10.1 PowerDNS安装部署

概述

访问官方网站, 找到对应操作系统下对应组件的command, 执行安装命令, 本文Master选用Mysql做为Backend, Slave选用sqlite做为backend, DNS解析相关的配置全部使用PowerDNS-admin,生产环境部署全部使用ansible

Backends

下面表格为powerdns支持的backend

Name

Native

Master

Slave

Super slave

DNSSEC

Launch

BIND

Yes

Yes

Yes

Experimental

Yes

bind

Generic Mysql

Yes

Yes

Yes

Yes

Yes

gmysql

Generic ODBC

Yes

Yes

Yes

Yes

Yes

godbc

Generic Postgresql

Yes

Yes

Yes

Yes

Yes

gpgsql

Generic SQLite3

Yes

Yes

Yes

Yes

Yes

gsqlite3

GeoIP

Yes

No

No

No

Yes

geoip

LDAP

Yes

No

No

No

No

ldap

LMDB

Yes

Yes

Yes

No

Yes

lmdb

Lua2

Yes

Yes

No

No

Yes

lua2

Pipe

Yes

No

No

No

Partial

pipe

Random

Yes

No

No

No

Partial

random

Remote

Yes

Yes

Yes

Yes

Yes

remote

TinyDNS

Yes

Yes

No

No

Partial

tinydns

部署规划

搭配方案如下

服务器部署

  • 管理服务器 x1

    • PowerDNS Authoritative Server master

    • PowerDNS-Admin

    • Mysql

  • PowerDNS Authoritative Server slave x 1

  • PowerDNS Recursor x 1

  • 测试域名为svc.example.com

服务器ip

角色

部署程序

10.40.61.116

Master

pdns pdns-backend-mysql PowerDNS-Admin Mysql

10.40.58.153

Slave

pdns pdns-backend-sqlite

10.40.58.154

Recursor

pdns-recursor

10.1.1 PowerDNS Authoritative Server

PowerDNS Authoritative Server - Master

PowerDNS Authoritative Server的master和slave安装方式完全相同,通过配置文件指定不通的角色

配置repo并安装

配置官方仓库

# yum install epel-release yum-plugin-priorities 
# curl -o /etc/yum.repos.d/powerdns-auth-42.repo https://repo.powerdns.com/repo-files/centos-auth-42.repo 
# yum install pdns pdns-backend-mysql
# systemctl start pdns.service
# systemctl enable pdns.service

手动安装

由于本地网络不能访问Internet所以手动下载对应的软件包, 上传至服务器手动安装部署

# wget https://repo.powerdns.com/centos/x86_64/7/auth-42/pdns-4.2.1-1pdns.el7.x86_64.rpm    
# rpm -ivh pdns-4.2.1-1pdns.el7.x86_64.rpm

使用阿里云repo安装直接安装

# yum install pdns pdns-backend-mysql

Mysql server

使用mariadb 代替

# yum install mariadb mariadb-devel
# systemctl start mariadb.service
# systemctl enable mariadb.service

  • 初始化MariaDB

# mysql_secure_installation

  • 创建数据库

Powerdns 使用的基础数据库脚本, 获取后直接执行或者存入文件导入

# mysql -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2214
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>GRANT ALL ON powerdns.* TO 'powerdns'@'%' IDENTIFIED BY 'powerdns';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>CREATE DATABASE powerdns;
MariaDB [(none)]>CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT UNSIGNED DEFAULT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    BIGINT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX ordername ON records (ordername);


CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB CHARACTER SET 'latin1';


CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);


CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  published             BOOL DEFAULT 1,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

Configuration

PowerDNS Authoritative Server 配置文件 /etc/powerdns/pdns.conf, 配置完成后重启powerdns

api=yes
api-key=changeme
daemon=no
guardian=no
launch=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=powerdns
local-port=5300
master=yes     #当前节点为Master节点
setgid=pdns
setuid=pdns
webserver=yes
webserver-address=0.0.0.0 # 仅向本机的 PowerDNS-Admin 调用
webserver-allow-from=127.0.0.1,10.0.0.0/8 #如果使用内网则写 PowerDNS-Admin 在内网的 IP

下面为Mysql backend的配置, 需要配置在/etc/pdns/pdns.conf文件中

  launch=gmysql
  gmysql-host=localhost
  gmysql-port=3306
  gmysql-dbname=powerdns
  gmysql-user=powerdns
  gmysql-password=powerdns

PowerDNS Authoritative Server - Slave

Slave的安装请参考配置repo并执行安装命令完成对应的安装

Configuration

# tree -f /etc/powerdns
/etc/powerdns
├── /etc/powerdns/pdns.conf
└── /etc/powerdns/pdns.d
    ├── /etc/powerdns/pdns.d/pdns.local.conf
    └── /etc/powerdns/pdns.d/pdns.local.gsqlite3.conf

1 directory, 3 files

其中主配置文件为/etc/powerdns/pdns.conf, 配置文件内容如下

config-dir=/etc/powerdns
include-dir=/etc/powerdns/pdns.d
launch=
security-poll-suffix=
setgid=pdns
setuid=pdns

其它配置在文件/etc/powerdns/pdns.d/pdns.local.conf文件中, 内容如下

slave=yes
api=yes
api-key=changeme
webserver-address=0.0.0.0
webserver-allow-from=127.0.0.1,10.0.0.0/8

默认所有的Slave使用sqlite做为backend, 配置文件为/etc/powerdns/pdns.d/pdns.local.gsqlite3.conf配置文件内容如下:

# Configuration for gsqlite
#
# Launch gsqlite3
launch+=gsqlite3

# Database location
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3

1.1.2 PowerDNS-Admin

根据git仓库的有关信息使用docker-compose启动powerdns-admin

  • 创建目录并clone代码到本地

mkdir -p  /data/docker 
cd /data/docker 
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git

  • 创建数据库

CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'pdnsadminuser';
FLUSH PRIVILEGES;

  • 编辑docker-compose.yml, 主要修改连接的数据库信息其它的不需要改动

version: "3"

services:
  app:
    image: ngoduykhanh/powerdns-admin:latest
    container_name: powerdns_admin
    ports:
      - "9191:80"
    logging:
      driver: json-file
      options:
        max-size: 50m
    network_mode: bridge
    environment:
      - SQLALCHEMY_DATABASE_URI=mysql://pdnsadminuser:pdnsadminuser@localhost/powerdnsadmin
      - GUINCORN_TIMEOUT=60
      - GUNICORN_WORKERS=2
      - GUNICORN_LOGLEVEL=DEBUG

  • 启动

docker-compose  up -d

  • web浏览器访问 powerdns-admin 安装完成以后需要注册一个用户, 第一个注册的用户为管理员

  • 配置PDNS Authoritative Server API地址 PDNS API URL Your PowerDNS API URL (eg. http://127.0.0.1:8081/). PDNS API KEY Your PowerDNS API key.

    PDNS VERSION Your PowerDNS version number (eg. 4.1.1).

10.1.3 PowerDNS Recursor

PowerDNS Recursor - version 4.3.X

# yum install epel-release yum-plugin-priorities 
# curl -o /etc/yum.repos.d/powerdns-rec-42.repo https://repo.powerdns.com/repo-files/centos-rec-42.repo 
# yum install pdns-recursor
# systemctl restart pdns-recursor.service
# systemctl enable pdns.service

由于本地网络不能访问Internet所以手动下载对应的软件包, 上传至服务器手动安装部署

wget https://repo.powerdns.com/centos/x86_64/7/rec-42/pdns-recursor-4.2.1-1pdns.el7.x86_64.rpm   
rpm -ivh pdns-recursor-4.2.1-1pdns.el7.x86_64.rpm

Configuration

Powerdns Recursor的配置文件为/etc/pdns-recursor/recursor.conf

旧版本的配置文件可能是/etc/powerdns/recursor.conf

config-dir=/etc/powerdns
hint-file=/usr/share/dns/root.hints
include-dir=/var/lib/powerdns/recursor
local-address=127.0.0.1
max-cache-ttl=60
quiet=yes
setgid=pdns
setuid=pdns

配置forward-zones

/etc/powerdns/recursor.conf的配置文件中配置include-dir=/var/lib/powerdns/recursor这个自定义的目录,所有forward-zones的相关配置全部放到这个目录中

mkdir -p /var/lib/powerdns/recursor
cd /var/lib/powerdns/recursor

svc.example.com 的解析请求全部转发到Master或者Slave的主机上, 以下10.75.35.99是一个master

touch zone-svc.example.com.conf
cat zone-svc.example.com.conf
# Generated by pdns-recursor REST API, DO NOT EDIT
forward-zones+=svc.example.com.=10.75.35.99:53

以下为将所有不是svc.example.com的解析请求全部转发到阿里云的内网DNS上

cat zone-=2E.conf
# Generated by pdns-recursor REST API, DO NOT EDIT
forward-zones-recurse+=.=100.100.2.136:53;100.100.2.138:53

注意前缀+号的作用有待进一步测试

使用Ansible部署

待续

上一页10.0 权威DNS篇下一页10.1 PowerDNS zone设置

最后更新于