VMmanager 6: Administrator guide

Integration with PowerDNS

ISPSystem

For some Internet services (e.g. sending email), in virtual machines (VMs) it is necessary to convert IP addresses into domain names. To perform this conversion, you need to configure VMmanager integration with the DNS server.

VMmanager supports integration with PowerDNS. PowerDNS is a high-performance, free, open-source DNS server. Read more about PowerDNS in the official documentation

After the integration, PTR records will be created on the DNS server, converting VM addresses into domain names.

Matching of IP address and reverse domain name


To determine a domain name by IP address, the DNS server uses a PTR record of the reverse domain zone. To execute the request, the node address is converted to the reverse form. The translation method depends on the IP version.

IPv4

IPv4 address is written as four decimal numbers from 0 to 255, separated by dots. E.g., 192.168.0.1. To search for domain names by IPv4 addresses, the domain "in-addr.arpa." is used. The IP address is written in the domain name in reverse order. For example, the address 195.161.72.28 corresponds to the domain name "28.72.161.195.inaddr.arpa.".

IPv6

The IPv6 address is written as eight hexadecimal numbers from 0 to ffff, separated by colons. E.g., 3107:0c38:0a67:0000:0000:e446:3925:0091. To search for domain names by IPv6 addresses, the domain "ip6.arpa." is used. The IP address is written in the domain name in reverse order. For example, the address 3107:0c38:0a67:0000:0000:e446:3925:0091 corresponds to the domain name "1.9.0.0.5.2.9.3.6.4.4.e.0.0.0.0.0.0.0.7.6.a.0.8.3.c.0.7.0.1.3.ip6.arpa".

Configuring integration


PowerDNS configuration

On a server with PowerDNS:

  1. Allow access to the PowerDNS API. To do this, add lines to the configuration file /etc/pdns/pdns.conf:

    api=yes
    api-key=<pdns_api_key> 
    webserver=yes
    webserver-port=<pdns_port>
    webserver-address=0.0.0.0
    webserver-allow-from=0.0.0.0/0

    <pdns_api_key> — PowerDNS API access key. The minimum length is 6 characters.

    <pdns_port> — access port to the built-in PowerDNS web server

    Note

    In the basic configuration PowerDNS uses BIND as the backend. BIND does not support API write requests via HTTP, so it is not suitable for integration setup. To set up the integration, change the backend to Generic Mysql, Generic Postgresql or Generic SQLite3. Read more in the official PowerDNS documentation.

    To find out which backend PowerDNS uses, check the value of the launch parameter in the configuration file /etc/pdns/pdns.conf.

  2. Restart PowerDNS:

    systemctl restart pdns.service

3. Open the web server port in the firewall:

firewall-cmd --permanent --zone=public --add-port=<pdns_port>/tcp && firewall-cmd --reload

<pdns_port> — access port to the built-in PowerDNS web server

Configuration VMmanager via the interface

On the server with VMmanager:

  1. Install a "Integration with PowerDNS" module: SettingsModulesIntegration with PowerDNSInstall.
  2. Press Configure and specify PowerDNS API connection settings:
    1. Domain name or IP address.
    2. Connection Port.
    3. API key. 
    4. Name servers.
  3. Press Apply.

Configuration VMmanager via API

  1. Send data to VMmanager to connect to PowerDNS API:

    curl -d '{"type":"powerdns", "params":{"address":"<pdns_ip>:<pdns_port>", "password":"<pdns_api_key>"}}' -H "Cookie: ses6=<cookie>" -H "Host: instance-1" https://<vmmgr_ip>/dnsproxy/v3/settings/dns

    <pdns_ip>:<pdns_port> — IP address and PowerDNS port

    <pdns_api_key> — PowerDNS API access key

    <cookie> — VMmanager session number. Read more in API guide

    <vmmgr_ip> — IP address or domain name of the server with VMmanager

    If you get the message "Instance is starting now" in response, repeat the command.

  2. Enable the dnsproxy service on the server with VMmanager. This service performs integration with external DNS servers.

    curl -X POST -H "Cookie: ses6=<cookie>" https://<vmmgr_ip>/ip/v3/plugin/dnsproxy/enable

    <cookie> — VMmanager session number

    <vmmgr_ip> — IP address or domain name of the server with VMmanager

3. Start data synchronization with dnsproxy. After that, dnsproxy service will transfer PTR records to PowerDNS:

curl -X POST -H "Cookie: ses6=<cookie>" https://<vmmgr_ip>/ip/v3/ip/dnsproxy/sync

<cookie> — VMmanager session number

<vmmgr_ip> — IP address or domain name of the server with VMmanager

Checking settings

  1. Check that ip6.arpa. and inaddr.arpa. DNS zones are added to PowerDNS:

    curl -v -H 'X-API-Key: <pdns_api_key>' http://<pdns_ip>:<pdns_port>/api/v1/servers/localhost/zones

    <pdns_api_key> — PowerDNS API access key

    <pdns_ip>:<pdns_port> — IP address and PowerDNS port

    If the zones are added successfully, the response should contain information about their settings:

    [{
    "account": "",
    "dnssec": false,
    "id": "ip6.arpa.",
    "kind": "Master",
    "last_check": 0,
    "masters": [],
    "name": "ip6.arpa.",
    "notified_serial": 0,
    "serial": 2020032801,
    "url": "/api/v1/servers/localhost/zones/ip6.arpa."
    },
    {
    "account": "",
    "dnssec": false,
    "id": "in-addr.arpa.",
    "kind": "Master",
    "last_check": 0,
    "masters": [],
    "name": "in-addr.arpa.",
    "notified_serial": 0,
    "serial": 2020032812,
    "url": "/api/v1/servers/localhost/zones/in-addr.arpa."
    }]

  2. Check the creation of DNS records in ip6.arpa. and inaddr.arpa.:

    curl -v -H 'X-API-Key: <pdns_api_key>' http://<pdns_ip>:<pdns_port>/api/v1/servers/localhost/zones/in-addr.arpa.
    curl -v -H 'X-API-Key: <pdns_api_key>' http://<pdns_ip>:<pdns_port>/api/v1/servers/localhost/zones/ip6.arpa.

    <pdns_api_key> — PowerDNS API access key

    <pdns_ip>:<pdns_port> — IP address and PowerDNS port

    The response must contain PTR records for the VMs’ IP addresses.

    {
    "account": "",
    "api_rectify": false,
    "dnssec": false,
    "id": "in-addr.arpa.",
    "kind": "Master",
    "last_check": 0,
    "masters": [],
    "name": "in-addr.arpa.",
    "notified_serial": 0,
    "nsec3narrow": false,
    "nsec3param": "",
    "rrsets": [
    {
    "comments": [],
    "name": "14.250.31.172.in-addr.arpa.",
    "records": [
    {
    "content": "sunshine-ametrine.example.com.",
    "disabled": false
    }
    ],
    "ttl": 3600,
    "type": "PTR"
    },
    {
    "comments": [],
    "name": "0.250.31.172.in-addr.arpa.",
    "records": [
    {
    "content": "subnet.reserved.example.com.",
    "disabled": false
    }
    ],
    "ttl": 3600,
    "type": "PTR"
    },
    ...
    ],
    "serial": 2020032717,
    "soa_edit": "",
    "soa_edit_api": "DEFAULT",
    "url": "/api/v1/servers/localhost/zones/in-addr.arpa."
    }

  3. Check operation of PowerDNS:

    dig -x <IP> @<pdns_ip> +short

    <IP> — IP address of the VM

    <pdns_ip> — IP address of PowerDNS

    The response must contain information about the PTR record for the requested IP address.

Diagnostics


VMmanager integration with PowerDNS is performed by the dnsproxy service. You can check the operation of dnsproxy service via the /var/log/dns_proxy_service_1_writer.log file in the vm_dns_proxy_1 docker container on the server with VMmanager.

To check the DNS zone settings in VMmanager, run the command on the server with VMmanager:

docker exec -it mysql bash -c "mysql isp -p\$MYSQL_ROOT_PASSWORD -e 'select * from dns_proxy_zone;' "
An example of response
*************************** 1. row ***************************
         id: 1
     status: ok
status_info: null
       name: in-addr.arpa
*************************** 2. row ***************************
         id: 2
     status: ok
status_info: null
       name: ip6.arpa
2 rows in set (0.00 sec)

status_info — DNS record status info. The "null" message means that the zone has been added successfully.


To check the DNS records settings in VMmanager, run the command on the server with VMmanager:

docker exec -it mysql bash -c "mysql isp -p\$MYSQL_ROOT_PASSWORD -e 'select * from dns_proxy_record;' "

An example of the command output:

An example of response
*************************** 1. row ***************************
         id: 1
     status: ok
status_info: null
       zone: 1
       name: 172.31.255.254
    content: gateway.reserved.example.com
       type: ptr
*************************** 2. row ***************************
         id: 2
     status: ok
status_info: null
       zone: 1
       name: 172.31.240.0
    content: subnet.reserved.example.com
       type: ptr

status_info — DNS record status info. The "null" message means that the record has been added successfully.

If you have problems configuring the integration:

  1. Disable the dnsproxy service:

    curl -X POST -H "Cookie: ses6=<cookie>" https://<vmmgr_ip>/ip/v3/plugin/dnsproxy/disable

    <cookie> — VMmanager session number

    <vmmgr_ip> — IP address or domain name of the server with VMmanager

  2. Delete the contents of dns_proxy_record and dns_proxy_zone tables:

    docker exec -it mysql bash -c "mysql isp -p\$MYSQL_ROOT_PASSWORD -e 'delete from dns_proxy_record; delete from dns_proxy_zone;' "
  3. Reconfigure the integration.
Thank you for your feedback!
Was the article useful?
Tell us why not:

it does not match the title

it was hard to understand

I didn't find the answer

recommendations from the article did not help

other

Tell us what you didn't like in the article: