1.1.0 - ami-0d28e9bb2e71915ff

PowerDNS + PowerDNS-Admin 
 AWS Marketplace AMI 
 A production-ready, self-hosted authoritative DNS server with a powerful web-based management interface. 
 
 Overview 
 This AMI provides a complete DNS hosting solution with: 
 
 
 
 Component 
 Description 
 
 
 
 
 PowerDNS 
 High-performance authoritative DNS server 
 
 
 PowerDNS-Admin 
 Modern web interface for DNS zone management 
 
 
 PostgreSQL 
 Reliable database backend 
 
 
 Docker 
 Containerized deployment for easy updates 
 
 
 
 
 Requirements 
 Instance Size 
 
 
 
 Size 
 vCPU 
 RAM 
 Recommended For 
 
 
 
 
 t3.small 
 2 
 2 GB 
 Development, testing, small deployments 
 
 
 t3.medium 
 2 
 4 GB 
 Production with moderate DNS traffic 
 
 
 t3.large 
 2 
 8 GB 
 High-traffic production environments 
 
 
 
 Minimum : t3.small (2 vCPU, 2 GB RAM) 
 Storage 
 
 
 
 Volume 
 Size 
 Purpose 
 
 
 
 
 Root (EBS) 
 8 GB 
 Operating system and Docker 
 
 
 Data (EBS) 
 10 GB+ 
 DNS data, database, certificates 
 
 
 
 Important : Attach a separate EBS volume for persistent data storage. This ensures your DNS zones and configuration survive instance replacement. 
 Network (Security Group) 
 
 
 
 Port 
 Protocol 
 Purpose 
 
 
 
 
 22 
 TCP 
 SSH access 
 
 
 53 
 TCP/UDP 
 DNS queries 
 
 
 80 
 TCP 
 HTTP (Let's Encrypt validation or HTTPS mode) 
 
 
 443 
 TCP 
 HTTPS (if enabled) 
 
 
 8081 
 TCP 
 PowerDNS API (restrict to trusted IPs) 
 
 
 9191 
 TCP 
 PowerDNS-Admin web UI (HTTP mode only) 
 
 
 
 
 Quick Start 
 Step 1: Launch and Configure 
 
 
 Launch the instance with an attached EBS volume for data 
 
 
 Connect via SSH : 
 ssh -i your-key.pem ubuntu@your-instance-ip
 
 
 
 Run the configuration script : 
 sudo /opt/powerdns/configure-powerdns.sh
 
 
 
 Follow the prompts to configure: 
 
 Domain or IP address 
 HTTPS with Let's Encrypt (optional, requires domain) 
 
 
 
 Step 2: Create Admin Account 
 
 
 Open PowerDNS-Admin in your browser: 
 
 HTTP mode: http://YOUR-IP:9191 
 HTTPS mode: https://YOUR-DOMAIN 
 
 
 
 Click "Create an account" to register your admin user 
 
 
 Log in with your new credentials 
 
 
 Step 3: Connect to PowerDNS API 
 
 
 Go to Settings > PDNS 
 
 
 Configure the following: 
 
 
 
 Setting 
 Value 
 
 
 
 
 PowerDNS API URL 
 http://powerdns:8081 
 
 
 PowerDNS API Key 
 (shown after configuration, see below) 
 
 
 PowerDNS Version 
 4.1.1 
 
 
 
 
 
 Click Save Settings 
 
 
 Finding Your API Key 
 The API key is displayed after running the configuration script. You can also retrieve it anytime: 
 sudo cat /opt/powerdns/.credentials
 
 
 Automated Configuration (User-Data) 
 For automated deployments, launch with JSON user-data: 
 {
 "host": "dns.example.com",
 "https": true,
 "letsencrypt_email": "admin@example.com"
}
 
 Parameters : 
 
 
 
 Parameter 
 Required 
 Default 
 Description 
 
 
 
 
 host 
 No 
 Public IP 
 Domain or IP for web interface 
 
 
 https 
 No 
 false 
 Enable Let's Encrypt SSL 
 
 
 letsencrypt_email 
 If https=true 
 - 
 Email for SSL certificates 
 
 
 
 After automated setup, create your admin account through the web UI and configure the API connection as described above. 
 
 Management Commands 
 Use the powerdns-cli command for day-to-day management: 
 # Check service status
powerdns-cli status

# View logs
powerdns-cli logs # All services
powerdns-cli logs powerdns # PowerDNS only
powerdns-cli logs powerdns-admin # Admin interface only

# Service control
sudo powerdns-cli start
sudo powerdns-cli stop
sudo powerdns-cli restart

# View configuration and credentials
powerdns-cli info
sudo powerdns-cli credentials

# Update to latest versions
sudo powerdns-cli update

# Backup and restore
sudo powerdns-cli backup
sudo powerdns-cli restore /path/to/backup.tar.gz

# Testing
powerdns-cli dns-test
powerdns-cli api-test
powerdns-cli zones
powerdns-cli version
 
 
 Using PowerDNS-Admin 
 Creating DNS Zones 
 
 Click Create Zone in the left menu 
 Enter the domain name (e.g., example.com ) 
 Select zone type:
 
 Native : Standard authoritative zone 
 Master : Primary server for zone transfers 
 Slave : Secondary server receiving transfers 
 
 
 Click Create 
 
 Adding DNS Records 
 
 Select a domain from the dashboard 
 Click Add Record 
 Choose record type (A, AAAA, CNAME, MX, TXT, SRV, CAA, etc.) 
 Enter name, content, and TTL 
 Click Save 
 
 User Management 
 
 Go to Users in the left menu 
 Create additional user accounts as needed 
 Assign appropriate permissions 
 
 
 HTTPS Setup 
 With Let's Encrypt (Recommended for Production) 
 During configuration, enter a domain name (not IP) and choose to enable HTTPS: 
 Requirements : 
 
 Domain must point to this server's IP before configuration 
 Ports 80 and 443 must be accessible from the internet 
 Provide a valid email for certificate notifications 
 
 Certificates renew automatically every 60 days. 
 Without HTTPS 
 When using an IP address or declining HTTPS, the web interface runs on port 9191 over HTTP. This is suitable for: 
 
 Internal/private networks 
 Development and testing 
 Deployments behind a separate load balancer or proxy 
 
 
 Data Storage 
 Location 
 All persistent data is stored on the EBS volume at /mnt/powerdns-data/ : 
 
 
 
 Directory 
 Contents 
 
 
 
 
 postgres/ 
 PostgreSQL database files 
 
 
 pdns/ 
 PowerDNS configuration file 
 
 
 certs/ 
 SSL certificates (if HTTPS enabled) 
 
 
 acme/ 
 Let's Encrypt account data 
 
 
 
 Backup Strategy 
 Create backup : 
 sudo powerdns-cli backup
 
 Download backup : 
 scp ubuntu@your-server:/tmp/powerdns-backup-*.tar.gz .
 
 Restore from backup : 
 sudo powerdns-cli restore /path/to/backup.tar.gz
 
 EBS Recommendations 
 
 Use gp3 volume type for best performance/cost ratio 
 Enable encryption for data at rest 
 Create regular EBS snapshots for disaster recovery 
 Size appropriately: 10-20 GB for most deployments 
 
 
 Troubleshooting 
 Cannot Create Zone (HTTP 400 Error) 
 Verify the API connection in Settings > PDNS: 
 
 API URL must be http://powerdns:8081 (container name, not IP) 
 API Key must match the one from credentials file 
 Version must be 4.1.1 
 
 Services Not Starting 
 powerdns-cli status
powerdns-cli logs
sudo powerdns-cli restart
 
 DNS Not Resolving 
 # Test DNS server
powerdns-cli dns-test

# Check if port 53 is listening
sudo ss -ulnp | grep 53

# Verify zones exist
powerdns-cli zones
 
 API Connection Failed 
 # Test API directly
powerdns-cli api-test

# View API key
sudo cat /opt/powerdns/.credentials | grep "API Key"

# Check PowerDNS logs
docker logs powerdns
 
 
 Security Recommendations 
 
 Restrict port 8081 (API) to trusted IPs in your Security Group 
 Use strong passwords for your admin account (minimum 12 characters) 
 Enable HTTPS for production deployments 
 Regular updates : Run sudo powerdns-cli update periodically 
 Backup regularly : Use EBS snapshots and powerdns-cli backup 
 Monitor logs : Check for suspicious DNS queries or API access 
 
 
 Configuration Files 
 
 
 
 File 
 Purpose 
 
 
 
 
 /opt/powerdns/docker-compose.yml 
 Container configuration 
 
 
 /mnt/powerdns-data/pdns/pdns.conf 
 PowerDNS server configuration 
 
 
 /opt/powerdns/.credentials 
 Saved API key and database password 
 
 
 /opt/powerdns/config-info.txt 
 Quick reference URLs 
 
 
 
 
 Version Information 
 
 
 
 Component 
 Version 
 
 
 
 
 PowerDNS 
 4.9.x (API version 4.1.1) 
 
 
 PowerDNS-Admin 
 Latest 
 
 
 PostgreSQL 
 15 
 
 
 Ubuntu 
 24.04 LTS 
 
 
 
 Check current versions: 
 powerdns-cli version