概述
访问官方网站, 找到对应操作系统下对应组件的command, 执行安装命令, 本文Master选用Mysql做为Backend, Slave选用sqlite做为backend, DNS解析相关的配置全部使用PowerDNS-admin,生产环境部署全部使用ansible
Backends
下面表格为powerdns支持的backend
| Name | Native | Master | Slave | Super slave | DNSSEC | Launch |
|---|---|---|---|---|---|---|
| BIND | Yes | Yes | Yes | Experimental | Yes | bind |
| Generic Mysql | Yes | Yes | Yes | Yes | Yes | gmysql |
| Generic ODBC | Yes | Yes | Yes | Yes | Yes | godbc |
| Generic Postgresql | Yes | Yes | Yes | Yes | Yes | gpgsql |
| Generic SQLite3 | Yes | Yes | Yes | Yes | Yes | gsqlite3 |
| GeoIP | Yes | No | No | No | Yes | geoip |
| LDAP | Yes | No | No | No | No | ldap |
| LMDB | Yes | Yes | Yes | No | Yes | lmdb |
| Lua2 | Yes | Yes | No | No | Yes | lua2 |
| Pipe | Yes | No | No | No | Partial | pipe |
| Random | Yes | No | No | No | Partial | random |
| Remote | Yes | Yes | Yes | Yes | Yes | remote |
| TinyDNS | Yes | Yes | No | No | Partial | tinydns |
部署规划
搭配方案如下:
-
MySQL
服务器部署:
-
管理服务器 x1
- PowerDNS Authoritative Server master
- PowerDNS-Admin
- Mysql
-
PowerDNS Authoritative Server slave x 1
-
PowerDNS Recursor x 1
-
测试域名为
svc.example.com
| 服务器ip | 角色 | 部署程序 |
|---|---|---|
| 10.40.61.116 | Master | pdns pdns-backend-mysql PowerDNS-Admin Mysql |
| 10.40.58.153 | Slave | pdns pdns-backend-sqlite |
| 10.40.58.154 | Recursor | pdns-recursor |
10.1.1 PowerDNS Authoritative Server
PowerDNS Authoritative Server - Master
PowerDNS Authoritative Server的master和slave安装方式完全相同,通过配置文件指定不通的角色
配置repo并安装
配置官方仓库
# yum install epel-release yum-plugin-priorities
# curl -o /etc/yum.repos.d/powerdns-auth-42.repo https://repo.powerdns.com/repo-files/centos-auth-42.repo
# yum install pdns pdns-backend-mysql
# systemctl start pdns.service
# systemctl enable pdns.service
手动安装
由于本地网络不能访问Internet所以手动下载对应的软件包, 上传至服务器手动安装部署
# wget https://repo.powerdns.com/centos/x86_64/7/auth-42/pdns-4.2.1-1pdns.el7.x86_64.rpm
# rpm -ivh pdns-4.2.1-1pdns.el7.x86_64.rpm
使用阿里云repo安装直接安装
# yum install pdns pdns-backend-mysql
Mysql server
使用mariadb 代替
# yum install mariadb mariadb-devel
# systemctl start mariadb.service
# systemctl enable mariadb.service
- 初始化MariaDB
# mysql_secure_installation
- 创建数据库
Powerdns 使用的基础数据库脚本, 获取后直接执行或者存入文件导入
# mysql -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2214
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>GRANT ALL ON powerdns.* TO 'powerdns'@'%' IDENTIFIED BY 'powerdns';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>CREATE DATABASE powerdns;
MariaDB [(none)]>CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT UNSIGNED DEFAULT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id BIGINT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX ordername ON records (ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
comment TEXT CHARACTER SET 'utf8' NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
published BOOL DEFAULT 1,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
Configuration
PowerDNS Authoritative Server 配置文件 /etc/powerdns/pdns.conf, 配置完成后重启powerdns
api=yes
api-key=changeme
daemon=no
guardian=no
launch=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=powerdns
local-port=5300
master=yes #当前节点为Master节点
setgid=pdns
setuid=pdns
webserver=yes
webserver-address=0.0.0.0 # 仅向本机的 PowerDNS-Admin 调用
webserver-allow-from=127.0.0.1,10.0.0.0/8 #如果使用内网则写 PowerDNS-Admin 在内网的 IP
下面为Mysql backend的配置, 需要配置在
/etc/pdns/pdns.conf文件中
launch=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=powerdns
PowerDNS Authoritative Server - Slave
Slave的安装请参考配置repo并执行安装命令完成对应的安装
Configuration
# tree -f /etc/powerdns
/etc/powerdns
├── /etc/powerdns/pdns.conf
└── /etc/powerdns/pdns.d
├── /etc/powerdns/pdns.d/pdns.local.conf
└── /etc/powerdns/pdns.d/pdns.local.gsqlite3.conf
1 directory, 3 files
其中主配置文件为/etc/powerdns/pdns.conf, 配置文件内容如下
config-dir=/etc/powerdns
include-dir=/etc/powerdns/pdns.d
launch=
security-poll-suffix=
setgid=pdns
setuid=pdns
其它配置在文件/etc/powerdns/pdns.d/pdns.local.conf文件中, 内容如下
slave=yes
api=yes
api-key=changeme
webserver-address=0.0.0.0
webserver-allow-from=127.0.0.1,10.0.0.0/8
默认所有的Slave使用sqlite做为backend, 配置文件为/etc/powerdns/pdns.d/pdns.local.gsqlite3.conf配置文件内容如下:
# Configuration for gsqlite
#
# Launch gsqlite3
launch+=gsqlite3
# Database location
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
1.1.2 PowerDNS-Admin
根据git仓库的有关信息使用docker-compose启动powerdns-admin
- 创建目录并clone代码到本地
mkdir -p /data/docker
cd /data/docker
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git
- 创建数据库
CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'pdnsadminuser';
FLUSH PRIVILEGES;
- 编辑
docker-compose.yml, 主要修改连接的数据库信息其它的不需要改动
version: "3"
services:
app:
image: ngoduykhanh/powerdns-admin:latest
container_name: powerdns_admin
ports:
- "9191:80"
logging:
driver: json-file
options:
max-size: 50m
network_mode: bridge
environment:
- SQLALCHEMY_DATABASE_URI=mysql://pdnsadminuser:pdnsadminuser@localhost/powerdnsadmin
- GUINCORN_TIMEOUT=60
- GUNICORN_WORKERS=2
- GUNICORN_LOGLEVEL=DEBUG
- 启动
docker-compose up -d
- web浏览器访问
powerdns-admin 安装完成以后需要注册一个用户, 第一个注册的用户为管理员
-
配置PDNS Authoritative Server API地址
PDNS API URLYour PowerDNS API URL (eg. http://127.0.0.1:8081/).
PDNS API KEYYour PowerDNS API key.PDNS VERSIONYour PowerDNS version number (eg. 4.1.1).
10.1.3 PowerDNS Recursor
PowerDNS Recursor - version 4.3.X
# yum install epel-release yum-plugin-priorities
# curl -o /etc/yum.repos.d/powerdns-rec-42.repo https://repo.powerdns.com/repo-files/centos-rec-42.repo
# yum install pdns-recursor
# systemctl restart pdns-recursor.service
# systemctl enable pdns.service
由于本地网络不能访问Internet所以手动下载对应的软件包, 上传至服务器手动安装部署
wget https://repo.powerdns.com/centos/x86_64/7/rec-42/pdns-recursor-4.2.1-1pdns.el7.x86_64.rpm
rpm -ivh pdns-recursor-4.2.1-1pdns.el7.x86_64.rpm
Configuration
Powerdns Recursor的配置文件为/etc/pdns-recursor/recursor.conf
旧版本的配置文件可能是
/etc/powerdns/recursor.conf
config-dir=/etc/powerdns
hint-file=/usr/share/dns/root.hints
include-dir=/var/lib/powerdns/recursor
local-address=127.0.0.1
max-cache-ttl=60
quiet=yes
setgid=pdns
setuid=pdns
配置forward-zones
/etc/powerdns/recursor.conf的配置文件中配置include-dir=/var/lib/powerdns/recursor这个自定义的目录,所有forward-zones的相关配置全部放到这个目录中
mkdir -p /var/lib/powerdns/recursor
cd /var/lib/powerdns/recursor
将svc.example.com 的解析请求全部转发到Master或者Slave的主机上, 以下10.75.35.99是一个master
touch zone-svc.example.com.conf
cat zone-svc.example.com.conf
# Generated by pdns-recursor REST API, DO NOT EDIT
forward-zones+=svc.example.com.=10.75.35.99:53
以下为将所有不是svc.example.com的解析请求全部转发到阿里云的内网DNS上
cat zone-=2E.conf
# Generated by pdns-recursor REST API, DO NOT EDIT
forward-zones-recurse+=.=100.100.2.136:53;100.100.2.138:53
注意前缀+号的作用有待进一步测试
使用Ansible部署
待续
网友评论