自建 DNS 解析利器:PowerDNS+PowerDNS-Webinterface

/ 0评 / 0

介绍
PowerDNS 支持的一些特性: EDNS Client Subnet、DNSSEC、GEODNS、IPv6 等
同时 PowerDNS 支持超多的解析记录种类: A、AAAA、AFSDB、ALIAS(ANAME)、CAA、CERT、CDNSKEY、CDS、CNAME、DNSKEY、DNAME、DS、HINFO、KEY、LOC、MX、NAPTR、NS、NSEC、NSEC3、NSEC3PARAM、OPENPGPKEY、PTR、RP、RRSIG、SOA、SPF、SSHFP、SRV、TKEY、TSIG、TLSA、TXT、URI 等
至于 Web 前端,PowerDNS 官方推荐的是自家的 PowerAdmin,然后我比对了一下,都是万年不更新,但是 PowerAdmin UI 保持上世纪末期的风格,PowerDNS-Webinterface 好很多,同样水准下,当然是选择了更好看的后者啊。

工具
PowerDNS:https://www.powerdns.com
PowerDNS-Webinterface:https://github.com/Spacefish/powerdns-webinterface
其它前端 PowerAdmin:http://www.poweradmin.org

参考
http://arstech.net/install-powerdns-and-powerdns-webinterface-on-centos/
拓展
https://guozeyu.com/2016/08/self-host-dns/

环境

Centos6 x64
PHP 5.6
Apache
MariaDB 10+

本文章一切都是在为实现 rDNS 反向解析功能前提下进行的,并没有测试其它功能,不保证文章所述可以完全保证其它功能的使用。

PowerDNS 部分

安装 PowerDNS Mysql 版本

yum install -y epel
yum install -y pdns pdns-backend-mysql

修改配置文件 /etc/pdns/pdns.conf 我贴的是改好的,你只需要改配置文件底部的 Mysql 信息

setuid=pdns
setgid=pdns
launch=bind
<span class="hljs-meta">#</span><span class="bash"> Autogenerated configuration file template</span>
<span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> add-superfluous-nsec3-for-old-bind    Add superfluous NSEC3 record to positive wildcard response</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> add-superfluous-nsec3-for-old-bind=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> allow-axfr-ips    Allow zonetransfers only to these subnets</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> allow-axfr-ips=0.0.0.0/0,::/0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> allow-recursion    List of subnets that are allowed to recurse</span>
<span class="hljs-meta">#</span>
allow-recursion=0.0.0.0/0
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> any-to-tcp    Answer ANY queries with tc=1, shunting to TCP</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> any-to-tcp=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> cache-ttl    Seconds to store packets <span class="hljs-keyword">in</span> the PacketCache</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> cache-ttl=20</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> chroot    If <span class="hljs-built_in">set</span>, chroot to this directory <span class="hljs-keyword">for</span> more security</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> chroot=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> config-dir    Location of configuration directory (pdns.conf)</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> config-dir=/usr/<span class="hljs-built_in">local</span>/etc</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> config-name    Name of this virtual configuration - will rename the binary image</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> config-name=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> control-console    Debugging switch - don’t use</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> control-console=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> daemon    Operate as a daemon</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> daemon=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-ksk-algorithms    Default KSK algorithms</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-ksk-algorithms=rsasha256</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-ksk-size    Default KSK size (0 means default)</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-ksk-size=0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-soa-mail    mail address to insert <span class="hljs-keyword">in</span> the SOA record <span class="hljs-keyword">if</span> none <span class="hljs-built_in">set</span> <span class="hljs-keyword">in</span> the backend</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-soa-mail=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-soa-name    name to insert <span class="hljs-keyword">in</span> the SOA record <span class="hljs-keyword">if</span> none <span class="hljs-built_in">set</span> <span class="hljs-keyword">in</span> the backend</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-soa-name=a.misconfigured.powerdns.server</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-ttl    Seconds a result is valid <span class="hljs-keyword">if</span> not <span class="hljs-built_in">set</span> otherwise</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-ttl=3600</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-zsk-algorithms    Default ZSK algorithms</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-zsk-algorithms=rsasha256</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> default-zsk-size    Default KSK size (0 means default)</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> default-zsk-size=0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> direct-dnskey    Fetch DNSKEY RRs from backend during DNSKEY synthesis</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> direct-dnskey=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">disable</span>-axfr    Disable zonetransfers but <span class="hljs-keyword">do</span> allow TCP queries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">disable</span>-axfr=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">disable</span>-tcp    Do not listen to TCP queries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">disable</span>-tcp=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> distributor-threads    Default number of Distributor (backend) threads to start</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> distributor-threads=3</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-keyword">do</span>-ipv6-additional-processing    Do AAAA additional processing</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-keyword">do</span>-ipv6-additional-processing=yes</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> edns-subnet-option-number    EDNS option number to use</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> edns-subnet-option-number=20730</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> edns-subnet-processing    If we should act on EDNS Subnet options</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> edns-subnet-processing=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> entropy-source    If <span class="hljs-built_in">set</span>, <span class="hljs-built_in">read</span> entropy from this file</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> entropy-source=/dev/urandom</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> experimental-json-interface    If the webserver should serve JSON data</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> experimental-json-interface=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> experimental-logfile    Filename of the <span class="hljs-built_in">log</span> file <span class="hljs-keyword">for</span> JSON parser</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> experimental-logfile=/var/<span class="hljs-built_in">log</span>/pdns.log</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> fancy-records    Process URL and MBOXFW records</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> fancy-records=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> guardian    Run within a guardian process</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> guardian=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> include-dir    Include .conf files from this directory</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> include-dir=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> launch    Which backends to launch and order to query them <span class="hljs-keyword">in</span></span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> launch=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> load-modules    Load this module - supply absolute or relative path</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> load-modules=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">local</span>-address    Local IP addresses to <span class="hljs-built_in">which</span> we <span class="hljs-built_in">bind</span></span>
<span class="hljs-meta">#</span>
local-address=0.0.0.0
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">local</span>-ipv6    Local IP address to <span class="hljs-built_in">which</span> we <span class="hljs-built_in">bind</span></span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">local</span>-ipv6=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">local</span>-port    The port on <span class="hljs-built_in">which</span> we listen</span>
<span class="hljs-meta">#</span>
local-port=53
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-dns-details    If PDNS should <span class="hljs-built_in">log</span> DNS non-erroneous details</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-dns-details=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-dns-queries    If PDNS should <span class="hljs-built_in">log</span> all incoming DNS queries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-dns-queries=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-failed-updates    If PDNS should <span class="hljs-built_in">log</span> failed update requests</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> <span class="hljs-built_in">log</span>-failed-updates=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> logging-facility    Log under a specific facility</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> logging-facility=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> loglevel    Amount of logging. Higher is more. Do not <span class="hljs-built_in">set</span> below 3</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> loglevel=4</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> lua-prequery-script    Lua script with prequery handler</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> lua-prequery-script=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> master    Act as a master</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> master=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> max-cache-entries    Maximum number of cache entries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> max-cache-entries=1000000</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> max-ent-entries    Maximum number of empty non-terminals <span class="hljs-keyword">in</span> a zone</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> max-ent-entries=100000</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> max-nsec3-iterations    Limit the number of NSEC3 <span class="hljs-built_in">hash</span> iterations</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> max-nsec3-iterations=500</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> max-queue-length    Maximum queuelength before considering situation lost</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> max-queue-length=5000</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> max-tcp-connections    Maximum number of TCP connections</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> max-tcp-connections=10</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> module-dir    Default directory <span class="hljs-keyword">for</span> modules</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> module-dir=/usr/<span class="hljs-built_in">local</span>/lib</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> negquery-cache-ttl    Seconds to store negative query results <span class="hljs-keyword">in</span> the QueryCache</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> negquery-cache-ttl=60</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> no-shuffle    Set this to prevent random shuffling of answers - <span class="hljs-keyword">for</span> regression testing</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> no-shuffle=off</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> out-of-zone-additional-processing    Do out of zone additional processing</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> out-of-zone-additional-processing=yes</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> overload-queue-length    Maximum queuelength moving to packetcache only</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> overload-queue-length=0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> pipebackend-abi-version    Version of the pipe backend ABI</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> pipebackend-abi-version=1</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> prevent-self-notification    Don’t send notifications to what we think is ourself</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> prevent-self-notification=yes</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> query-cache-ttl    Seconds to store query results <span class="hljs-keyword">in</span> the QueryCache</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> query-cache-ttl=20</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> query-local-address    Source IP address <span class="hljs-keyword">for</span> sending queries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> query-local-address=0.0.0.0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> query-local-address6    Source IPv6 address <span class="hljs-keyword">for</span> sending queries</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> query-local-address6=::</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> query-logging    Hint backends that queries should be logged</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> query-logging=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> queue-limit    Maximum number of milliseconds to queue a query</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> queue-limit=1500</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> receiver-threads    Default number of receiver threads to start</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> receiver-threads=1</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> recursive-cache-ttl    Seconds to store packets <span class="hljs-keyword">for</span> recursive queries <span class="hljs-keyword">in</span> the PacketCache</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> recursive-cache-ttl=10</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> recursor    If recursion is desired, IP address of a recursing nameserver</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> recursor=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> retrieval-threads    Number of AXFR-retrieval threads <span class="hljs-keyword">for</span> slave operation</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> retrieval-threads=2</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> security-poll-suffix    Domain name from <span class="hljs-built_in">which</span> to query security update notifications</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> security-poll-suffix=secpoll.powerdns.com.</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> send-root-referral    Send out old-fashioned root-referral instead of ServFail <span class="hljs-keyword">in</span> <span class="hljs-keyword">case</span> of no authority</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> send-root-referral=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> server-id    Returned when queried <span class="hljs-keyword">for</span> ’server.id’ TXT or NSID, defaults to hostname</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> server-id=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> setgid    If <span class="hljs-built_in">set</span>, change group id to this gid <span class="hljs-keyword">for</span> more security</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> setgid=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> setuid    If <span class="hljs-built_in">set</span>, change user id to this uid <span class="hljs-keyword">for</span> more security</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> setuid=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> signing-threads    Default number of signer threads to start</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> signing-threads=3</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> slave    Act as a slave</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> slave=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> slave-cycle-interval    Reschedule failed SOA serial checks once every .. seconds</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> slave-cycle-interval=60</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> slave-renotify    If we should send out notifications <span class="hljs-keyword">for</span> slaved updates</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> slave-renotify=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> smtpredirector    Our smtpredir MX host</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> smtpredirector=a.misconfigured.powerdns.smtp.server</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> soa-expire-default    Default SOA expire</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> soa-expire-default=604800</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> soa-minimum-ttl    Default SOA minimum ttl</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> soa-minimum-ttl=3600</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> soa-refresh-default    Default SOA refresh</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> soa-refresh-default=10800</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> soa-retry-default    Default SOA retry</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> soa-retry-default=3600</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> soa-serial-offset    Make sure that no SOA serial is less than this number</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> soa-serial-offset=0</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> socket-dir    Where the controlsocket will live</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> socket-dir=/var/run</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-address    If <span class="hljs-built_in">set</span>, PowerDNS can be controlled over TCP on this address</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-address=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-port    If <span class="hljs-built_in">set</span>, PowerDNS can be controlled over TCP on this address</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-port=53000</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-range    If <span class="hljs-built_in">set</span>, remote control of PowerDNS is possible over these networks only</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-secret    If <span class="hljs-built_in">set</span>, PowerDNS can be controlled over TCP after passing this secret</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> tcp-control-secret=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> traceback-handler    Enable the traceback handler (Linux only)</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> traceback-handler=yes</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> trusted-notification-proxy    IP address of incoming notification proxy</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> trusted-notification-proxy=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> urlredirector    Where we send hosts to that need to be url redirected</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> urlredirector=127.0.0.1</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> version-string    PowerDNS version <span class="hljs-keyword">in</span> packets - full, anonymous, powerdns or custom</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> version-string=full</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> webserver    Start a webserver <span class="hljs-keyword">for</span> monitoring</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> webserver=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> webserver-address    IP Address of webserver to listen on</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> webserver-address=127.0.0.1</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> webserver-password    Password required <span class="hljs-keyword">for</span> accessing the webserver</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> webserver-password=</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> webserver-port    Port of webserver to listen on</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> webserver-port=8081</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> webserver-print-arguments    If the webserver should <span class="hljs-built_in">print</span> arguments</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> webserver-print-arguments=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> wildcard-url    Process URL and MBOXFW records</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> wildcard-url=no</span>
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">################################</span></span>
<span class="hljs-meta">#</span><span class="bash"> xfr-max-received-mbytes    Maximum number of megabytes received from an incoming AXFR</span>
<span class="hljs-meta">#</span>
<span class="hljs-meta">#</span><span class="bash"> xfr-max-received-mbytes=100</span>

launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=password
gmysql-dbname=powerdns

接着我们登录 mysql,创建一个名为 powerdns 的用户以及数据库,并导入以下数据

CREATE TABLE domains ( id                    INT AUTO_INCREMENT,
 name                  VARCHAR(255) NOT NULL,
 master                VARCHAR(128) DEFAULT NULL,
 last_check            INT DEFAULT NULL,
 type                  VARCHAR(6) NOT NULL,
 notified_serial       INT DEFAULT NULL,
 account               VARCHAR(40) DEFAULT NULL,
 PRIMARY KEY (id)
 ) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
 id                    INT AUTO_INCREMENT,
 domain_id             INT DEFAULT NULL,
 name                  VARCHAR(255) DEFAULT NULL,
 type                  VARCHAR(10) DEFAULT NULL,
 content               VARCHAR(64000) DEFAULT NULL,
 ttl                   INT DEFAULT NULL,
 prio                  INT DEFAULT NULL,
 change_date           INT DEFAULT NULL,
 disabled              TINYINT(1) DEFAULT 0,
 ordername             VARCHAR(255) BINARY DEFAULT NULL,
 auth                  TINYINT(1) DEFAULT 1,
 PRIMARY KEY (id)
 ) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
 CREATE INDEX domain_id ON records(domain_id);
 CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
 ip                    VARCHAR(64) NOT NULL,
 nameserver            VARCHAR(255) NOT NULL,
 account               VARCHAR(40) NOT NULL,
 PRIMARY KEY (ip, nameserver)
 ) Engine=InnoDB;
CREATE TABLE comments (
 id                    INT AUTO_INCREMENT,
 domain_id             INT NOT NULL,
 name                  VARCHAR(255) NOT NULL,
 type                  VARCHAR(10) NOT NULL,
 modified_at           INT NOT NULL,
 account               VARCHAR(40) NOT NULL,
 comment               VARCHAR(64000) NOT NULL,
 PRIMARY KEY (id)
 ) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
 CREATE INDEX comments_name_type_idx ON comments (name, type);
 CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
 id                    INT AUTO_INCREMENT,
 domain_id             INT NOT NULL,
 kind                  VARCHAR(32),
 content               TEXT,
 PRIMARY KEY (id)
 ) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
 id                    INT AUTO_INCREMENT,
 domain_id             INT NOT NULL,
 flags                 INT NOT NULL,
 active                BOOL,
 content               TEXT,
 PRIMARY KEY(id)
 ) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
 id                    INT AUTO_INCREMENT,
 name                  VARCHAR(255),
 algorithm             VARCHAR(50),
 secret                VARCHAR(255),
 PRIMARY KEY (id)
 ) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

下载 PowerDNS-Webinterface,导入文件夹内包含的 install.sql 文件,在进行前端数据库导入的时候,可能会出现 1 个 mysql 报错,忽略掉,不影响本文章功能实现的使用
到这里,PowerDNS 部署部分完成,我们使用下面的命令设置开机自启,以及立即启动 PowerDNS

chkconfig —levels 235 pdns on
/etc/init.d/pdns start

可以顺便验证下 PowerDNS 服务是否正常启动

netstat -an | grep 53
cat /var/log/messages //如果没有启动 检查日志

PowerDNS-Webinterface 部分

进入搭建好的 Web 环境根目录,导入 PowerDNS-Webinterface 中 / web 内的所有内容,并修改 \ configs\db.php 中的 mysql 信息

<?php

/**
  Please insert your MySQL Database in this configfile!
 */
<span class="hljs-meta">$</span><span class="bash">cfg[‘db’] = array(</span>
    ”default” => array(
        ”host” => ”localhost”,
        ”port” => 3306,
        ”username” => ”powerdns”,
        ”password” => ”password”,
        ”database” => ”powerdns”,
    )
);

删除安全文件,并设置 templates_c 文件夹权限

rm -rf web\tmp\templates_c\DELETEME
chmod 777 \web\tmp\templates_c\

这时候访问你搭建好的 PowerDNS-Webinterface,账号密码 admin/admin,登录后马上更改默认密码

设置 PTR 解析部分

切换至 Domains 菜单,添加你需要设置 rDNS 的 IP 段在解析记录中添加下面的内容

图中 ID 801-803 是示例 PTR 记录
这时可以使用 nslookup 来看效果

大功告成。
转自:https://ccav.me/self-built-dns-parsing-tool-powerdns-powerdnswebinterface.html

发表评论