pdns-recursor for PowerDNS
After the introduction of PowerDNS in cPanel/WHM 60, currently it requires that we use an external DNS caching resolver due to the lack of functionality in PowerDNS itself.
PowerDNS has a separate recursor (https://www.powerdns.com/recursor.html) - which can be used to bring back a caching resolver when using PowerDNS.
The resolver itself works out of the box, it requires no configuration changes, by default it listens to localhost / 127.0.0.1 meaning that it can't be used as a open resolver from the beginning unless people actually do a config change.
It also makes me believe that adding this should be pretty straight forward - anyone can do it already, simply by doing yum install pdns-recursor.
But it would be ideal if it could be done automatically when choosing to use PowerDNS during the nameserver selection.
If this isn't very easy, then at least in the suggestion when selecting it, give a link to the recursor, so people are aware that it exists.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Idealy either this of the DNSSEC integration for bind. At the moment we have two incomplete DNS Options, you can either use BIND and gain the advantage of recursive DNS (which, lets be honest, most spam filtering won't work without) but can't use DNSSEC, or you choose PowerDNS, gain the advantage of DNSSEC, but you can't use recursive DNS.
PS @Lucas - When you say it works out the box, can you install this on an existing WHM and able to switch your DNS to PowerDNS? (for the moment, whilst I have 127.0.0.1 as my primary DNS, there is a large bar warning me I cannot use PowerDNS.
Idealy either this of the DNSSEC integration for bind. At the moment we have two incomplete DNS Options, you can either use BIND and gain the advantage of recursive DNS (which, lets be honest, most spam filtering won't work without) but can't use DNSSEC, or you choose PowerDNS, gain the advantage of DNSSEC, but you can't use recursive DNS.
PS @Lucas - When you say it works out the box, can you install this on an existing WHM and able to switch your DNS to PowerDNS? (for the moment, whilst I have 127.0.0.1 as my primary DNS, there is a large bar warning me I cannot use PowerDNS.
Thanks for suggesting this, it's odd that in 2021, WHM still doesn't offer PDNS Recursor in the list of options or to be honest the option to install all 3 PDNS suite components (DNSDIST, Recursor and Authoritve Server).
I installed PDNS Recursor manually (the latest non-alpha version) because I want to configure Exim/Spam Filters to work with with DNS Blocklists which requires a recursor. PDNS is the go to app now in WHM, but if you use it, you get blocked from using RBI Blocklist lookups like Spamcop, Spamhaus etc. I had to add 127.0.0.1 to the list of nameserver resolv.conf as the Recursor is supposed to listen to local addresses only.
In fact, why WHM/CPanel don't support the newest stable versions of PDNS Authoritative Server, never mind PDNS Recursor, the change logs often mention security updates and improved compatibility/integration with topics such as DNSSEC but WHM installs for example 4.3 instead of 4.4 etc.
Thanks for suggesting this, it's odd that in 2021, WHM still doesn't offer PDNS Recursor in the list of options or to be honest the option to install all 3 PDNS suite components (DNSDIST, Recursor and Authoritve Server).
I installed PDNS Recursor manually (the latest non-alpha version) because I want to configure Exim/Spam Filters to work with with DNS Blocklists which requires a recursor. PDNS is the go to app now in WHM, but if you use it, you get blocked from using RBI Blocklist lookups like Spamcop, Spamhaus etc. I had to add 127.0.0.1 to the list of nameserver resolv.conf as the Recursor is supposed to listen to local addresses only.
In fact, why WHM/CPanel don't support the newest stable versions of PDNS Authoritative Server, never mind PDNS Recursor, the change logs often mention security updates and improved compatibility/integration with topics such as DNSSEC but WHM installs for example 4.3 instead of 4.4 etc.
Replies have been locked on this page!