PowerDNS
简介
PowerDNS是荷兰公司的一个开源DNS产品,PowerDNS有3种服务PowerDNS Authoritative, PowerDNS Recursor, dnsdist。
权威DNS服务powerdns-authoritative只做域名解析,如果需要配置域名转发则需要部署递归DNS服务powerdns-recursor,还有一个分流和负载工具dnsdist。
官网https://www.powerdns.com/
版本
2020年5月5日最新版本
Release of PowerDNS Authoritative Server 4.3.0
Release of PowerDNS Recursor 4.3.0
Release of dnsdist 1.4.0
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| $ yum -y install epel-release yum-plugin-priorities $ curl -o /etc/yum.repos.d/powerdns-auth-43.repo https://repo.powerdns.com/repo-files/centos-auth-43.repo $ yum install pdns pdns-backend-mysql
$ yum -y install epel-release yum-plugin-priorities $ curl -o /etc/yum.repos.d/powerdns-rec-43.repo https://repo.powerdns.com/repo-files/centos-rec-43.repo $ yum install pdns-recursor
$ yum -y install epel-release yum-plugin-priorities $ curl -o /etc/yum.repos.d/powerdns-dnsdist-14.repo https://repo.powerdns.com/repo-files/centos-dnsdist-14.repo $ yum install dnsdist
|
以下安装过程以epel源的默认版本pdns-4.1为例
安装pdns组件
初始化配置略,如配置yum源,关闭防火墙和selinux等
1 2 3 4 5
| $ yum -y install pdns pdns-recursor pdns-tools pdns-backend-mysql dnsdist mariadb-server $ systemctl enable mariadb $ systemctl start mariadb $ mysql_secure_installation $ mysql -uroot -p
|
1 2 3 4
| create database pdns; grant all on pdns.* to pdns@'localhost' identified by 'redhat'; flush privileges; select User,Password,Host from mysql.user;
|
初始化sql
下载对应版本的sql文件
https://doc.powerdns.com/authoritative/guides/basic-database.html
https://github.com/PowerDNS/pdns/blob/rel/auth-4.1.x/modules/gmysqlbackend/schema.mysql.sql
https://github.com/PowerDNS/pdns/blob/rel/auth-4.2.x/modules/gmysqlbackend/schema.mysql.sql
导入mysql文件
1
| mysql -updns -p pdns < schema.mysql.sql
|
然后执行如下外键约束sql语句
1 2 3 4
| ALTER TABLE records ADD CONSTRAINT `records_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; ALTER TABLE comments ADD CONSTRAINT `comments_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; ALTER TABLE domainmetadata ADD CONSTRAINT `domainmetadata_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; ALTER TABLE cryptokeys ADD CONSTRAINT `cryptokeys_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
|
修改配置文件
配置pdns
https://doc.powerdns.com/authoritative/settings.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
| $ cp /etc/pdns/pdns.conf{,.bak} $ vim /etc/pdns/pdns.conf api=yes api-key=redhat api-logfile=/var/log/pdns.log config-dir=/etc/pdns daemon=yes guardian=yes default-ttl=300 launch=gmysql gmysql-host=localhost gmysql-port=3306 gmysql-dbname=pdns gmysql-user=pdns gmysql-password=redhat local-address=0.0.0.0 local-port=5353 log-timestamp=yes loglevel=4 setgid=pdns setuid=pdns version-string=anonymous webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081
|
配置pdns-recursor
https://doc.powerdns.com/recursor/settings.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
| $ cp /etc/pdns-recursor/recursor.conf{,.bak} $ vim /etc/pdns-recursor/recursor.conf allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 api-key=redhat api-logfile=/var/log/pdns-recursor.log config-dir=/etc/pdns-recursor daemon=yes forward-zones-file=/etc/pdns-recursor/zone.conf forward-zones-recurse=.=223.5.5.5 local-address=0.0.0.0 local-port=53 log-timestamp=yes loglevel=6 security-poll-suffix= setgid=pdns-recursor setuid=pdns-recursor version-string= webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8082
$ vim /etc/pdns-recursor/zone.conf abc.com=127.0.0.1:5353 pda.abc=127.0.0.1:5353 pdb.abc=127.0.0.1:5353 pre.abc=127.0.0.1:5353 rec.abc=127.0.0.1:5353 uat.abc=127.0.0.1:5353 dev.abc=127.0.0.1:5353
|
启动pdns服务
1 2
| $ systemctl enable pdns pdns-recursor $ systemctl start pdns pdns-recursor
|
配置powerdns-admin
以下版本为PowerDNS-Admin-0.2.2.tar.gz
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
安装python3和nodejs
1 2 3 4
| $ yum -y install python3 python3-devel gcc mariadb-devel openldap-devel libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel $ curl -sL https://rpm.nodesource.com/setup_10.x | bash - $ curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo $ yum -y install nodejs yarn
|
配置pypi源
1 2 3 4 5 6 7 8
| $ mkdir ~/.pip $ vim ~/.pip/pip.conf [global] index-url = https://pypi.tuna.tsinghua.edu.cn/simple [install] trusted-host=pypi.tuna.tsinghua.edu.cn $ pip3 install --upgrade pip setuptools $ pip3 list
|
安装python包
1 2 3 4 5 6 7 8 9
| $ cd /data $ git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /data/pdns-admin $ python3 -m venv py3 $ source /data/py3/bin/activate $ pip list $ pip install --upgrade pip setuptools $ cd /data/pdns-admin $ pip install python-dotenv $ pip install -r requirements.txt
|
创建数据库
1 2 3
| CREATE DATABASE pdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON pdnsadmin.* TO 'pdnsadmin'@'localhost' IDENTIFIED BY 'redhat'; FLUSH PRIVILEGES;
|
更改配置文件中的db配置
1 2 3 4 5 6 7 8 9
| $ cd /data/pdns-admin $ vim powerdnsadmin/default_config.py ... SQLA_DB_USER = 'pdnsadmin' SQLA_DB_PASSWORD = 'redhat' SQLA_DB_HOST = 'localhost' SQLA_DB_NAME = 'pdnsadmin' SQLALCHEMY_TRACK_MODIFICATIONS = True ...
|
生成数据库表结构
1 2
| export FLASK_APP=powerdnsadmin/__init__.py flask db upgrade
|
安装package.json里的所有包
1 2
| yarn install --pure-lockfile flask assets build
|
启动pdns-admin
1 2
| source /data/py3/bin/activate nohup python run.py &>/dev/null &
|
推荐启动方式
Running PowerDNS Admin with Systemd, Gunicorn and Nginx
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx
配置admin管理pdns
通过浏览器访问,端口9191
先创建一个admin用户,默认第一个用户为管理员权限,OTP Token可以留空
登录后需要首先配置pdns-api(参考之前的pdns配置)
PDNS API URL:http://127.0.0.1:8081/
PDNS API KEY:redhat
PDNS VERSION:4.1.11
然后先创建一个accounts
,相当于一个用户组,方便管理授权
编辑完之后一定要点击右上方的Apply Changes
保存,注意所有操作都需要点击保存才会生效。
创建域名和主机记录
验证解析
1 2 3 4 5
| dig @127.0.0.1 -p 5353 www.abc.com dig @127.0.0.1 www.abc.com dig @192.168.80.12 www.abc.com dig @127.0.0.1 -p 5353 CHAOS TXT version.bind dig @127.0.0.1 CHAOS TXT version.bind
|
可以登录api查看对应的接口状态,8081端口对应pdns-api,8082端口对应pdns-recursor-api