MENU

自建 DNS 解析利器:PowerDNS+PowerDNS-Admin

April 7, 2020 • Read: 6551 • Linux阅读设置

1.1 系统环境

  • Centos7.7.1908

  • PowerDNS 4.4.0

  • MariaDB 10.4

PowerDNS 官方源 https://repo.powerdns.com/
PowerDNS 文档 https://doc.powerdns.com/authoritative/

2.1 安装 PowerDNS

  • #添加PowerDNS官方源

  • yum install -y epel-release yum-plugin-priorities

  • curl -o /etc/yum.repos.d/powerdns-auth-master.repo https://repo.powerdns.com/repo-files/centos-auth-master.repo

  • 

  • yum install -y pdns pdns-backend-mysql.x86_64

  • 

  • #修改前备份配置文件

  • cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak

  • 

  • #赋予权限,否则PowerDNS无法启动

  • chown pdns. /etc/pdns/pdns.conf

2.2 修改配置文件,添加以下内容

  • vim /etc/pdns/pdns.conf

  • 

  • launch=gmysql

  • gmysql-host=127.0.0.1

  • gmysql-user=root

  • gmysql-dbname=pdns

  • gmysql-password=123456

  • api=yes

  • api-key=123456

  • webserver=yes

  • 

  • # ttl

  • default-ttl=300

2.3 启动 PowerDNS(日志在 message 中)

  • systemctl start pdns

  • systemctl enable pdns

  • systemctl status pdns.service

2.4 开放 DNS 服务端口

  • firewall-cmd --zone=public --add-port=53/tcp --permanent

  • firewall-cmd --zone=public --add-port=53/udp --permanent

  • firewall-cmd --reload

3.1 安装 MariaDB10.4

Centos7 仓库最新版 5.5,需要手动添加新版 10.4 到仓库。
vim /etc/yum.repos.d/Mariadb.repo

  • # MariaDB 10.4 CentOS repository list - created 2020-04-06 18:11 UTC

  • # http://downloads.mariadb.org/mariadb/repositories/

  • [mariadb]

  • name = MariaDB

  • baseurl = http://yum.mariadb.org/10.4/centos7-amd64

  • gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

  • gpgcheck=1

  • 

  • 

  • yum clean all

  • yum makecache all

  • yum install -y mariadb-server mariadb

3.2 添加以下内容,配置 MariaDB 的字符集为 UTF-8

  • vim /etc/my.cnf

  • [mysqld]

  • init_connect='SET collation_connection = utf8_unicode_ci'

  • init_connect='SET NAMES utf8'

  • character-set-server=utf8

  • collation-server=utf8_unicode_ci

  • skip-character-set-client-handshake

  • 

  • 

  • vim /etc/my.cnf.d/client.cnf

  • [client]

  • default-character-set=utf8

  • 

  • 

  • vim /etc/my.cnf.d/mysql-clients.cnf

  • [mysql]

  • default-character-set=utf8

3.3 启动 MariaDB

  • systemctl start mariadb 

  • systemctl enable mariadb

  • systemctl status mariadb

3.4 初始化 MariaDB

  • mysql_secure_installation

  • 回车,

  • N,

  • Y,          #设置root密码

  • root密码,

  • 重复root密码,

  • Y,          #删除匿名登入

  • Y,          #禁用root远程登入

  • Y,          #删除test库

  • Y,          #刷新权限

3.5 初始化 PowerDNS 数据库

  • mysql -u root -p

  • #先确认已设置UTF-8编码

  • mysql >  show variables like "%character%";

  • mysql >  create database pdns;

  • mysql >  use pdns;

  • 

  • CREATE TABLE domains (

  •   id                    INT AUTO_INCREMENT,

  •   name                  VARCHAR(255) NOT NULL,

  •   master                VARCHAR(128) DEFAULT NULL,

  •   last_check            INT DEFAULT NULL,

  •   type                  VARCHAR(6) NOT NULL,

  •   notified_serial       INT UNSIGNED DEFAULT NULL,

  •   account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,

  •   PRIMARY KEY (id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE UNIQUE INDEX name_index ON domains(name);

  • 

  • CREATE TABLE records (

  •   id                    BIGINT AUTO_INCREMENT,

  •   domain_id             INT DEFAULT NULL,

  •   name                  VARCHAR(255) DEFAULT NULL,

  •   type                  VARCHAR(10) DEFAULT NULL,

  •   content               VARCHAR(64000) DEFAULT NULL,

  •   ttl                   INT DEFAULT NULL,

  •   prio                  INT DEFAULT NULL,

  •   disabled              TINYINT(1) DEFAULT 0,

  •   ordername             VARCHAR(255) BINARY DEFAULT NULL,

  •   auth                  TINYINT(1) DEFAULT 1,

  •   PRIMARY KEY (id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE INDEX nametype_index ON records(name,type);

  • CREATE INDEX domain_id ON records(domain_id);

  • CREATE INDEX ordername ON records (ordername);

  • 

  • CREATE TABLE supermasters (

  •   ip                    VARCHAR(64) NOT NULL,

  •   nameserver            VARCHAR(255) NOT NULL,

  •   account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,

  •   PRIMARY KEY (ip, nameserver)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE TABLE comments (

  •   id                    INT AUTO_INCREMENT,

  •   domain_id             INT NOT NULL,

  •   name                  VARCHAR(255) NOT NULL,

  •   type                  VARCHAR(10) NOT NULL,

  •   modified_at           INT NOT NULL,

  •   account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,

  •   comment               TEXT CHARACTER SET 'utf8' NOT NULL,

  •   PRIMARY KEY (id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE INDEX comments_name_type_idx ON comments (name, type);

  • CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

  • 

  • CREATE TABLE domainmetadata (

  •   id                    INT AUTO_INCREMENT,

  •   domain_id             INT NOT NULL,

  •   kind                  VARCHAR(32),

  •   content               TEXT,

  •   PRIMARY KEY (id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

  • 

  • CREATE TABLE cryptokeys (

  •   id                    INT AUTO_INCREMENT,

  •   domain_id             INT NOT NULL,

  •   flags                 INT NOT NULL,

  •   active                BOOL,

  •   published             BOOL DEFAULT 1,

  •   content               TEXT,

  •   PRIMARY KEY(id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE INDEX domainidindex ON cryptokeys(domain_id);

  • 

  • CREATE TABLE tsigkeys (

  •   id                    INT AUTO_INCREMENT,

  •   name                  VARCHAR(255),

  •   algorithm             VARCHAR(50),

  •   secret                VARCHAR(255),

  •   PRIMARY KEY (id)

  • ) Engine=InnoDB CHARACTER SET 'latin1';

  • 

  • CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

建议您还添加以下 MySQL 语句。这些将在表中添加外键约束,以便在从域表中删除域时自动删除记录,密钥材料和其他信息。
这些仅适用于 InnoDB 存储引擎,但是,如果您到目前为止已遵循我们的指南,则正是我们正在使用的引擎。
以下 SQL 可以完成这项工作:

  • mysql> use pdns;

  • 

  • ALTER TABLE records ADD CONSTRAINT `records_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

  • ALTER TABLE comments ADD CONSTRAINT `comments_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

  • ALTER TABLE domainmetadata ADD CONSTRAINT `domainmetadata_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

  • ALTER TABLE cryptokeys ADD CONSTRAINT `cryptokeys_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

4.1 安装 PowerDNS-Admin
官方教程:https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7

  • #安装Python3.6 + pip

  • yum install -y https://centos7.iuscommunity.org/ius-release.rpm

  • yum install -y python36u python36u-devel python36u-pip

  • pip3.6 install -U pip

  • pip install -U virtualenv

  • rm -f /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python3

  • 

  • # 安装构建Python库所需包

  • 1)如果使用 Centos 默认的 mariadb 5.5 版本,安装如下:

  • yum install -y gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

  • 

  • 2)如果使用mariadb 10.x 版本,安装如下:

  • yum install -y gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

  • 

  • # 安装 Nodejs 10

  • curl -sL https://rpm.nodesource.com/setup_10.x | bash -

  • curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo

  • yum install -y yarn

  • yum install -y python-virtualenv

  • yum install -y gcc-c++ make

  • 

  • #创建Python3 virtualenv环境

  • yum install -y git

  • git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin

  • cd /opt/web/powerdns-admin

  • virtualenv -p python3 flask

  • 

  • #激活Python3环境并安装Python库(后续操作都是基于Python3 环境下操作)

  • source ./flask/bin/activate

  • pip install python-dotenv

  • pip install -r requirements.txt

4.2 修改关于数据库的连接信息
vim /opt/web/powerdns-admin/powerdnsadmin/default_config.py

  • 

  • ### DATABASE CONFIG

  • SQLA_DB_USER = 'root'

  • SQLA_DB_PASSWORD = '123456'

  • SQLA_DB_HOST = '127.0.0.1'

  • SQLA_DB_NAME = 'pdns'

  • 

  • 

  • #导出

  • export FLASK_CONF=../configs/development.py

  • #然后运行以下命令创建数据库模式:

  • export FLASK_APP=powerdnsadmin/__init__.py

  • flask db upgrade

  • yarn install --pure-lockfile

  • flask assets build

删掉关于 debug 字段
vim run.py

  • #!/usr/bin/env python3

  • from powerdnsadmin import create_app

  • 

  • if __name__ == '__main__':

  •     app = create_app()

  •     app.run(host=app.config.get('BIND_ADDRESS', '127.0.0.1'), port=app.config.get('PORT', '9191'))

4.3 开放 WEB 端口

  • firewall-cmd --zone=public --add-port=9191/tcp --permanent

  • firewall-cmd --reload

  • #查看是否生效

  • yum install -y net-tools

  • netstat -lnpt

4.4 启动 PowerDNS-Admin

  • #测试运行 查看输出是否正常

  • cd /opt/web/powerdns-admin/

  • ./run.py

  • #开机自启

  • chmod +x /etc/rc.d/rc.local

  • vim /etc/rc.local

  • source /opt/web/powerdns-admin/flask/bin/activate

  • export FLASK_CONF=/opt/web/powerdns-admin/configs/development.py

  • export FLASK_APP=/opt/web/powerdns-admin/powerdnsadmin/__init__.py

  • /opt/web/powerdns-admin/run.py /opt/web/powerdns-admin/powerdns-admin-log 2>&1 &

4.5 设置 PowerDNS-Admin

访问 http://IP:9191 注册新用户
20200407030833.jpg

  • 首个注册用户会默认加权为管理员

填入 2.2 步骤中设置的 API KEY 等信息
20200407033054.jpg

当与后端 PowerDNS 通讯正常时,可以在控制面板中看到 PowerDNS Uptime
20200407034459.jpg

参考
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
https://www.cnblogs.com/weavepub/p/11152919.html
https://boke.wsfnk.com/archives/787.html

rDNSDNS自建PowerDNS反向解析PowerDNS-AdminPTR
Archives QR Code
QR Code for this page
Tipping QR Code
Leave a Comment