Getting started¶

The easiest way try out Lightning Stream with the PowerDNS Authoritative server is through the Docker Compose demo in the Lightning Stream GitHub repository.

For manual installation instructions, please check this section.

Docker Compose demo¶

The Lightning Stream repository contains a Docker Compose demo of Lightning Stream running alongside the PowerDNS Authoritative server, to sync the LMDB backend data.

Warning

This demo does NOT handle schema migrations between different versions of PowerDNS Authoritative server. It is NOT suitable for production use!

The compose setup runs two read-write DNS servers, each with their own syncer, syncing to a bucket in a MinIO server. Additionally, a third server has Lightning Stream running in receive-only mode.

The Lightning Stream config used can be found in docker/pdns/lightningstream.yaml. Note that the config file contents can reference environment variables.

To get it up and running:

docker-compose up -d

You may need to rerun this command once, because of a race condition when creating the LMDBs.

To see the services:

docker-compose ps

This should show output like:

NAME                      IMAGE                   SERVICE   PORTS
lightningstream-auth1-1   powerdns/pdns-auth-48   auth1     127.0.0.1:4751->53/tcp, 127.0.0.1:4751->53/udp, 127.0.0.1:4781->8081/tcp
lightningstream-auth2-1   powerdns/pdns-auth-48   auth2     127.0.0.1:4752->53/tcp, 127.0.0.1:4752->53/udp, 127.0.0.1:4782->8081/tcp
lightningstream-auth3-1   powerdns/pdns-auth-48   auth3     127.0.0.1:4753->53/tcp, 127.0.0.1:4753->53/udp, 127.0.0.1:4783->8081/tcp
lightningstream-minio-1   minio/minio             minio     127.0.0.1:4730->9000/tcp, 127.0.0.1:4731->9001/tcp
lightningstream-sync1-1   lightningstream-sync1   sync1     127.0.0.1:4791->8500/tcp
lightningstream-sync2-1   lightningstream-sync2   sync2     127.0.0.1:4792->8500/tcp
lightningstream-sync3-1   lightningstream-sync3   sync3     127.0.0.1:4793->8500/tcp

Open a new terminal to see all the logs, to get a feeling of how and when Lightning Stream syncs data:

docker-compose logs

Then, in another terminal, call these convenience scripts, with a delay between them to allow for syncing between instances:

docker/pdns/pdnsutil -i 1 create-zone example.org
docker/pdns/pdnsutil -i 1 secure-zone example.org
docker/pdns/pdnsutil -i 1 set-meta example.org foo bar
docker/pdns/pdnsutil -i 2 generate-tsig-key example123 hmac-sha512
docker/pdns/pdnsutil -i 1 add-record example.org www A 60 192.0.2.3

sleep 2

docker/pdns/curl-api -i 2 /api/v1/servers/localhost/zones/example.org
docker/pdns/curl-api -i 2 /api/v1/servers/localhost/zones/example.org/metadata
docker/pdns/curl-api -i 1 /api/v1/servers/localhost/tsigkeys

These scripts execute pdnsutil and curl inside of the Docker containers. The -i flag specifies the instance number to operate on.

For example, you can check if the records were correctly synced to instance 2 with this command:

$ docker/pdns/pdnsutil -i 2 list-zone example.org
$ORIGIN .
example.org 3600    IN  SOA a.misconfigured.dns.server.invalid hostmaster.example.org 0 10800 3600 604800 3600
www.example.org 60  IN  A   192.0.2.3

The same should be true for instance 3, which is in receive-only mode:

$ docker/pdns/pdnsutil -i 3 list-zone example.org
$ORIGIN .
example.org 3600    IN  SOA a.misconfigured.dns.server.invalid hostmaster.example.org 0 10800 3600 604800 3600
www.example.org 60  IN  A   192.0.2.3

You can use dig against the DNS servers to verify that the new A record works:

$ dig +short -p 4753 @127.0.0.1 www.example.org
192.0.2.3

To list all the generated snapshots, you can use this script:

docker/pdns/lightningstream -i 1 snapshots list -l

To view a dump of the LMDB contents, you can use the dump-lmdb command:

docker/pdns/dump-lmdb -i 1
docker/pdns/dump-lmdb -i 2

You can also browse the snapshots in MinIO at http://localhost:4731/buckets/lightningstream/browse (login with minioadmin / minioadmin).