Installing PowerDNS-Admin on Ubuntu 18.04

Now that you have PowerDNS installed on your servers, you may be wondering how you and your users can create zones on your servers. Well, PowerDNS-Admin is a web-based control panel that makes managing PowerDNS a breeze. It has support for multiple accounts with varying privileges, domain-based user access management, support for a variety of backends for user authentication (LDAP, SAML, etc.), and a whole lot more.

We’re going to be setting this up on the master DNS server we created in a previous article, but if you choose to set this tool up remotely or on a preexisting server that should work as well with a few minor tweaks for your config. Essentially, this tool interfaces with the PowerDNS API that’s built in to the pdns-server software, so it should work with any PowerDNS server with a MySQL backend.


You should have PowerDNS installed already, with the following changes made to your /etc/powerdns/pdns.conf file:

# Replace <RANDOM STRING> with a randomly generated key for API access

We did this already in the previous post.

If you want to configure Let’s Encrypt later (which this guide will do), you will also need a publicly accessible domain pointed to your master server.

Prepare a database

Before we can install PowerDNS-Admin, we’ll need to setup a MySQL database for it to use and store its own information. You generally shouldn’t use the same database as PowerDNS uses, so we’ll create a new one now.

Open MySQL as root:

mysql -u root

And create a new database:

CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci;

Then create a new user, flush the privilege table, and quit:

GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY '<YOUR PASSWORD HERE>';

Replacing, of course, <YOUR PASSWORD HERE> with a new random password. Installing Required Packages

PowerDNS-Admin requires some software beforehand, so we can build it. Start with installing the Python 3 development package:

sudo apt-get install python3-dev

And then some additional packages we’ll need just to install the rest of the required files:

sudo apt-get install -y libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config

As an aside, we’re installing libmysqlclient-dev because we previously setup PowerDNS with MySQL. If you chose to use MariaDB or PostgreSQL for your setup those backends will work as well, but you’ll need to install the appropriate package for your install.

Finally, we’ll need to install yarn to build the asset files:

curl -sS | sudo apt-key add -
echo "deb stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update -y
sudo apt-get install -y yarn

These commands add the yarn repository to your system, refreshes your package list, and complete the install.

Downloading PowerDNS-Admin

We’re going to install PowerDNS-Admin to /opt/web/powerdns-admin just to keep things simple, but you can adjust that directory to your local web application directory without issue, if you have another preference.

Clone the directory:

git clone /opt/web/powerdns-admin

If you don’t have git installed already, you may have to sudo apt install git.

Now, change to that new directory:

cd /opt/web/powerdns-admin
virtualenv -p python3 flask

Next, activate a python3 development environment, and begin installing the libraries required by PowerDNS-Admin:

. ./flask/bin/activate
pip install -r requirements.txt


Now, we’ll need to copy the configuration template to a new configuration file:

cp /opt/web/powerdns-admin/ /opt/web/powerdns-admin/

Now, edit the file, we’ll need to make the following changes:

nano /opt/web/powerdns-admin/

Specifically, we want to modify the database variables to match our configuration:

SQLA_DB_USER = 'pdnsadminuser'
SQLA_DB_NAME = 'powerdnsadmin'

Replacing <YOUR PASSWORD HERE> with the password we created at the beginning of this article. Don’t change anything else in this file, the port and bind address can stay as they are, because we’ll be throwing this entire application behind Nginx for public access in just a bit.

Now, that your configuration is all set, we can create the database schema:

export FLASK_APP=app/
flask db upgrade

Generate asset files:

yarn install --pure-lockfile
flask assets build

And that’s it! We should now be able to run the application. Now, we’ll put this behind an Nginx reverse proxy, and setup a systemd service for production use.

Setting Up Systemd

Create a new service file:


And paste in the following information:


ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app


Now, reload systemd to apply your changes:

sudo systemctl daemon-reload

And start the application:

sudo systemctl start powerdns-admin

Finally, if you don’t run into any errors, enable the service, so it starts at boot:

sudo systemctl enable powerdns-admin

Creating an Nginx Site

If you don’t have Nginx installed yet, simply run this command to install it now:

sudo apt install nginx

Now, create a new configuration file for your website:

sudo nano /etc/nginx/sites-enabled/powerdns-admin.conf

And paste in the following:

server {
  listen *:80;
  server_name               <YOUR DOMAIN NAME HERE>;

  index                     index.html index.htm index.php;
  root                      /opt/web/powerdns-admin;
  access_log                /var/log/nginx/powerdns-admin.local.access.log combined;
  error_log                 /var/log/nginx/powerdns-admin.local.error.log;

  client_max_body_size              10m;
  client_body_buffer_size           128k;
  proxy_redirect                    off;
  proxy_connect_timeout             90;
  proxy_send_timeout                90;
  proxy_read_timeout                90;
  proxy_buffers                     32 4k;
  proxy_buffer_size                 8k;
  proxy_set_header                  Host $host;
  proxy_set_header                  X-Real-IP $remote_addr;
  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size    64;

  location ~ ^/static/  {
    include  /etc/nginx/mime.types;
    root /opt/web/powerdns-admin/app;

    location ~*  \.(jpg|jpeg|png|gif)$ {
      expires 365d;

    location ~* ^.+.(css|js)$ {
      expires 7d;

  location / {
    proxy_pass            http://unix:/opt/web/powerdns-admin/powerdns-admin.sock;
    proxy_read_timeout    120;
    proxy_connect_timeout 120;
    proxy_redirect        off;


Replacing <YOUR DOMAIN NAME HERE> with a domain name or subdomain pointing to your server that you’d like to access the panel on. This isn’t strictly necessary, you’ll be able to access your server at http://<your server IP> after this Nginx configuration is complete. But a domain is necessary to set up Let’s Encrypt TLS, which is what we’ll be doing in the next step.

If you don’t have any other websites on this box, we’re going to delete Nginx’s built in default site now:

sudo rm /etc/nginx/sites-enabled/default

Now, restart Nginx to apply your changes:

sudo systemctl restart nginx

That should be it! PowerDNS-Admin should be accessible at http://<your server IP or domain>, next we’ll setup TLS for additional in-transit security.

Configuring Let’s Encrypt

We’re going to use Let’s Encrypt’s certbot program to issue certificates. Adding the certbot repo and installing the software is just a couple simple commands:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Now, we just issue this command using certbot and the nginx plugin to issue a certificate for your control panel:

sudo certbot --nginx

Since we added the domain in the configuration, it should pick it up automatically. Just follow through the email prompts and you should be good to go. If it issues a certificate successfully, it will ask you if you’d like to redirect all http:// traffic to https://. There’s really no reason not to do so, so I’d recommend choosing that option.

Renewals should be automated with this package, so no need to worry about certificate expiration, as long as your domain or subdomain stays pointed to your nameserver.

Installing PowerDNS-Admin

Almost finished! There’s just some final configuration required to get up and running. Browse to to access the web interface. There should be a link to register a new user, use that to register your administrator account.

After signing in, you’ll be greeted with a page requesting your PowerDNS credentials (if you aren’t, navigate to /admin/setting/pdns). For PDNS API URL, you’ll enter, because the PowerDNS server is hosted on the same server as this web interface.

For PDNS API Key, you’ll want to enter the API key we created in the PowerDNS configuration in the previous install. This will give PowerDNS-Admin access to your PowerDNS backend.

PDNS Version should be pre-filled with the latest version of PowerDNS, which should be fine. At the time of writing, it’s 4.1.1.

Click Update and you should be done!


After the completion of these guides, you should have both a PowerDNS server setup, complete with master and slave replication, as well as an administrative web panel for you and your users to manage zones on your servers. Changes made in the panel should be instantly updates across your entire installation.

I hope you found this guide helpful! If there’s something you feel I missed, please feel free to reach out and let me know.