powerdns 系列之二 PowerDNS Authoritative Server
| 阿里云国内75折 回扣 微信号:monov8 |
| 阿里云国际,腾讯云国际,低至75折。AWS 93折 免费开户实名账号 代冲值 优惠多多 微信号:monov8 飞机:@monov6 |
PowerDNS Authoritative Server
权威服务器直接查询数据库去尝试解析数据库中若不存在此记录则直接返回空结果。
os: centos 7.8.2003
pnds: 4.7.3
安装 pdns
安装 pdns auth
yum install epel-release yum-plugin-priorities
curl -o /etc/yum.repos.d/powerdns-auth-47.repo https://repo.powerdns.com/repo-files/el-auth-47.repo
yum install pdns
安装 pdns backend
使用 postgresql 作为存储数据库需要安装 pdns-backend-postgresql
这里有个小细节需要注意下
依赖安装 postgresql-libs 的版本较低登录 pgsql 10 及以上会提示 SCRAM authentication requires libpq version 10 or above 。
需要 postgresql-libs 最低为 10 版本可提前下载这两个 rpm 包 。
postgresql10.x86_64 10.23-1PGDG.rhel7 @pgdg10
postgresql10-libs.x86_64 10.23-1PGDG.rhel7 @pgdg10
安装 pdns backend
yum install pdns-backend-geoip \
pdns-backend-ldap \
pdns-backend-lmdb \
pdns-backend-lua2 \
pdns-backend-mysql \
pdns-backend-odbc \
pdns-backend-pipe \
pdns-backend-postgresql \
pdns-backend-remote \
pdns-backend-sqlite \
pdns-backend-tinydns
登录数据库 创建 user、database参考 https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings
create user pdns with password 'xxxxx';
create database pdns_db with owner='pdns';
创建表参考 https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings
CREATE TABLE domains (
id SERIAL PRIMARY KEY,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type TEXT NOT NULL,
notified_serial BIGINT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
options TEXT DEFAULT NULL,
catalog TEXT DEFAULT NULL,
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE INDEX catalog_idx ON domains(catalog);
CREATE TABLE records (
id BIGSERIAL PRIMARY KEY,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(65535) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
disabled BOOL DEFAULT 'f',
ordername VARCHAR(255),
auth BOOL DEFAULT 't',
CONSTRAINT domain_exists
FOREIGN KEY(domain_id) REFERENCES domains(id)
ON DELETE CASCADE,
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);
CREATE TABLE supermasters (
ip INET NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY(ip, nameserver)
);
CREATE TABLE comments (
id SERIAL PRIMARY KEY,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) DEFAULT NULL,
comment VARCHAR(65535) NOT NULL,
CONSTRAINT domain_exists
FOREIGN KEY(domain_id) REFERENCES domains(id)
ON DELETE CASCADE,
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id SERIAL PRIMARY KEY,
domain_id INT REFERENCES domains(id) ON DELETE CASCADE,
kind VARCHAR(32),
content TEXT
);
CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);
CREATE TABLE cryptokeys (
id SERIAL PRIMARY KEY,
domain_id INT REFERENCES domains(id) ON DELETE CASCADE,
flags INT NOT NULL,
active BOOL,
published BOOL DEFAULT TRUE,
content TEXT
);
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id SERIAL PRIMARY KEY,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
配置
cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak
> /etc/pdns/pdns.conf
vi /etc/pdns/pdns.conf
#启用 rest api
api=yes
api-key=aabbccdd112233009988
#默认配置
daemon=no
guardian=no
setgid=pdns
setuid=pdns
#数据库设置
launch=gpgsql
gpgsql-host=xxx.xxx.xxx.xxx
gpgsql-port=5432
gpgsql-dbname=pdns_db
gpgsql-user=pdns
gpgsql-password=xxxxx
#DNS服务监听设置
local-address=0.0.0.0
local-port=53
#启用 webserver 监控
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/0
webserver-port=8081
#域名动态解析
enable-lua-records=yes
启动
chmod -R 755 /etc/pdns/pdns.conf
systemctl enable pdns
systemctl start pdns
systemctl status pdns
如果碰到启动错误是端口 53 被占用的话可以参考这篇文章处理下
<<CentOS 7 中关闭删除 virbr0 虚拟网>>
日常配置
建议通过 PowerDNS-Admin 来完成
安装UI界面
如果全部使用命令行操作缺失比较麻烦可以通过第三方 PowerDNS-Admin 实现界面管理。参考 https://github.com/PowerDNS-Admin/PowerDNS-Admin
安装
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
systemctl enable docker
systemctl start docker
docker run -d \
-e SECRET_KEY='a-very-secret-key' \
-v pda-data:/data \
-p 9191:80 \
ngoduykhanh/powerdns-admin:latest
查看启动效果
docker ps
netstat -natp
访问 http://localhost:9191/login
第一次访问需要创建个账号
按照操作一步步进行。
日常配置
登录PowerDNS-Admin左侧选择 +New Domain即可添加新的域点击提交
点击域名 Action 的 Manage
增加两条记录后点击右上 Apply Changes 生效。
参考
https://repo.powerdns.com/
https://doc.powerdns.com/
https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings