====== Build and Secure a Public Recursive DNS Server ======

See also **[[networking:linux:powerdns|PowerDNS]]**

See also **[[networking:linux:ssmtp|SSMTP]]**

See also **[[networking:firewall:csf|ConfigServer Security & Firewall (CSF)]]**

See also **[[internet:security:hosts_file|Hosts File]]**

http://www.thatfleminggent.com/2009/08/09/getting-a-powerdns-recursor-up-and-going-fast

http://windowsitpro.com/networking/secure-your-dns-servers

https://kb.isc.org/article/AA-00874/0/Best-Practices-for-those-running-Recursive-Servers.html

http://www.microsoftnow.com/2013/10/hosting-your-public-dns-servers-on-windows-azure.html

===== Install PowerDNS Recursor on Ubuntu Server =====

<file>
apt-get install pdns-recursor
</file>

<file>
vim /etc/powerdns/recursor.conf

allow-from=0.0.0.0/0
etc-hosts-file=/etc/hosts
export-etc-hosts=on
forward-zones=internal.yourdomain.com=10.0.0.20
local-address=127.0.0.1,123.123.123.123
log-common-errors=yes
</file>

:!: With ''export-etc-hosts=on'', we can take advantage of a ''hosts'' file with ad servers.

===== Configure a Mikrotik Router as DNS Client and Caching DNS Server =====

  - Select **IP -> DNS -> Allow Remote Requests**
    - Allows LAN clients behind the Mikrotik to use it as their DNS server
  - Configure the LAN's DHCP server to hand out the Mikrotik's IP address as the DNS server
    - **Mikrotik as DHCP Server** configuration shown here

{{ :internet:dns:mikrotik_caching_dns.png?350 |Mikrotik IP DNS Settings}}

{{ :internet:dns:mikrotik_dhcp_dns.png?650 |Mikrotik DHCP Server Settings}}

<file>
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=dhcp1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
</file>