PowerDNS + PowerDNS-Admin
1、基礎配置
1.1 環境說明
Centos 7.5.1804 PDNS 4.1.1 MariaDB 5.5.6
1.2 關閉防火牆和 selinux
setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service firewall-cmd --state
2、 安裝 MariaDB
2.1 安裝 MariaDB
1)更改存儲目錄php
mkdir -p /opt/data/mysql/{data,log}
vim /etc/my.cnf [mysqld] datadir=/opt/data/mysql/data socket=/opt/data/mysql/mysql.sock [mysqld_safe] log-error=/opt/data/mysql/log/mariadb.log pid-file=/opt/data/mysql/mariadb.pid
2)默認安裝的版本爲5.5css
#安裝
yum install -y epel-release yum-plugin-priorities yum install -y mariadb-server mariadb
#設置目錄權限
cd /opt/data/
chown -R mysql.mysql mysql/
#啓動 systemctl enable mariadb.service systemctl start mariadb.service
2.2 初始化
1)設置軟鏈接html
ln -s /opt/data/mysql/mysql.sock /var/lib/mysql/mysql.sock
由於改動了mysqld的sock的默認目錄,但mysql_client、mysql_secure_installation這些都沒改,因此作一個軟鏈接。node
2)設置root密碼python
mysql_secure_installation
回車,
y, #設置root密碼
root密碼,
重複root密碼,
y, #刪除匿名登入
y, #禁用root遠程登入
y, #刪除test庫
y #刷新權限
2.3 設置字符集
vim /etc/my.cnf [mysqld] init_connect='SET collation_connection = utf8_unicode_ci' init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_unicode_ci skip-character-set-client-handshake
vim /etc/my.cnf.d/client.cnf [client] default-character-set=utf8
vim /etc/my.cnf.d/mysql-clients.cnf [mysql] default-character-set=utf8
2.4 重啓 MariaDB
systemctl restart mariadb
再次登陸 MariaDB,查看字符集,發現已經是 utf8 了。mysql
mysql -uroot -p
show variables like "%character%";show variables like "%collation%";
exit
3、安裝 PowerDNS
3.1 安裝 PowerDNS
yum install -y pdns pdns-backend-mysql
PowerDNS 的配置文件位於 /etc/pdns/pdns.conflinux
3.2 新建數據庫
mysql -uroot -p CREATE DATABASE powerdns; GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'powerdns'; FLUSH PRIVILEGES;
3.3 建立數據庫表
use powerdns; CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); flush privileges; show databases; show tables;
exit
3.4 配置PowerDNS
cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak
vim /etc/pdns/pdns.conf
#ttl
default-ttl=300
# backend launch=gmysql gmysql-host=localhost gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=powerdns gmysql-password=powerdns # pdns API webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081 api=yes api-key=wmqpdns api-logfile=/var/log/pdns-api.log
# id
setgid=pdns
setuid=pdns
說明:default-ttl(默認 ttl 改成5分鐘)和 launch 兩個參數是修改,其餘都爲添加。nginx
3.5 開機啓動
systemctl enable pdns.service
systemctl start pdns.service
systemctl status pdns.service
查看808一、53兩個端口git
netstat -tulnp|grep pdns_server tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 18847/pdns_server tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 18847/pdns_server tcp6 0 0 :::53 :::* LISTEN 18847/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 18847/pdns_server udp6 0 0 :::53 :::* 18847/pdns_server
4、安裝PowerDNS-Admin
4.1 安裝python3.6 + pip
yum install -y epel-release yum install -y https://centos7.iuscommunity.org/ius-release.rpm yum install -y python36u python36u-devel python36u-pip pip3.6 install -U pip pip install -U virtualenv rm -f /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python3
4.2 安裝構建python庫所需包
1)若是使用 Centos 默認的 mariadb 5.5 版本,安裝以下:github
yum install -y gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
2)若是使用mariadb 10.x 版本,安裝以下:
yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
4.3 安裝 Nodejs 10
curl -sL https://rpm.nodesource.com/setup_10.x | bash - curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo yum install -y yarn
4.4 建立python3 virtualenv環境
yum install -y git
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin cd /opt/web/powerdns-admin virtualenv -p python3 flask
激活 python3 環境並安裝python庫(後續操做都是基於python3 環境下操做)
source ./flask/bin/activate pip install python-dotenv pip install -r requirements.txt
下載的包臨時存放在 /root/.cache/pip/wheels 目錄下。
4.5 建立數據庫
mysql -u root -p CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd'; FLUSH PRIVILEGES;
exit
4.6 配置 config.py
cp config_template.py config.py
vim config.py
#地址改爲0.0.0.0 BIND_ADDRESS = '0.0.0.0' # 配置數據庫鏈接信息,庫/用戶/密碼是以前手動建立的,不是pdns數據庫 SQLA_DB_USER = 'pdnsadminuser' SQLA_DB_PASSWORD = 'p4ssw0rd' SQLA_DB_HOST = 'localhost' SQLA_DB_NAME = 'powerdnsadmin' # 開啓MySQL # DATABASE - MySQL SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+':'+str(SQLA_DB_PORT)+'/'+SQLA_DB_NAME # 註釋sqlite # DATABASE - SQLite # SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
4.7 建立表並建立資產文件
一、建立表
export FLASK_APP=app/__init__.py
flask db upgrade
報以下錯:
Traceback (most recent call last): File "/opt/web/powerdns-admin/flask/bin/flask", line 10, in <module> sys.exit(main()) File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 894, in main cli.main(args=args, prog_name=name) File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 557, in main return super(FlaskGroup, self).main(*args, **kwargs) File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/core.py", line 696, in main _verify_python3_env() File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/_unicodefun.py", line 124, in _verify_python3_env ' mitigation steps.' + extra RuntimeError: Click will abort further execution because Python 3 was configured to use ASCII as encoding for the environment. Consult https://click.palletsprojects.com/en/7.x/python3/ for mitigation steps. This system lists a couple of UTF-8 supporting locales that you can pick from. The following suitable locales were discovered: en_US.utf8
解決:
export LC_ALL=en_US.utf8
二、建立資產文件
yarn install --pure-lockfile flask assets build
4.8 啓動
./run.py
訪問PowerDNS-Admin Web界面:http://192.168.159.128:9191
一、先註冊用戶,第一個用戶將處於管理員角色。
二、第一次登陸時,將被重定向到設置頁面以配置PDNS API信息。
#填入在/etc/pdns/pdns.cof配置的API信息:
PDNS API URL:http://127.0.0.1:8081 PDNS API KEY:wmqpdns
4.9 配置systemd服務
使用systemd管理PowerDNS-Admin
vim /usr/lib/systemd/system/powerdns-admin.service
[Unit] Description=PowerDNS-Admin After=network.target [Service] User=root Group=root WorkingDirectory=/opt/web/powerdns-admin ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app [Install] WantedBy=multi-user.target
啓動Powerdns-Admin服務並將其設置爲在啓動時啓動:
systemctl daemon-reload systemctl start powerdns-admin systemctl enable powerdns-admin
能夠運行systemctl status powerdns-admin命令確認狀態是否正在運行,沒問題的話會返回相關的成功信息。
systemctl status powerdns-admin
4.10 安裝nginx
yum install -y nginx
配置nginx
vim /etc/nginx/conf.d/powerdns-admin.conf
server { listen *:80; server_name 192.168.159.128; index index.html index.htm index.php; root /opt/web/powerdns-admin; access_log /var/log/nginx/powerdns-admin.local.access.log combined; error_log /var/log/nginx/powerdns-admin.local.error.log; client_max_body_size 10m; client_body_buffer_size 128k; proxy_redirect off; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k; proxy_buffer_size 8k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_headers_hash_bucket_size 64; location ~ ^/static/ { include /etc/nginx/mime.types; root /opt/web/powerdns-admin/app; location ~* \.(jpg|jpeg|png|gif)$ { expires 365d; } location ~* ^.+.(css|js)$ { expires 7d; } } location / { proxy_pass http://unix:/opt/web/powerdns-admin/powerdns-admin.sock; proxy_read_timeout 120; proxy_connect_timeout 120; proxy_redirect off; } }
啓動nginx
nginx -t
systemctl restart nginx
systemctl enable nginx
瀏覽器訪問 192.168.159.128 便可打開powerdns-admin登入頁
注意:若是添加 new domain 時候提示 400 錯誤,應該是添加的域名格式不對(可能後面有空格)。
4.11 集成OpenLADP
LDAP URI : ldap://192.168.159.130:389 LDAP Base DN : ou=People,dc=wmqe,dc=com LDAP admin username : cn=admin,dc=wmqe,dc=com LDAP admin password : •••••••• Basic filter : (objectClass=inetOrgPerson) Username field : cn
或者:ldaps://192.168.159.130:636
5、提供域名解析服務
配置子域名解析,可直接在公網生效,不用在本地指定DNS地址。經過配置NS記錄做爲子域名向外提供服務,後續將三級子域名設置爲DNS提供域名解析。
5.1 註冊域名,並配置解析記錄
因NS記錄不能直接指定IP,需先配置A記錄,再配置NS記錄。
1)註冊域名 wmqxxxxx.com
2)配置A記錄,指定到pdns的外網IP(確保53端口的tcp,udp協議都開放)
pdns.wmqxxxxx.com --> 54.223.118.175
3)配置NS記錄,指定到前面建立的A記錄
prod.wmqxxxxx.com --> pdns.wmqxxxxx.com
5.2 配置pdnsadmin
1)添加domain
添加以前NS記錄做爲domain:prod.wmqxxxxx.com
2)添加A記錄解析(記得要點右上角的Apply Changes)
pdnsadmin -> 172.31.57.1
3)這樣就能夠經過 pdnsadmin.prod.wmqxxxxx.com 這個域名訪問內網172.31.57.1地址的服務了,用dig命令測試下效果:
dig pdnsadmin.prod.wmqxxxxx.com
; <<>> DiG 9.13.7 <<>> pdnsadmin.prod.wmqxxxxx.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52112 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 19 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pdnsadmin.prod.wmqxxxxx.com. IN A ;; ANSWER SECTION: pdnsadmin.prod.wmqxxxxx.com. 46 IN A 172.31.57.1 ;; AUTHORITY SECTION: wmqxxxxx.com. 169277 IN NS dns10.hichina.com. wmqxxxxx.com. 169277 IN NS dns9.hichina.com. ;; ADDITIONAL SECTION: dns9.hichina.com. 18845 IN A 140.205.81.15 dns9.hichina.com. 18845 IN A 140.205.81.25 dns9.hichina.com. 18845 IN A 106.11.141.115 dns9.hichina.com. 18845 IN A 106.11.141.125 dns9.hichina.com. 18845 IN A 106.11.211.55 dns9.hichina.com. 18845 IN A 106.11.211.65 dns9.hichina.com. 18845 IN A 140.205.41.15 dns9.hichina.com. 18845 IN A 140.205.41.25 dns9.hichina.com. 18845 IN AAAA 2400:3200:2000:28::1 dns10.hichina.com. 18845 IN A 140.205.81.26 dns10.hichina.com. 18845 IN A 106.11.141.116 dns10.hichina.com. 18845 IN A 106.11.141.126 dns10.hichina.com. 18845 IN A 106.11.211.56 dns10.hichina.com. 18845 IN A 106.11.211.66 dns10.hichina.com. 18845 IN A 140.205.41.16 dns10.hichina.com. 18845 IN A 140.205.41.26 dns10.hichina.com. 18845 IN A 140.205.81.16 dns10.hichina.com. 18845 IN AAAA 2400:3200:2000:29::1 ;; Query time: 22 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Jul 12 11:20:07 中國標準時間 2019 ;; MSG SIZE rcvd: 432
參考
官網倉庫:https://github.com/ngoduykhanh/PowerDNS-Admin
官網安裝 MariaDB wiki:https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin
官網安裝 PowerDNS-Admin wiki:https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
其餘連接:https://windyboy.github.io/post/2017/10/setup-powerdns-authoritative-with-dnssec/
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 外部其他進程嵌入到qt FindWindow獲得窗口句柄 報錯無法鏈接的外部符號 [email protected] 無法被([email protected]@[email protected]@@引用
- 2. UVa 11524 - InCircle
- 3. The Monocycle(bfs)
- 4. VEC-C滑窗
- 5. 堆排序的應用-TOPK問題
- 6. 實例演示ElasticSearch索引查詢term,match,match_phase,query_string之間的區別
- 7. 數學基礎知識 集合
- 8. amazeUI 復擇框問題解決
- 9. 揹包問題理解
- 10. 算數平均-幾何平均不等式的證明,從麥克勞林到柯西
歡迎關注本站公眾號,獲取更多信息
