PowerDNS Authoritative
This playbook deploys PowerDNS authoritative server on existing anycast worker nodes for globally distributed DNS with BGP anycast routing. Every node serves the same zones, and DNS queries are automatically routed to the nearest PoP.
Playbook Repository
git clone https://github.com/netactuate/netactuate-ansible-pdns
Configuration
group_vars/all
| Variable | Type | Default | Description |
|---|---|---|---|
pdns_db_name | string | pdns | MariaDB database name |
pdns_db_user | string | pdns | MariaDB user |
pdns_db_password | string | required | MariaDB password |
pdns_api_key | string | required | PowerDNS API key |
pdns_admin_email | string | required | SOA contact email |
pdns_anycast_ip | string | required | Anycast IP for DNS |
Security: Never commit
pdns_db_passwordorpdns_api_keyin plaintext. Use ansible-vault for production deployments:ansible-vault encrypt_string 'yourpassword' --name 'pdns_db_password'
Ubuntu 24.04 Notes
The playbook handles two Ubuntu 24.04 specifics automatically:
- systemd-resolved holds port 53 by default. The playbook stops and disables systemd-resolved before installing PowerDNS and creates a static
/etc/resolv.conf. - pdns-server installs a default bind backend in
/etc/powerdns/pdns.d/that conflicts with the MySQL backend. The playbook removes these default configs before deploying its own.
Deployment
ansible-playbook pdns-auth.yaml
Validation
dig @YOUR_ANYCAST_IP version.bind chaos txt
A successful response shows the PowerDNS version string. To manage zones after deployment, use pdnsutil on any node or the PowerDNS API on port 8081.
Need Help?
If you need assistance deploying PowerDNS, visit our support page.