一、基礎(chǔ)配置

1.1 環(huán)境說明

Centos 7.5.1804 PDNS 4.1.1 MariaDB 5.5.6

1.2 關(guān)閉防火墻和 selinux

setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service firewall-cmd --state

?

二、 安裝 MariaDB

2.1 安裝 MariaDB

默認(rèn)安裝的版本為5.5

yum install -y epel-release yum-plugin-priorities yum install -y mariadb-server mariadb systemctl enable mariadb.service systemctl start mariadb.service

2.2 設(shè)置密碼

mysql_secure_installation 回車,
y, #設(shè)置root密碼
root密碼,
重復(fù)root密碼,
y, #刪除匿名登入
n, #禁用root遠(yuǎn)程登入
y, #刪除test庫
y #刷新權(quán)限

2.3 設(shè)置字符集

vim /etc/my.cnf[mysqld] init_connect='SET collation_connection = utf8_unicode_ci' init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_unicode_ci skip-character-set-client-handshake vim /etc/my.cnf.d/client.cnf[client] default-character-set=utf8 vim /etc/my.cnf.d/mysql-clients.cnf[mysql] default-character-set=utf8

2.4 重啟 MariaDB

systemctl restart mariadb.service

再次登錄 MariaDB，查看字符集，發(fā)現(xiàn)已是 utf8 了。

mysql -uroot -p
show variables like "%character%";show variables like "%collation%";
exit

?

三、安裝 PowerDNS

3.1 安裝 PowerDNS

yum install -y pdns pdns-backend-mysql

PowerDNS 的配置文件位于 /etc/pdns/pdns.conf

3.2?新建數(shù)據(jù)庫

mysql -uroot -p CREATE DATABASE powerdns; GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'powerdns'; FLUSH PRIVILEGES;

3.3 創(chuàng)建數(shù)據(jù)庫表

use powerdns;CREATE TABLE domains (id INT AUTO_INCREMENT,name VARCHAR(255) NOT NULL,master VARCHAR(128) DEFAULT NULL,last_check INT DEFAULT NULL,type VARCHAR(6) NOT NULL,notified_serial INT DEFAULT NULL,account VARCHAR(40) DEFAULT NULL,PRIMARY KEY (id) ) Engine=InnoDB;CREATE UNIQUE INDEX name_index ON domains(name);CREATE TABLE records (id BIGINT AUTO_INCREMENT,domain_id INT DEFAULT NULL,name VARCHAR(255) DEFAULT NULL,type VARCHAR(10) DEFAULT NULL,content VARCHAR(64000) DEFAULT NULL,ttl INT DEFAULT NULL,prio INT DEFAULT NULL,change_date INT DEFAULT NULL,disabled TINYINT(1) DEFAULT 0,ordername VARCHAR(255) BINARY DEFAULT NULL,auth TINYINT(1) DEFAULT 1,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername);CREATE TABLE supermasters (ip VARCHAR(64) NOT NULL,nameserver VARCHAR(255) NOT NULL,account VARCHAR(40) NOT NULL,PRIMARY KEY (ip, nameserver) ) Engine=InnoDB;CREATE TABLE comments (id INT AUTO_INCREMENT,domain_id INT NOT NULL,name VARCHAR(255) NOT NULL,type VARCHAR(10) NOT NULL,modified_at INT NOT NULL,account VARCHAR(40) NOT NULL,comment VARCHAR(64000) NOT NULL,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);CREATE TABLE domainmetadata (id INT AUTO_INCREMENT,domain_id INT NOT NULL,kind VARCHAR(32),content TEXT,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);CREATE TABLE cryptokeys (id INT AUTO_INCREMENT,domain_id INT NOT NULL,flags INT NOT NULL,active BOOL,content TEXT,PRIMARY KEY(id) ) Engine=InnoDB;CREATE INDEX domainidindex ON cryptokeys(domain_id);CREATE TABLE tsigkeys (id INT AUTO_INCREMENT,name VARCHAR(255),algorithm VARCHAR(50),secret VARCHAR(255),PRIMARY KEY (id) ) Engine=InnoDB;CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);flush privileges; show databases; show tables;
exit

3.4?配置PowerDNS

cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak vim /etc/pdns/pdns.conf# backend launch=gmysql gmysql-host=localhost gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=powerdns gmysql-password=powerdns# pdns API webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081 api=yes api-key=wmqpdns api-logfile=/var/log/pdns-api.log

3.5?開機(jī)啟動

systemctl enable pdns.service systemctl start pdns.service systemctl status pdns.service

查看8081、53兩個端口

netstat -tulnp|grep pdns_servertcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 9712/pdns_server tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 9712/pdns_server tcp6 0 0 :::53 :::* LISTEN 9712/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 9712/pdns_server udp6 0 0 :::53 :::* 9712/pdns_server

?

四、安裝PowerDNS-Admin

4.1?安裝python3.6 + pip

yum install -y epel-release yum install -y https://centos7.iuscommunity.org/ius-release.rpm yum install -y python36u python36u-devel python36u-pip pip3.6 install -U pip pip install -U virtualenv rm -f /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python3

4.2 安裝構(gòu)建python庫所需包

1）如果使用 Centos 默認(rèn)的 mariadb 5.5 版本，安裝如下：

yum install -y gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

2）如果使用mariadb 10.x 版本，安裝如下：

yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

4.3?安裝 Nodejs 10

curl -sL https://rpm.nodesource.com/setup_10.x | bash - curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo yum install -y yarn

4.4?創(chuàng)建python3 virtualenv環(huán)境

yum install -y git
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin cd /opt/web/powerdns-admin virtualenv -p python3 flask

激活 python3 環(huán)境并安裝python庫（后續(xù)操作都是基于python3 環(huán)境下操作）

source ./flask/bin/activate pip install python-dotenv pip install -r requirements.txt

下載的包臨時存放在 /root/.cache/pip/wheels 目錄下。

4.5?創(chuàng)建數(shù)據(jù)庫

mysql -u root -p CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd'; FLUSH PRIVILEGES;
exit

4.6 配置 config.py

cp config_template.py config.py
vim config.py
#地址改成0.0.0.0 BIND_ADDRESS = '0.0.0.0' # 配置數(shù)據(jù)庫連接信息,庫/用戶/密碼是之前手動創(chuàng)建的,不是pdns數(shù)據(jù)庫 SQLA_DB_USER = 'pdnsadminuser' SQLA_DB_PASSWORD = 'p4ssw0rd' SQLA_DB_HOST = 'localhost' SQLA_DB_NAME = 'powerdnsadmin' # 開啟MySQL # DATABASE - MySQL SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+':'+str(SQLA_DB_PORT)+'/'+SQLA_DB_NAME # 注釋sqlite # DATABASE - SQLite # SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')

4.7?創(chuàng)建表并創(chuàng)建資產(chǎn)文件

1、創(chuàng)建表

export FLASK_APP=app/__init__.py flask db upgrade

報如下錯：

Traceback (most recent call last):File "/opt/web/powerdns-admin/flask/bin/flask", line 10, in <module>sys.exit(main())File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 894, in maincli.main(args=args, prog_name=name)File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 557, in mainreturn super(FlaskGroup, self).main(*args, **kwargs)File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/core.py", line 696, in main_verify_python3_env()File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/_unicodefun.py", line 124, in _verify_python3_env' mitigation steps.' + extra RuntimeError: Click will abort further execution because Python 3 was configured to use ASCII as encoding for the environment. Consult https://click.palletsprojects.com/en/7.x/python3/ for mitigation steps. This system lists a couple of UTF-8 supporting locales that you can pick from. The following suitable locales were discovered: en_US.utf8

解決：

export LC_ALL=en_US.utf8

2、創(chuàng)建資產(chǎn)文件

yarn install --pure-lockfile flask assets build

4.8 啟動

./run.py

訪問PowerDNS-Admin Web界面：http://192.168.159.128:9191

1、先注冊用戶，第一個用戶將處于管理員角色。

2、第一次登錄時，將被重定向到設(shè)置頁面以配置PDNS API信息。

#填入在/etc/pdns/pdns.cof配置的API信息：
PDNS API URL：http://192.168.159.128:8081 PDNS API KEY：wmqpdns

4.9 配置systemd服務(wù)

使用systemd管理PowerDNS-Admin

vim /usr/lib/systemd/system/powerdns-admin.service
[Unit] Description=PowerDNS-Admin After=network.target[Service] User=root Group=root WorkingDirectory=/opt/web/powerdns-admin ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app[Install] WantedBy=multi-user.target

啟動Powerdns-Admin服務(wù)并將其設(shè)置為在啟動時啟動：

systemctl daemon-reload systemctl start powerdns-admin systemctl enable powerdns-admin

可以運(yùn)行systemctl status powerdns-admin命令確認(rèn)狀態(tài)是否正在運(yùn)行，沒問題的話會返回相關(guān)的成功信息。

systemctl status powerdns-admin

4.10 安裝nginx

yum install -y nginx

配置nginx

vim /etc/nginx/conf.d/powerdns-admin.conf

server {listen *:80;server_name 192.168.159.128;index index.html index.htm index.php;root /opt/web/powerdns-admin;access_log /var/log/nginx/powerdns-admin.local.access.log combined;error_log /var/log/nginx/powerdns-admin.local.error.log;client_max_body_size 10m;client_body_buffer_size 128k;proxy_redirect off;proxy_connect_timeout 90;proxy_send_timeout 90;proxy_read_timeout 90;proxy_buffers 32 4k;proxy_buffer_size 8k;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_headers_hash_bucket_size 64;location ~ ^/static/ {include /etc/nginx/mime.types;root /opt/web/powerdns-admin/app;location ~* \.(jpg|jpeg|png|gif)$ {expires 365d;}location ~* ^.+.(css|js)$ {expires 7d;}}location / {proxy_pass http://unix:/opt/web/powerdns-admin/powerdns-admin.sock;proxy_read_timeout 120;proxy_connect_timeout 120;proxy_redirect off;} }

啟動nginx

nginx -t systemctl restart nginx systemctl enable nginx

瀏覽器訪問 192.168.159.128 即可打開powerdns-admin登入頁

注意：如果添加 new domain 時候提示 400 錯誤，應(yīng)該是添加的域名格式不對（可能后面有空格）。

4.11 集成OpenLADP?

LDAP URI : ldap://192.168.159.130:389 LDAP Base DN : ou=People,dc=wmqe,dc=com LDAP admin username : cn=admin,dc=wmqe,dc=com LDAP admin password : ???????? Basic filter : (objectClass=inetOrgPerson) Username field : cn

或者：ldaps://192.168.159.130:636

?

五、提供域名解析服務(wù)

配置子域名解析，可直接在公網(wǎng)生效，不用在本地指定DNS地址。通過配置NS記錄作為子域名向外提供服務(wù)，后續(xù)將三級子域名設(shè)置為DNS提供域名解析。

5.1 注冊域名，并配置解析記錄

因NS記錄不能直接指定IP，需先配置A記錄，再配置NS記錄。

1）注冊域名 wmqxxxxx.com

2）配置A記錄，指定到pdns的外網(wǎng)IP（確保53端口的tcp,udp協(xié)議都開放）

pdns.wmqxxxxx.com --> 54.223.118.175

3）配置NS記錄，指定到前面創(chuàng)建的A記錄

prod.wmqxxxxx.com?-->?pdns.wmqxxxxx.com

5.2 配置pdnsadmin

1）添加domain

添加之前NS記錄作為domain：prod.wmqxxxxx.com

2）添加A記錄解析（記得要點(diǎn)右上角的Apply Changes）

pdnsadmin?-> 172.31.57.1

3）這樣就可以通過 pdnsadmin.prod.wmqxxxxx.com 這個域名訪問內(nèi)網(wǎng)172.31.57.1地址的服務(wù)了，用dig命令測試下效果：

dig?pdnsadmin.prod.wmqxxxxx.com

; <<>> DiG 9.13.7 <<>> pdnsadmin.prod.wmqxxxxx.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52112 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 19;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pdnsadmin.prod.wmqxxxxx.com. IN A;; ANSWER SECTION: pdnsadmin.prod.wmqxxxxx.com. 46 IN A 172.31.57.1;; AUTHORITY SECTION: wmqxxxxx.com. 169277 IN NS dns10.hichina.com. wmqxxxxx.com. 169277 IN NS dns9.hichina.com.;; ADDITIONAL SECTION: dns9.hichina.com. 18845 IN A 140.205.81.15 dns9.hichina.com. 18845 IN A 140.205.81.25 dns9.hichina.com. 18845 IN A 106.11.141.115 dns9.hichina.com. 18845 IN A 106.11.141.125 dns9.hichina.com. 18845 IN A 106.11.211.55 dns9.hichina.com. 18845 IN A 106.11.211.65 dns9.hichina.com. 18845 IN A 140.205.41.15 dns9.hichina.com. 18845 IN A 140.205.41.25 dns9.hichina.com. 18845 IN AAAA 2400:3200:2000:28::1 dns10.hichina.com. 18845 IN A 140.205.81.26 dns10.hichina.com. 18845 IN A 106.11.141.116 dns10.hichina.com. 18845 IN A 106.11.141.126 dns10.hichina.com. 18845 IN A 106.11.211.56 dns10.hichina.com. 18845 IN A 106.11.211.66 dns10.hichina.com. 18845 IN A 140.205.41.16 dns10.hichina.com. 18845 IN A 140.205.41.26 dns10.hichina.com. 18845 IN A 140.205.81.16 dns10.hichina.com. 18845 IN AAAA 2400:3200:2000:29::1;; Query time: 22 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Jul 12 11:20:07 中國標(biāo)準(zhǔn)時間 2019 ;; MSG SIZE rcvd: 432

?

??

?

參考

官網(wǎng)倉庫：https://github.com/ngoduykhanh/PowerDNS-Admin

官網(wǎng)安裝 MariaDB wiki：https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin

官網(wǎng)安裝 PowerDNS-Admin wiki：https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7

其他鏈接：https://windyboy.github.io/post/2017/10/setup-powerdns-authoritative-with-dnssec/

https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/

?

轉(zhuǎn)載于:https://www.cnblogs.com/weavepub/p/11152919.html

總結(jié)

以上是生活随笔為你收集整理的PowerDNS + PowerDNS-Admin的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。