)
Error relocating /usr/bin/dnsdist: mdb_env_create: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_commit: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_begin: symbol not found
Error relocating /usr/bin/dnsdist: mdb_drop: symbol not found
Error relocating /usr/bin/dnsdist: mdb_dbi_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_get_flags: symbol not found
Error relocating /usr/bin/dnsdist: mdb_get: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_mapsize: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_maxdbs: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_abort: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_strerror: symbol not found

Recursor status is down

Using the example Private Authoritative Server I get the down status of recursor in webui dnsdist, and there is also an entry a.root-servers.net/A in the table Servfail domain in webui recursor.

If I do as written here #10 (comment) then the recursor will start working

My goal:
I have two windows server DNS servers DC1 and DC2 and I want to add forwarding to pdns to receive static records added through admin webui

password authentication failed for user "pdns" and "pda"

i am trying to run the default config private-authoritative.yml from the readme
and this is what i get

authoritative-db_1  | 2021-04-04 18:31:33.562 UTC [42] FATAL:  password authentication failed for user "pdns"
authoritative-db_1  | 2021-04-04 18:31:33.562 UTC [42] DETAIL:  Password does not match for user "pdns".
authoritative-db_1  |   Connection matched pg_hba.conf line 95: "host all all all md5"
authoritative_1     | Waiting for connection to postgres db
admin-db_1          | 2021-04-04 18:31:33.824 UTC [42] FATAL:  password authentication failed for user "pda"
admin-db_1          | 2021-04-04 18:31:33.824 UTC [42] DETAIL:  Password does not match for user "pda".
admin-db_1          |   Connection matched pg_hba.conf line 95: "host all all all md5"
admin_1             | Waiting for connection to postgres db

Domain not resolving ?

i was running pdns without docker fine with only one server and one public ip
but using docker my domain wont propagate

this is my config

version: '2.1'

services:

  admin:
    image: chrisss404/powerdns:latest-admin
    depends_on:
      - admin-db
      - authoritative
    environment:
      - ADMIN_PDNS_API_KEY=******
      - ADMIN_USER_PASSWORD=******
      - ADMIN_DB_PASS=******
      - ADMIN_DB_USER=pda
      - ADMIN_DB_NAME=pda
      - ADMIN_DB_HOST=admin-db
    networks:
      - admin-db
      - authoritative
    ports:
      - "80:3031"

  admin-db:
    image: postgres:12.1-alpine
    environment:
      - POSTGRES_DB=pda
      - POSTGRES_INITDB_ARGS=--data-checksums
      - POSTGRES_PASSWORD=******
      - POSTGRES_USER=pda
    networks:
      - admin-db

  authoritative:
    image: chrisss404/powerdns:latest-authoritative
    depends_on:
      - authoritative-db
    environment:
      - AUTHORITATIVE_API=yes
      - AUTHORITATIVE_API_KEY=******
      - AUTHORITATIVE_WEBSERVER=yes
      - AUTHORITATIVE_WEBSERVER_PASSWORD=******
      - AUTHORITATIVE_DB_PASS=******
      - AUTHORITATIVE_DB_USER=pdns
      - AUTHORITATIVE_DB_NAME=pdns
      - AUTHORITATIVE_DB_HOST=authoritative-db
    networks:
      authoritative:
        ipv4_address: 172.31.118.118
      authoritative-db:
    ports:
      - "8081:8081/tcp"

  authoritative-db:
    image: postgres:12.1-alpine
    environment:
      - POSTGRES_DB=pdns
      - POSTGRES_INITDB_ARGS=--data-checksums
      - POSTGRES_PASSWORD=******
      - POSTGRES_USER=pdns
    networks:
      - authoritative-db

  dnsdist:
    image: chrisss404/powerdns:latest-dnsdist
    environment:
      - DNSDIST_API_KEY=******
      - DNSDIST_PLAIN=yes
      - DNSDIST_QUIET=no
      - DNSDIST_WEBSERVER=yes
      - DNSDIST_WEBSERVER_PASSWORD=******
    networks:
      - recursor
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8083:8083/tcp"

  recursor:
    image: chrisss404/powerdns:latest-recursor
    environment:
      - RECURSOR_API_KEY=******
      - RECURSOR_DNSSEC=validate
      - RECURSOR_FORWARD_ZONES=sys=172.31.118.118
      - RECURSOR_QUIET=no
      - RECURSOR_TRUST_ANCHORS=sys=54970 13 1 27efe1c1a790c3cbb43b947d6d6dfac62507097e
      - RECURSOR_WEBSERVER=yes
      - RECURSOR_WEBSERVER_PASSWORD=******
    sysctls:
      - net.ipv6.route.max_size=16384
    networks:
      recursor:
        ipv4_address: 172.31.117.117
      authoritative:
    ports:
      - "8082:8082/tcp"

networks:
  admin-db:
  authoritative:
    ipam:
      driver: default
      config:
        - subnet: "172.31.118.0/24"
  authoritative-db:
  recursor:
    ipam:
      driver: default
      config:
        - subnet: "172.31.117.0/24"

i keep seeing logs like this

Nameserver zeus.domain.fun IPs: 135.531.135.33(915.82ms)
recursor_1 peertube.app.domain.fun: Resolved 'domain.fun' NS zeus.domain.fun to: 135.531.135.33
recursor_1 peertube.app.domain.fun: Trying IP 135.531.135.33:53, asking 'peertube.app.domain.fun|A'
recursor_1 peertube.app.domain.fun: query throttled 135.531.135.33, peertube.app.domain.fun; A
recursor_1 peertube.app.domain.fun: Failed to resolve via any of the 2 offered NS at level 'domain.fun'
recursor_1 peertube.app.domain.fun: failed (res=-1)
recursor_1 QM peertube.app.domain.fun.|A child=app.domain.fun: Step5 End resolve: Server Failure/0
recursor_1 [267/1] answer to question 'peertube.app.domain.fun|A': 0 answers, 1 additional, took 0 packets, 0 netw ms, 0 tot ms, 4 throttled, 0 timeouts, 0 tcp connections, rcode=2, dnssec=Indeterminate
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:44257
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:58791
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:52712
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:38241
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:45096
recursor_1 question answered from packet cache tag=0 from 172.31.117.2:60271

How do i fix this.
Sorry if this is a dumb question

latest-admin fails with `No module named 'requests'`

When building and starting private-authoritative.yml from the README, the admin container fails with the following error message:

admin               | Usage: flask db upgrade [OPTIONS] [REVISION]
admin               |
admin               | Error: While importing "powerdnsadmin", an ImportError was raised:
admin               |
admin               | Traceback (most recent call last):
admin               |   File "/usr/lib/python3.8/site-packages/flask/cli.py", line 240, in locate_app
admin               |     __import__(module_name)
admin               |   File "/var/www/pdns-admin/powerdnsadmin/__init__.py", line 8, in <module>
admin               |     from .lib import utils
admin               |   File "/var/www/pdns-admin/powerdnsadmin/lib/utils.py", line 4, in <module>
admin               |     import requests
admin               | ModuleNotFoundError: No module named 'requests'
admin               |
admin               | [2020-10-26 15:38:14 +0000] [1] [INFO] Starting gunicorn 20.0.4
admin               | [2020-10-26 15:38:14 +0000] [1] [INFO] Listening at: http://0.0.0.0:3031 (1)
admin               | [2020-10-26 15:38:14 +0000] [1] [INFO] Using worker: sync
admin               | [2020-10-26 15:38:14 +0000] [7] [INFO] Booting worker with pid: 7
admin               | [2020-10-26 15:38:14 +0000] [8] [INFO] Booting worker with pid: 8
admin               | [2020-10-26 15:38:14 +0000] [7] [ERROR] Exception in worker process
admin               | Traceback (most recent call last):
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
admin               |     worker.init_process()
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/workers/base.py", line 119, in init_process
admin               |     self.load_wsgi()
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/workers/base.py", line 144, in load_wsgi
admin               |     self.wsgi = self.app.wsgi()
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/app/base.py", line 67, in wsgi
admin               |     self.callable = self.load()
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 49, in load
admin               |     return self.load_wsgiapp()
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 39, in load_wsgiapp
admin               |     return util.import_app(self.app_uri)
admin               |   File "/usr/lib/python3.8/site-packages/gunicorn/util.py", line 358, in import_app
admin               |     mod = importlib.import_module(module)
admin               |   File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
admin               |     return _bootstrap._gcd_import(name[level:], package, level)
admin               |   File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
admin               |   File "<frozen importlib._bootstrap>", line 991, in _find_and_load
admin               |   File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
admin               |   File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
admin               |   File "<frozen importlib._bootstrap_external>", line 783, in exec_module
admin               |   File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
admin               |   File "/var/www/pdns-admin/powerdnsadmin/__init__.py", line 8, in <module>
admin               |     from .lib import utils
admin               |   File "/var/www/pdns-admin/powerdnsadmin/lib/utils.py", line 4, in <module>
admin               |     import requests
admin               | ModuleNotFoundError: No module named 'requests'
admin               | [2020-10-26 15:38:14 +0000] [7] [INFO] Worker exiting (pid: 7)
[...]

I'm not sure why this happens as the Dockerfile includes a command to install all requirements (https://github.com/chrisss404/powerdns/blob/master/admin/Dockerfile#L29) which include requests (https://github.com/ngoduykhanh/PowerDNS-Admin/blob/master/requirements.txt#L10).

Interestingly, everything works fine when using chrisss404/powerdns:202005-admin instead of chrisss404/powerdns:latest-admin.

blacklist.txt

Hello sir,

Do I need to mount the blacklist.txt or can I just drop it into /etc/dnsdist/ if I already mounted that?

volumes:
- '/etc/dnsdist:/etc/dnsdist'

(I mount it locally to get it caught in etckeeper..)

hblock -H none -F none --output /etc/dnsdist/blacklist.txt -T '%D'

and reloading dnsdist (using the current latest) seems to still resolve the domain.

I just re-read your docker hub page and not sure how I missed all the great features you have in this image..

Thanks in advance.

powerdns-admin wont update to latest version

hi,
it seems like powerdns-admin wont update to the latest version.
the latest version should self host the fonts and not get them from google fonts anymore but it doesn't do this in your pdns-admin image.
any idea why?
cool project! thank you!
best
paul

powerdns doesn't resolve with the AA flag

hi your project is working great for me its resolving my records without problems now. thank you!

my only problem now is that it doesn't resolve authoritative queries with the AA flag. its just missing.
i can't find out why and how i would set it.

in the faq this can be found but it should still send the AA bit shouldn't it?
https://doc.powerdns.com/authoritative/appendices/FAQ.html#powerdns-does-not-give-authoritative-answers-how-come

best

compose now looks like this

version: '2.1'

services:

admin:
restart: always
image: chrisss404/powerdns:latest-admin
depends_on:
- admin-db
- authoritative
environment:
- ADMIN_PDNS_API_KEY=KEY
- ADMIN_USER_PASSWORD=PASSWORD
networks:
- admin-db
- authoritative
ports:
- "127.0.0.1:85:3031"
admin-db:
restart: always
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pda
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=pda
- POSTGRES_USER=pda
networks:
- admin-db
volumes:
- ./admin-db:/var/lib/postgresql/data

authoritative:
restart: always
image: chrisss404/powerdns:latest-authoritative
depends_on:
- authoritative-db
environment:
- AUTHORITATIVE_API=yes
- AUTHORITATIVE_API_KEY=KEY
ports:
- 127.0.0.1:8081:8081
networks:
authoritative:
ipv4_address: 172.31.118.118
authoritative-db:

authoritative-db:
restart: always
image: postgres:12.1-alpine
environment:
- POSTGRES_DB=pdns
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_PASSWORD=pdns
- POSTGRES_USER=pdns
networks:
- authoritative-db
volumes:
- ./authoritative-db:/var/lib/postgresql/data

dnsdist:
restart: always
image: chrisss404/powerdns:latest-dnsdist
environment:
- DNSDIST_API_KEY=KEY
- DNSDIST_PLAIN=yes
- DNSDIST_QUIET=no
networks:
recursor:
ipv4_address: 172.31.117.118
ports:
- "53:53/tcp"
- "53:53/udp"
recursor:
restart: always
image: chrisss404/powerdns:latest-recursor
environment:
- RECURSOR_API_KEY=KEY
- RECURSOR_FORWARD_ZONES=sys=172.31.118.118,fdsl.eu=172.31.118.118
- RECURSOR_TRUST_ANCHORS=sys=54970 13 1 27efe1c1a790c3cbb43b947d6d6dfac62507097e,fdsl.eu=38731 13 1 32525245899859e208b00966b0242447ff6b00ee
- RECURSOR_QUIET=yes
- RECURSOR_DNSSEC=validate
sysctls:
- net.ipv6.route.max_size=16384
networks:
recursor:
ipv4_address: 172.31.117.117
authoritative:

networks:
admin-db:
authoritative:
ipam:
driver: default
config:
- subnet: "172.31.118.0/24"
authoritative-db:
recursor:
ipam:
driver: default
config:
- subnet: "172.31.117.0/24"

Danke

Grüß dich!
Wollte dir nur ein, zwei Zeilen hinterlassen...
Ist echt schwierig gute DNSDIST Beispiele im Web zu finden, echt genialer Input hier..!
LG
Bernd

Re-enable master/slave DNS

Hi, I noticed that in c95814c you removed the master/slave DNS capabilities which you added/extended in ae885b4, because "native replication is easier to setup and maintain".

As I'm not sure how to setup native replication (I have two distinct servers) and I don't find master/slave setup that complicated (I haven't got it to work yet because you disabled it, but I think it'd work) I'd like it if you re-enable the master/slave options. I don't think it hurts anyone if they're available.