====== Build and Secure a Public Recursive DNS Server ======
See also **[[networking:linux:powerdns|PowerDNS]]**
See also **[[networking:linux:ssmtp|SSMTP]]**
See also **[[networking:firewall:csf|ConfigServer Security & Firewall (CSF)]]**
See also **[[internet:security:hosts_file|Hosts File]]**
http://www.thatfleminggent.com/2009/08/09/getting-a-powerdns-recursor-up-and-going-fast
http://windowsitpro.com/networking/secure-your-dns-servers
https://kb.isc.org/article/AA-00874/0/Best-Practices-for-those-running-Recursive-Servers.html
http://www.microsoftnow.com/2013/10/hosting-your-public-dns-servers-on-windows-azure.html
===== Install PowerDNS Recursor on Ubuntu Server =====
apt-get install pdns-recursor
vim /etc/powerdns/recursor.conf
allow-from=0.0.0.0/0
etc-hosts-file=/etc/hosts
export-etc-hosts=on
forward-zones=internal.yourdomain.com=10.0.0.20
local-address=127.0.0.1,123.123.123.123
log-common-errors=yes
:!: With ''export-etc-hosts=on'', we can take advantage of a ''hosts'' file with ad servers.
===== Configure a Mikrotik Router as DNS Client and Caching DNS Server =====
- Select **IP -> DNS -> Allow Remote Requests**
- Allows LAN clients behind the Mikrotik to use it as their DNS server
- Configure the LAN's DHCP server to hand out the Mikrotik's IP address as the DNS server
- **Mikrotik as DHCP Server** configuration shown here
{{ :internet:dns:mikrotik_caching_dns.png?350 |Mikrotik IP DNS Settings}}
{{ :internet:dns:mikrotik_dhcp_dns.png?650 |Mikrotik DHCP Server Settings}}
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=dhcp1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1