Skip to content

PowerDNS

Auth

DNSSEC

Import Zones with DNSSEC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
ACCOUNT=larslehmann
for i in $(ls /tmp/*.txt | grep -o -E "\w+\.\w*");
do
pdnsutil load-zone "$i" "/tmp/$i.txt";

pdnsutil set-account "$i" "$ACCOUNT"
pdnsutil add-record "$i" @ NS ns.lars-lehmann.net;
pdnsutil add-record "$i" @ NS ns.larsl.de;
pdnsutil replace-rrset "$i" @ SOA "ns.lars-lehmann.net. kontakt.lars-lehmann.net. $(date +'%Y%m%d01') 7200 1800 604800 3600"

pdnsutil set-nsec3 "$i" '1 0 1 ab';
pdnsutil secure-zone "$i";
pdnsutil add-record $i @ DNSKEY "$(pdnsutil show-zone $i | grep -P -o '(?<=IN DNSKEY )(.*)(?= ;)')";
pdnsutil show-zone "$i";
done

Enable NSEC3

1
2
3
4
ZONE=example.com
pdnsutil set-nsec3 "$ZONE" '1 0 1 ab'
pdnsutil secure-zone "$ZONE"
pdnsutil show-zone "$ZONE"

MAIL

Set mx.lars-lehmann.net

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
ZONE=example.com
pdnsutil add-record "$ZONE" 2021._domainkey TXT 86400 '"v=DKIM1;h=sha256;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9809nTX34v3ojAp30pxsC7/2lCQeNSzu+IG9Ssc/VSXzRfzuXLvH5k55vBWsA4vRzetvsIpRGZRCbmBpD0Cz5rg8/d0dnP1T1J3H0tlXkdjcyp/BgfgVQFQ6+n7OYEIIVSV5OJsocyKtCzNCKg5wRgN1XmGTMAr2eMiuKEsP2zMf4R5MKSBuuHWTLynISzeRi8jAfqe9HBxh14wPoEZHhKru1g1d798+9B/PD4zcxjQ7IJd57ouTsu+3uOCqcItq1Z9NhaKlSCC8gVrR/86tJ7nymNQtRhy1dRlRw7YxrBe8GquJl7tQmfaenJuFCDrR/XjA+I5hwXlvAJAae2UKkwIDAQAB"'
pdnsutil add-record "$ZONE" autoconfig CNAME 86400 autoconfig.lars-lehmann.net.
pdnsutil add-record "$ZONE" autodiscover CNAME 86400 autodiscover.lars-lehmann.net.
pdnsutil add-record "$ZONE" @ MX 86400 '10 mx.lars-lehmann.net.'
pdnsutil add-record "$ZONE" @ MX 86400 '20 mx.larsl.de.'
pdnsutil add-record "$ZONE" @ TXT 86400 '"v=spf1 include:spf1.lars-lehmann.net -all"'

pdnsutil add-record "$ZONE" _dmarc TXT 86400 '"v=DMARC1; p=reject; fo=1; rua=mailto:mailauth-reports@lars-lehmann.net; ruf=mailto:mailauth-reports@lars-lehmann.net"'
pdnsutil add-record "$ZONE" _autodiscover._tcp SRV 86400 '0 1 443 autodiscover.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _imap._tcp SRV 86400 '0 1 143 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _imaps._tcp SRV 86400 '0 1 993 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _pop3._tcp SRV 86400 '0 1 110 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _pop3s._tcp SRV 86400 '0 1 995 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _sieve._tcp SRV 86400 '0 1 4190 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _smtps._tcp SRV 86400 '0 1 465 mail.lars-lehmann.net.'
pdnsutil add-record "$ZONE" _submission._tcp SRV 86400 '0 1 587 mail.lars-lehmann.net.'

pdnsutil add-record "lars-lehmann.net" $ZONE._report._dmarc TXT 86400 '"v=DMARC1;"'

API

Basic Request

curl -s -H 'X-API-Key: <API-KEY>' https://<PDNS_API_SERVER>/api/v1/servers/localhost | jq

dnsdist

Stats

Host wich cunsume the most Bandwidth 

topBandwidth()

Cients with the most Queries 

topClients()