在 Linux 的平台上的 DNS 軟體 BIND 還是最多人使用,但有時想換個不同的 DNS 軟體嘗試看看 PowerDNS 是個不錯的選擇。安裝後,它利用瀏覽器來新增、刪除 DNS 的主機記錄。
一、PowerDNS 伺服器安裝設定
1.啟動 EPEL 套件:
yum install -y epel-release.noarch
2.安裝 mariadb,並設定開機啟動 mariadb
yum install -y mariadb-server mariadb
systemctl start mariadb.service
systemctl enable mariadb.service
3.設定 mariadb
mysql_secure_installation
4.安裝 PowerDNS 套件
yum install -y pdns pdns-backend-mysql
5.登入 mariadb Server,並建立一個db名稱為 powerdns
mysql -u root -p
建立 powerdns 資料庫:
MariaDB [(none)]> CREATE DATABASE powerdns CHARACTER SET utf8;
新增 db user: powerdns, password: pAssw0rd 並授予 powerdns 資料庫權限
MariaDB [(none)]> GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'pAssw0rd';
MariaDB [(none)]> GRANT ALL ON powerdns.* TO 'powerdns'@'powerdns' IDENTIFIED BY 'pAssw0rd';
MariaDB [(none)]> FLUSH PRIVILEGES;
6.新增 powerdns DB tables 及為提高PowerDNS 查詢資料庫的速度,可以為 TABLE 建立一些必要的索引
use powerdns;
CREATE TABLE users (
id INTEGER NOT NULL AUTO_INCREMENT,
username VARCHAR(64) NOT NULL,
`password` VARCHAR(128) NOT NULL,
fullname VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
description TEXT NOT NULL,
perm_templ TINYINT NOT NULL,
active TINYINT NOT NULL,
use_ldap TINYINT NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
START TRANSACTION;
INSERT INTO users ( id, username, `password`, fullname, email, description, perm_templ, active, use_ldap )
VALUES ( 1, 'admin', '', 'Administrator', 'admin@example.net', 'Administrator with full rights.', 1, 1, 0 );
COMMIT;
CREATE TABLE perm_items (
id INTEGER NOT NULL AUTO_INCREMENT,
name VARCHAR(64) NOT NULL,
descr TEXT NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
START TRANSACTION;
INSERT INTO perm_items ( id, name, descr ) VALUES ( 41, 'zone_master_add', 'User is allowed to add new master zones.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 42, 'zone_slave_add', 'User is allowed to add new slave zones.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 49, 'search', 'User is allowed to perform searches.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 50, 'supermaster_view', 'User is allowed to view supermasters.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 51, 'supermaster_add', 'User is allowed to add new supermasters.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 52, 'supermaster_edit', 'User is allowed to edit supermasters.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 54, 'user_view_others', 'User is allowed to see other users and their details.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 55, 'user_add_new', 'User is allowed to add new users.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 56, 'user_edit_own', 'User is allowed to edit their own details.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 57, 'user_edit_others', 'User is allowed to edit other users.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 60, 'templ_perm_add', 'User is allowed to add new permission templates.' );
INSERT INTO perm_items ( id, name, descr ) VALUES ( 61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.' );
COMMIT;
CREATE TABLE perm_templ (
id INTEGER NOT NULL AUTO_INCREMENT,
name VARCHAR(128) NOT NULL,
descr TEXT NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
START TRANSACTION;
INSERT INTO perm_templ ( id, name, descr )
VALUES ( 1, 'Administrator', 'Administrator template with full rights.' );
COMMIT;
CREATE TABLE perm_templ_items (
id INTEGER NOT NULL AUTO_INCREMENT,
templ_id INTEGER NOT NULL,
perm_id INTEGER NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
START TRANSACTION;
INSERT INTO perm_templ_items ( id, templ_id, perm_id )
VALUES ( 1, 1, 53 );
COMMIT;
CREATE TABLE zones (
id INTEGER NOT NULL AUTO_INCREMENT,
domain_id INTEGER NOT NULL,
owner INTEGER NOT NULL,
`comment` TEXT,
zone_templ_id INTEGER NOT NULL,
PRIMARY KEY (id),
KEY owner (owner)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE zone_templ (
id INTEGER NOT NULL AUTO_INCREMENT,
name VARCHAR(128) NOT NULL,
descr TEXT NOT NULL,
owner INTEGER NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE zone_templ_records (
id INTEGER NOT NULL AUTO_INCREMENT,
zone_templ_id INTEGER NOT NULL,
name VARCHAR(255) NOT NULL,
`type` VARCHAR(6) NOT NULL,
content VARCHAR(255) NOT NULL,
ttl INTEGER NOT NULL,
prio INTEGER NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE records_zone_templ (
domain_id INTEGER NOT NULL,
record_id INTEGER NOT NULL,
zone_templ_id INTEGER NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE migrations (
version VARCHAR(255) NOT NULL,
apply_time INTEGER NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains (name);
這裡的 records table 網路上有很多文章介紹時,都少了一個 disabled 欄位。造成查詢本機的 DNS 設定時無法解析本機的 DNS 記錄。
CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records (name,type);
CREATE INDEX domain_id ON records (domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys (domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys (name, algorithm);
MariaDB [powerdns]> quit;
7.配置 powerdns.conf 設定檔,在底部新增下列參數
修改 launch=bind ---> launch=gmysql
並增加:
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=pAssw0rd
gmysql-dbname=powerdns
#query-logging=yes
allow-recursion=127.0.0.1, 172.16.10.0/24, 192.168.0.0/16 #設定允許遞迥查詢內部網段
recursor=8.8.8.8 #設定處理遞迥查詢的 DNS 伺服器
8.啟動 powerdns,並設定開機啟動
systemctl start pdns.service
systemctl enable pdns.service
二、PowerDNS WEB管理套件安裝設定
9.安裝 PowerDNS admin 所需的相依套件
yum install -y httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext
10.安裝 PowerDNS admin 所需的 php pear 指令套件
yum install -y php-pear-DB php-pear-MDB2-Driver-mysql
11.啟動 apache,並設定開機啟動
systemctl start httpd.service
systemctl enable httpd.service
12.下載 PowerDNS admin source 安裝程式
cd /var/www/html
13.解壓縮下載的 PowerDNS source檔
tar -xvf poweradmin-2.1.7.tgz
ln -sf poweradmin-2.1.7 poweradmin
chown -R apache:apache /var/www/html/poweradmin/
14.利用瀏覽器開始設定 PowerDNS,網址列輸入
http://192.168.60.47/poweradmin/install
15.PowerDNS 設定 step1,選擇使用的語系(設定畫面沒有繁中可選)
16.PowerDNS 設定 step 2,宣告會清除剛才新增的 PowerDNS 資料庫內所有資料,但不會刪除 tables
直接按 --> go to step 3
17.PowerDNS 設定 step 3,輸入 db username、password、db name
18.PowerDNS 設定 step 4,新增一個使用者帳號,用於 Poweradmin 資料同步
19.PowerDNS 設定 step 5,新增使用者
這裡要使用 SSH 連線工具登入 PowerDNS 主機上的 mariadb:
mysql -u root -p
新增同步、更新、刪除 DNS 資料的帳號:
MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'powermain'@'localhost' IDENTIFIED BY 'pAssw0rd';
完成後,按 --> go to step 6
20.PowerDNS 設定 step 6,使用 SSH 連線工具登入 PowerDNS 主機,手動在 PowerDNS 新增一個 config.inc.php,
cd /var/www/html/powerdns/inc
mv config-me.inc.php config.inc.php
vi config.inc.php
依下列的訊息,修改 config.inc.php 檔案:
內容:
$db_host = 'localhost';
$db_port = '';
$db_user = 'powermain';
$db_pass = 'pAssw0rd';
$db_name = 'powerdns';
$db_type = 'mysql';
$db_layer = 'PDO';
$session_key = '40b8z0lJd}VntE_aiDlt27_dsnzK+AoyTth{_$*Yder@sd';
$iface_lang = 'en_EN';
$dns_hostmaster = 'powerdns.ddns.net';
$dns_ns1 = 'ns1.powerdns.ddns.net';
$dns_ns2 = 'ns2.powerdns.ddns.net ';
完成後按 go to step 7 就可以關閉設定畫面。
21.啟用 dynamic DNS 更新權限
cd /var/www/html/poweradmin
cp install/htaccess.dist .htaccess
22.修改 httpd.conf,開啟 mod_rewrite
vi /etc/httpd/conf.modules.d/00-base.conf
確認 Apache 有載入 mod_rewrite 模組:
LoadModule rewrite_module modules/mod_rewrite.so
23.刪除 install 目錄
rm -rf /var/www/html/poweradmin/install/
24.登入 PowerDNS 管理介面
http://192.168.60.47/poweradmin
登入 PowerDNS 管理網頁,username 欄位輸入 admin
密碼就是前面 step 3 設定的密碼。
三、建立正解區域
25.新增 master zone
26.新增 master zone 後,選擇 <List zones>
繼續新增 DNS record
27.若要刪除一個 ZONE 或者 是一筆 DNS 記錄,只要按 垃圾筒圖示,即可將之刪除
四、建立反解區域
28.一樣選擇 <Add master zone>
29.新增一台反解記錄
30.建立正解主機記錄時,順便新增反解記錄
五、建立 slave DNS
依照 master DNS 安裝的套件安裝後,修改 master、slave DNS 主機的 pdns.conf 設定檔
額外修改 pdns.conf 設定檔
master DNS:
pdns.conf --> master=yes
slave DNS:
pdns.conf --> slave=yes
再新增一個slave zone,就會自動從 master DNS 同步
PowerAdmin 管理頁面修改 zone type 類型:
六、測試設定
測試 PowerDNS 設定
[root@powerdns ~]# ss -ntupl
[root@powerdns ~]# dig @127.0.0.1 powerdns.ddns.net ns
[root@powerdns ~]# dig @localhost ns hinet.net