in DNS, Wheezy

Install and configure PowerDNS with geo backend (CDN/geographic DNS blancing)

The Geo backend can be used to distribute queries globally using an IP-address/country mapping table, several of which are freely available online or can be acquired for a small fee.

This allows visitors to be sent to a server close to them, with no appreciable delay, as would otherwise be incurred with a protocol level redirect. Additionally, the Geo backend can be used to provide service over several clusters, any of which can be taken out of use easily, for example for maintenance purposes.

The Geo backend is in wide use, for example by the Wikimedia foundation, which uses it to power the Wikipedia global load balancing.

This tutorial has been tested on Debian 7.x (wheezy).

1. Install PowerDNS server and the Geo backend

apt-get install pdns-server pdns-backend-geo

2. Disable package and query caching PowerDNS (pico /etc/powerdns/pdns.conf)

Add these lines or modify if they already exist in the config file:

cache-ttl=0
query-cache-ttl=0

By default PowerDNS caches both queries to backend and packages sent out to clients to increase speed. When using the Geo backend, this will cause issues because packages sent to clients will vary based on their location.

3. Create a directory to store ip to country mappings

mkdir -p /usr/local/etc/powerdns

4. Install rsync which is used to receive ip to country mappings

apt-get install rsync

5. Manually receive the latest ip to country mappings. I’m using rsync.blitzed.org but there are more providers available.

rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd /usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd

6. Configure automatic update of the ip to country mappings every week (optional)

crontab -l | { cat; echo "0 0 1 * * rsync -qt rsync://rsync.blitzed.org/countries/zz.countries.nerd.dk.rbldnsd \
/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd && \
/usr/bin/pdns_control rediscover > /dev/null"; } | crontab -

7. Create a config file for the geo backend

cat > /etc/powerdns/pdns.d/pdns.geo <<EOF
geo-zone=geo.example.org
geo-soa-values=ns1.example.org,hostmaster.example.org
geo-ns-records=ns1.example.org,ns2.example.org
geo-ttl=3600
geo-ns-ttl=86400
geo-ip-map-zonefile=/usr/local/etc/powerdns/zz.countries.nerd.dk.rbldnsd
geo-maps=/etc/powerdns/geo-maps
EOF
 

You’ll have to change example.org to your domain, set the correct name servers and choose the hostname (in this example I’m using geo.example.org which will be used to resolve to different IP addresses based on the client performing the DNS lookup).

8. Set up a simple bind zone file for example.org (In this example I’m using the bind backend but other backends can be used aswell)

If you don’t already have bind zones configured, create a directory to contain the zones:

mkdir -p /etc/powerdns/bind

Create the zone file used for our geo experiment:

cat > /etc/powerdns/bind/example.org.zone <<EOF
\$ORIGIN example.org.
\$TTL 86400
@ IN SOA ns1.example.org. hostmaster.example.org. 2014112600 86400 7200 3600000 172800
@ NS ns1.example.org.
@ NS ns2.example.org.
de A 192.168.1.1
uk A 192.168.2.1
us A 192.168.3.1
EOF
 

You will need to change example.org to your domain and adjust the zone file to your domain and name servers. Please note that the $ signs are escaped to work with the cat command. If you copy these lines to your config file, make sure you remove the \ signs and EOF. Here I’ve created three A records which will be used by the geo backend to return correct IP addresses based on the user’s location.

9. Append the new bind zone to the bindbackend config

echo "zone \"example.org\" {
type master;
file \"/etc/powerdns/bind/example.org.zone\";
allow-update { none; };
};
" >> /etc/powerdns/bindbackend.conf
 

10. Create geo map file for geo.example.org (this is where you configure which location resolve to which IP address)

Create a folder that will contain geo maps:

mkdir -p /etc/powerdns/geo-maps

Create the map file for geo.example.org:

cat > /etc/powerdns/geo-maps/geo.example.org <<EOF
\$RECORD geo.example.org.
\$ORIGIN example.org.
0 de
826 uk
840 us
EOF
 

Here we’ll put all the geo rules. The first number is either 0 for default or a ISO-3166 country code. The second entry in each line is the host relative to the zone being used (for example, if the user is located in UK and queries the DNS for geo.example.org, the geo backend will tell the client that geo.example.org is an alias of uk.example.org. uk.example.org will return the IP address 192.168.2.1 as configured in the bind zone created earlier.

11. Enable the bind and geo backends (pico /etc/powerdns/pdns.conf)

launch=bind,geo

12. Remove the launch parameters from other backends, with a clean install of PowerDNS we need to remove the launch line from /etc/powerdns/pdns.d/pdns.simplebind (pico /etc/powerdns/pdns.d/pdns.simplebind)

#launch=bind

13. Restart PowerDNS

/etc/init.d/pdns restart

14. Test from different locations using:

host geo.example.org localhost

Replace example.org with the domain you want to use

This will give you results similar to these:


Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
 
geo.example.org is an alias for de.example.org.
de.example.org has address 192.168.1.1

Write a Comment

Comment