Using PowerDNS with Gandi Live DNS to enhance resilience

Using PowerDNS with Gandi Live DNS to enhance resilience

Recently I wrote about using Gandi LiveDNS. Another feature available is to use your own DNS server to slave Gandi's DNS for extra resilience. This guide explains how to do it.
Using PowerDNS with Gandi Live DNS to enhance resilience
This guide assumes you have a working PowerDNS installation. If you don't this guide will get you started.

Run the following command from the terminal, making sure you use your API key where required:

curl -XPOST -H"X-Api-Key: YOUR-API-KEY"

This command will output a record:

{"key_name": "", "secret": "0ghpfTvSgQ+n3sb56y1Wc4TydiCLBiunLmsy2LtSTqU3MQ5KaMsxbShPoyyzORC8grAE8++CAYPPGRnf+YylIg==", "uuid": "85e7b6e3-4553-479b-b968-cd0c77143802", "axfr_tsig_url": ""}

Look for the key name before the, in this example:

Use this to tie the key with the secret to the domain you wish to use:

curl -H"X-Api-Key: $YOUR-API-KEY" \ -XPUT

On your PowerDNS server import the key copying the full key_name and the secret from the key you produced earlier. Using the above as an example you would run:

sudo pdnsutil import-tsig-key hmac-sha512 '0ghpfTvSgQ+n3sb56y1Wc4TydiCLBiunLmsy2LtSTqU3MQ5KaMsxbShPoyyzORC8grAE8++CAYPPGRnf+YylIg=='

For example:

curl -H"X-Api-Key: $APIKEY" \ -XPUT

You can tie the key to multiple domains in your account.

Now we need to add your PowerDNS server IP address(es) to Gandi, you can use v4 or v6 addresses:

for host in YOUR-IP-Address-HERE ANOTHER-IP-HERE; do curl -H"X-Api-Key: $APIKEY" \ -XPUT$host ; done

Finally we need to run the following commands on your PowerDNS server to complete the setup.

sudo pdnsutil create-slave-zone YOUR-DOMAIN-HERE 2001:4b98:dc2:90::cafe:53 2001:4b98:d:1::cafe:53

and then:

pdnsutil activate-tsig-key YOUR-DOMAIN-HERE slave

Finally add the nameserver to your domain using your Gandi control panel:


All done! Gandi will now slave the zone to your name server as a backup.