本文的自建 DNS 是指的是权威 DNS,即给自己的域名配置的 DNS,而非在客户端配置的缓存 DNS。
一、部署以MariaDB作为后端数据的PowerDNS系统
1)关闭防火墙和selinux
[root@PowerDNS ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@PowerDNS ~]# setenforce 0 [root@PowerDNS ~]# getenforce [root@PowerDNS ~]# cat /etc/sysconfig/selinux |grep "SELINUX=disabled" SELINUX=disabled [root@PowerDNS ~]# systemctl stop firewalld [root@PowerDNS ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@PowerDNS ~]# firewall-cmd --state not running
2)启用EPEL仓库
[root@PowerDNS ~]# yum install -y epel-release yum-plugin-priorities
3)安装并配置MariaDB服务器
[root@PowerDNS ~]# yum install -y mariadb-server mariadb [root@PowerDNS ~]# systemctl enable mariadb.service [root@PowerDNS ~]# systemctl start mariadb.service [root@PowerDNS ~]# lsof -i:3306 设置密码 [root@PowerDNS ~]# mysql_secure_installation 首先是设置密码,会提示先输入密码 Enter current password for root (enter for none):<–初次运行直接回车 设置密码 Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车或直接回车 New password: <– 设置root用户的密码(比如123456) Re-enter new password: <– 再输入一次你设置的密码 其他配置 Remove anonymous users? [Y/n] <– 是否删除匿名用户,回车 Disallow root login remotely? [Y/n] <–是否禁止root远程登录,回车, Remove test database and access to it? [Y/n] <– 是否删除test数据库,回车 Reload privilege tables now? [Y/n] <– 是否重新加载权限表,回车 使用密码登录MariaDB,查看字符集 [root@PowerDNS ~]# mysql -p123456 Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 11 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> show variables like "%character%";show variables like "%collation%"; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | utf8 | | character_set_connection | utf8 | | character_set_database | latin1 | | character_set_filesystem | binary | | character_set_results | utf8 | | character_set_server | latin1 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.00 sec) +----------------------+-------------------+ | Variable_name | Value | +----------------------+-------------------+ | collation_connection | utf8_general_ci | | collation_database | latin1_swedish_ci | | collation_server | latin1_swedish_ci | +----------------------+-------------------+ 接下来配置MariaDB的字符集,设置成utf8: -> 首先是配置文件/etc/my.cnf,在[mysqld]标签下添加 init_connect='SET collation_connection = utf8_unicode_ci' init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_unicode_ci skip-character-set-client-handshake -> 接着配置文件/etc/my.cnf.d/client.cnf,在[client]中添加 default-character-set=utf8 -> 然后配置文件/etc/my.cnf.d/mysql-clients.cnf,在[mysql]中添加 default-character-set=utf8 最后是重启MariaDB,并登陆MariaDB查看字符集 [root@PowerDNS ~]# systemctl restart mariadb.service 再次登录MariaDB,查看字符集,发现已是utf8了 [root@PowerDNS ~]# mysql -p123456 Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> show variables like "%character%";show variables like "%collation%"; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | utf8 | | character_set_connection | utf8 | | character_set_database | utf8 | | character_set_filesystem | binary | | character_set_results | utf8 | | character_set_server | utf8 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.00 sec) +----------------------+-----------------+ | Variable_name | Value | +----------------------+-----------------+ | collation_connection | utf8_unicode_ci | | collation_database | utf8_unicode_ci | | collation_server | utf8_unicode_ci | +----------------------+-----------------+
4)接着继续安装PowerDNS
[root@PowerDNS yum.repos.d]# yum install -y pdns pdns-backend-mysql PowerDNS的配置文件位于/etc/pdns/pdns.conf [root@PowerDNS ~]# ll /etc/pdns/pdns.conf -rw-------. 1 root root 14007 Feb 2 00:33 /etc/pdns/pdns.conf
5)为PowerDNS服务配置一个MariaDB数据库。
[root@PowerDNS ~]# mysql -p123456 Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 3 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE powerdns; MariaDB [(none)]> GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'powerdns'; MariaDB [(none)]> FLUSH PRIVILEGES; 继续创建PowerDNS要使用的数据库表。像堆积木一样执行以下这些sql语句(即复制下面的语句直接粘贴到MariaDB中一起执行) use powerdns; CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); flush privileges; 执行完之后,检查下: MariaDB [powerdns]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | powerdns | +--------------------+ 4 rows in set (0.00 sec) MariaDB [powerdns]> use powerdns; Database changed MariaDB [powerdns]> show tables; +--------------------+ | Tables_in_powerdns | +--------------------+ | comments | | cryptokeys | | domainmetadata | | domains | | records | | supermasters | | tsigkeys | +--------------------+ 检查下使用powerdns是否正常登录 [root@PowerDNS ~]# mysql -upowerdns -hlocalhost -ppowerdns; Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 5 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | powerdns | +--------------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> use powerdns; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [powerdns]> show tables; +--------------------+ | Tables_in_powerdns | +--------------------+ | comments | | cryptokeys | | domainmetadata | | domains | | records | | supermasters | | tsigkeys | +--------------------+ 7 rows in set (0.00 sec) MariaDB [powerdns]>
6)继续配置PowerDNS,以MariaDB作为后台。
[root@PowerDNS ~]# cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak [root@PowerDNS ~]# vim /etc/pdns/pdns.conf #查找类似:#launch= ;添加下面的内容: launch=gmysql gmysql-host=localhost gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=powerdns gmysql-password=powerdns 将启动并添加PowerDNS到系统开机启动列表: [root@PowerDNS ~]# systemctl enable pdns.service [root@PowerDNS ~]# systemctl start pdns.service [root@PowerDNS ~]# systemctl status pdns.service [root@PowerDNS ~]# ps -ef|grep pdns pdns 20036 1 0 16:54 ? 00:00:00 /usr/sbin/pdns_server --daemon root 20056 18838 0 16:56 pts/1 00:00:00 grep --color=auto pdns [root@PowerDNS ~]# lsof -i:53 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME pdns_serv 20036 pdns 5u IPv4 41118 0t0 UDP *:domain pdns_serv 20036 pdns 6u IPv4 41119 0t0 TCP *:domain (LISTEN) 到这一步,PowerDNS服务器已经起起并运行了
二、安装PowerAdmin来管理PowerDNS
7)PowerAdmin,一个界面友好的PowerDNS服务器的 Web 管理器。由于它是用PHP写的,我们将需要安装PHP和一台网络服务器(Apache):
[root@PowerDNS html]# yum -y install httpd php php-devel php-gd php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext 安装完成后,需要启动并设置Apache开机启动: [root@PowerDNS ~]# systemctl enable httpd.service [root@PowerDNS ~]# systemctl start httpd.service [root@PowerDNS ~]# systemctl status httpd.service [root@PowerDNS ~]# lsof -i:80 由于已经满足PowerAdmin的所有系统要求,可以继续下载软件包,放到Apache默认的网页目录位于/var/www/html/ [root@PowerDNS ~]# cd /var/www/html/ [root@PowerDNS html]# wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz [root@PowerDNS html]# tar -zvxf poweradmin-2.1.7.tgz [root@PowerDNS html]# ls poweradmin-2.1.7 poweradmin-2.1.7.tgz 接着启动PowerAdmin的网页安装器了,只需打开(192.168.10.239为本机ip): http://192.168.10.239/poweradmin-2.1.7/install/
下面的页面会要求你为PowerAdmin选择语言,请选择你想要使用的那一个,然后点击"进入步骤 2"按钮。
安装器需要PowerDNS数据库:
因为上面已经创建了一个数据库,所以可以继续进入下一步。接着会被要求提供先前配置的数据库详情,同时也需要为Poweradmin设置管理员密码:
输入这些信息后,进入步骤 4。你将创建为Poweradmin创建一个受限用户。这里你需要输入的字段是:
用户名(Username):PowerAdmin用户名。 密码(Password):上述用户的密码。 主机管理员(Hostmaster):当创建SOA记录而你没有指定主机管理员时,该值会被用作默认值(可以不写)。这里我写的是部署机的主机名 主域名服务器:该值在创建新的DNS区域时会被用于作为主域名服务器。 辅域名服务器:该值在创建新的DNS区域时会被用于作为辅域名服务器。
在下一步中,Poweradmin会要求你在数据库表中创建一个新的受限数据库用户,它会提供你需要在MariaDB控制台输入的代码:
现在打开终端并运行(以下这段命令就是复制上图步骤中的命令,进入数据库粘贴即可。)
MariaDB [(none)]> GRANT SELECT,INSERT,UPDATE,DELETE ON powerdns.* TO 'poweradmin'@'localhost' IDENTIFIED BY 'poweradmin'; MariaDB [(none)]> flush privileges; 测试使用上面权限登录数据库 [root@PowerDNS inc]# mysql -upoweradmin -hlocalhost -ppoweradmin Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 17 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | powerdns | +--------------------+ 2 rows in set (0.00 sec) MariaDB [(none)]>
现在,回到浏览器中并继续下一步
安装器将尝试创建配置文件到/var/www/html/poweradmin-2.1.7/inc目录下,文件名是config.inc.php。
[root@PowerDNS ~]# cd /var/www/html/poweradmin-2.1.7/inc [root@PowerDNS inc]# vim config.inc.php [root@PowerDNS inc]# cat config.inc.php <?php $db_host = 'localhost'; $db_user = 'poweradmin'; $db_pass = 'poweradmin'; $db_name = 'powerdns'; $db_type = 'mysql'; $db_layer = 'PDO'; $session_key = '6swx#944CycA9F2GkOAM7c&z6vU=ay[oGFnZZF{TC1te}7'; $iface_lang = 'en_EN'; $dns_hostmaster = 'PowerDNS-server'; $dns_ns1 = '172.16.51.151'; $dns_ns2 = '172.16.51.152';
现在,进入最后页面,该页面会告知你安装已经完成以及如何访问安装好的PowerAdmin:
然后,需要移除从PowerAdmin的根目录中移除"install"文件夹,这一点很重要。使用以下命令:
[root@PowerDNS ~]# ll /var/www/html/poweradmin-2.1.7/install/ [root@PowerDNS ~]# rm -rf /var/www/html/poweradmin-2.1.7/install/
在此之后,你可以通过以下方式访问PowerAdmin,访问地址http://192.168.10.239/poweradmin-2.1.7/
如下图,使用admin/poweradmin@123的用户名和密码(上面设置的密码)进行登录
在登录后,你应该会看到PowerAdmin的主页: