介绍:
PowerDNS 支持的一些特性: EDNS Client Subnet、DNSSEC、GEODNS、IPv6 等
同时 PowerDNS 支持超多的解析记录种类: A、AAAA、AFSDB、ALIAS(ANAME)、CAA、CERT、CDNSKEY、CDS、CNAME、DNSKEY、DNAME、DS、HINFO、KEY、LOC、MX、NAPTR、NS、NSEC、NSEC3、NSEC3PARAM、OPENPGPKEY、PTR、RP、RRSIG、SOA、SPF、SSHFP、SRV、TKEY、TSIG、TLSA、TXT、URI 等
至于 Web 前端,PowerDNS 官方推荐的是自家的 PowerAdmin,然后我比对了一下,都是万年不更新,但是 PowerAdmin UI 保持上世纪末期的风格,PowerDNS-Webinterface 好很多,同样水准下,当然是选择了更好看的后者啊。
工具:
PowerDNS:https://www.powerdns.com
PowerDNS-Webinterface:https://github.com/Spacefish/powerdns-webinterface
其它前端 PowerAdmin:http://www.poweradmin.org
参考:
http://arstech.net/install-powerdns-and-powerdns-webinterface-on-centos/
拓展:
https://guozeyu.com/2016/08/self-host-dns/
环境:
Centos6 x64
PHP 5.6
Apache
MariaDB 10+
本文章一切都是在为实现 rDNS 反向解析功能前提下进行的,并没有测试其它功能,不保证文章所述可以完全保证其它功能的使用。
PowerDNS 部分
安装 PowerDNS Mysql 版本
yum install -y epel
yum install -y pdns pdns-backend-mysql修改配置文件 /etc/pdns/pdns.conf 我贴的是改好的,你只需要改配置文件底部的 Mysql 信息
setuid=pdns
setgid=pdns
launch=bind
# Autogenerated configuration file template
#################################
# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response
#
# add-superfluous-nsec3-for-old-bind=no
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
#
# allow-axfr-ips=0.0.0.0/0,::/0
#################################
# allow-recursion List of subnets that are allowed to recurse
#
allow-recursion=0.0.0.0/0
#################################
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=no
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
# cache-ttl=20
#################################
# chroot If set, chroot to this directory for more security
#
# chroot=
#################################
# config-dir Location of configuration directory (pdns.conf)
#
# config-dir=/usr/local/etc
#################################
# config-name Name of this virtual configuration - will rename the binary image
#
# config-name=
#################################
# control-console Debugging switch - don’t use
#
# control-console=no
#################################
# daemon Operate as a daemon
#
# daemon=no
#################################
# default-ksk-algorithms Default KSK algorithms
#
# default-ksk-algorithms=rsasha256
#################################
# default-ksk-size Default KSK size (0 means default)
#
# default-ksk-size=0
#################################
# default-soa-mail mail address to insert in the SOA record if none set in the backend
#
# default-soa-mail=
#################################
# default-soa-name name to insert in the SOA record if none set in the backend
#
# default-soa-name=a.misconfigured.powerdns.server
#################################
# default-ttl Seconds a result is valid if not set otherwise
#
# default-ttl=3600
#################################
# default-zsk-algorithms Default ZSK algorithms
#
# default-zsk-algorithms=rsasha256
#################################
# default-zsk-size Default KSK size (0 means default)
#
# default-zsk-size=0
#################################
# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis
#
# direct-dnskey=no
#################################
# disable-axfr Disable zonetransfers but do allow TCP queries
#
# disable-axfr=no
#################################
# disable-tcp Do not listen to TCP queries
#
# disable-tcp=no
#################################
# distributor-threads Default number of Distributor (backend) threads to start
#
# distributor-threads=3
#################################
# do-ipv6-additional-processing Do AAAA additional processing
#
# do-ipv6-additional-processing=yes
#################################
# edns-subnet-option-number EDNS option number to use
#
# edns-subnet-option-number=20730
#################################
# edns-subnet-processing If we should act on EDNS Subnet options
#
# edns-subnet-processing=no
#################################
# entropy-source If set, read entropy from this file
#
# entropy-source=/dev/urandom
#################################
# experimental-json-interface If the webserver should serve JSON data
#
# experimental-json-interface=no
#################################
# experimental-logfile Filename of the log file for JSON parser
#
# experimental-logfile=/var/log/pdns.log
#################################
# fancy-records Process URL and MBOXFW records
#
# fancy-records=no
#################################
# guardian Run within a guardian process
#
# guardian=no
#################################
# include-dir Include .conf files from this directory
#
# include-dir=
#################################
# launch Which backends to launch and order to query them in
#
# launch=
#################################
# load-modules Load this module - supply absolute or relative path
#
# load-modules=
#################################
# local-address Local IP addresses to which we bind
#
local-address=0.0.0.0
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=
#################################
# local-port The port on which we listen
#
local-port=53
#################################
# log-dns-details If PDNS should log DNS non-erroneous details
#
# log-dns-details=
#################################
# log-dns-queries If PDNS should log all incoming DNS queries
#
# log-dns-queries=no
#################################
# log-failed-updates If PDNS should log failed update requests
#
# log-failed-updates=
#################################
# logging-facility Log under a specific facility
#
# logging-facility=
#################################
# loglevel Amount of logging. Higher is more. Do not set below 3
#
# loglevel=4
#################################
# lua-prequery-script Lua script with prequery handler
#
# lua-prequery-script=
#################################
# master Act as a master
#
# master=no
#################################
# max-cache-entries Maximum number of cache entries
#
# max-cache-entries=1000000
#################################
# max-ent-entries Maximum number of empty non-terminals in a zone
#
# max-ent-entries=100000
#################################
# max-nsec3-iterations Limit the number of NSEC3 hash iterations
#
# max-nsec3-iterations=500
#################################
# max-queue-length Maximum queuelength before considering situation lost
#
# max-queue-length=5000
#################################
# max-tcp-connections Maximum number of TCP connections
#
# max-tcp-connections=10
#################################
# module-dir Default directory for modules
#
# module-dir=/usr/local/lib
#################################
# negquery-cache-ttl Seconds to store negative query results in the QueryCache
#
# negquery-cache-ttl=60
#################################
# no-shuffle Set this to prevent random shuffling of answers - for regression testing
#
# no-shuffle=off
#################################
# out-of-zone-additional-processing Do out of zone additional processing
#
# out-of-zone-additional-processing=yes
#################################
# overload-queue-length Maximum queuelength moving to packetcache only
#
# overload-queue-length=0
#################################
# pipebackend-abi-version Version of the pipe backend ABI
#
# pipebackend-abi-version=1
#################################
# prevent-self-notification Don’t send notifications to what we think is ourself
#
# prevent-self-notification=yes
#################################
# query-cache-ttl Seconds to store query results in the QueryCache
#
# query-cache-ttl=20
#################################
# query-local-address Source IP address for sending queries
#
# query-local-address=0.0.0.0
#################################
# query-local-address6 Source IPv6 address for sending queries
#
# query-local-address6=::
#################################
# query-logging Hint backends that queries should be logged
#
# query-logging=no
#################################
# queue-limit Maximum number of milliseconds to queue a query
#
# queue-limit=1500
#################################
# receiver-threads Default number of receiver threads to start
#
# receiver-threads=1
#################################
# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache
#
# recursive-cache-ttl=10
#################################
# recursor If recursion is desired, IP address of a recursing nameserver
#
# recursor=no
#################################
# retrieval-threads Number of AXFR-retrieval threads for slave operation
#
# retrieval-threads=2
#################################
# security-poll-suffix Domain name from which to query security update notifications
#
# security-poll-suffix=secpoll.powerdns.com.
#################################
# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority
#
# send-root-referral=no
#################################
# server-id Returned when queried for ’server.id’ TXT or NSID, defaults to hostname
#
# server-id=
#################################
# setgid If set, change group id to this gid for more security
#
# setgid=
#################################
# setuid If set, change user id to this uid for more security
#
# setuid=
#################################
# signing-threads Default number of signer threads to start
#
# signing-threads=3
#################################
# slave Act as a slave
#
# slave=no
#################################
# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds
#
# slave-cycle-interval=60
#################################
# slave-renotify If we should send out notifications for slaved updates
#
# slave-renotify=no
#################################
# smtpredirector Our smtpredir MX host
#
# smtpredirector=a.misconfigured.powerdns.smtp.server
#################################
# soa-expire-default Default SOA expire
#
# soa-expire-default=604800
#################################
# soa-minimum-ttl Default SOA minimum ttl
#
# soa-minimum-ttl=3600
#################################
# soa-refresh-default Default SOA refresh
#
# soa-refresh-default=10800
#################################
# soa-retry-default Default SOA retry
#
# soa-retry-default=3600
#################################
# soa-serial-offset Make sure that no SOA serial is less than this number
#
# soa-serial-offset=0
#################################
# socket-dir Where the controlsocket will live
#
# socket-dir=/var/run
#################################
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-address=
#################################
# tcp-control-port If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-port=53000
#################################
# tcp-control-range If set, remote control of PowerDNS is possible over these networks only
#
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
#################################
# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret
#
# tcp-control-secret=
#################################
# traceback-handler Enable the traceback handler (Linux only)
#
# traceback-handler=yes
#################################
# trusted-notification-proxy IP address of incoming notification proxy
#
# trusted-notification-proxy=
#################################
# urlredirector Where we send hosts to that need to be url redirected
#
# urlredirector=127.0.0.1
#################################
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom
#
# version-string=full
#################################
# webserver Start a webserver for monitoring
#
# webserver=no
#################################
# webserver-address IP Address of webserver to listen on
#
# webserver-address=127.0.0.1
#################################
# webserver-password Password required for accessing the webserver
#
# webserver-password=
#################################
# webserver-port Port of webserver to listen on
#
# webserver-port=8081
#################################
# webserver-print-arguments If the webserver should print arguments
#
# webserver-print-arguments=no
#################################
# wildcard-url Process URL and MBOXFW records
#
# wildcard-url=no
#################################
# xfr-max-received-mbytes Maximum number of megabytes received from an incoming AXFR
#
# xfr-max-received-mbytes=100
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=password
gmysql-dbname=powerdns接着我们登录 mysql,创建一个名为 powerdns 的用户以及数据库,并导入以下数据
CREATE TABLE domains ( id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);下载 PowerDNS-Webinterface,导入文件夹内包含的 install.sql 文件,在进行前端数据库导入的时候,可能会出现 1 个 mysql 报错,忽略掉,不影响本文章功能实现的使用
到这里,PowerDNS 部署部分完成,我们使用下面的命令设置开机自启,以及立即启动 PowerDNS
chkconfig —levels 235 pdns on
/etc/init.d/pdns start可以顺便验证下 PowerDNS 服务是否正常启动
netstat -an | grep 53
cat /var/log/messages //如果没有启动 检查日志PowerDNS-Webinterface 部分
进入搭建好的 Web 环境根目录,导入 PowerDNS-Webinterface 中 / web 内的所有内容,并修改 \ configs\db.php 中的 mysql 信息
<?php
/**
Please insert your MySQL Database in this configfile!
*/
$cfg[‘db’] = array(
”default” => array(
”host” => ”localhost”,
”port” => 3306,
”username” => ”powerdns”,
”password” => ”password”,
”database” => ”powerdns”,
)
);删除安全文件,并设置 templates_c 文件夹权限
rm -rf web\tmp\templates_c\DELETEME
chmod 777 \web\tmp\templates_c\这时候访问你搭建好的 PowerDNS-Webinterface,账号密码 admin/admin,登录后马上更改默认密码
设置 PTR 解析部分
切换至 Domains 菜单,添加你需要设置 rDNS 的 IP 段在解析记录中添加下面的内容
