一、基础配置
1.1 环境说明
Centos 7.5.1804 PDNS 4.1.1 MariaDB 5.5.6
1.2 关闭防火墙和 selinux
setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service firewall-cmd --state
二、 安装 MariaDB
2.1 安装 MariaDB
默认安装的版本为5.5
yum install -y epel-release yum-plugin-priorities yum install -y mariadb-server mariadb systemctl enable mariadb.service systemctl start mariadb.service
2.2 设置密码
mysql_secure_installation
回车,
y, #设置root密码
root密码,
重复root密码,
y, #删除匿名登入
n, #禁用root远程登入
y, #删除test库
y #刷新权限
2.3 设置字符集
vim /etc/my.cnf[mysqld] init_connect='SET collation_connection = utf8_unicode_ci' init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_unicode_ci skip-character-set-client-handshake
vim /etc/my.cnf.d/client.cnf[client] default-character-set=utf8
vim /etc/my.cnf.d/mysql-clients.cnf[mysql] default-character-set=utf8
2.4 重启 MariaDB
systemctl restart mariadb.service
再次登录 MariaDB,查看字符集,发现已是 utf8 了。
mysql -uroot -p
show variables like "%character%";show variables like "%collation%";
exit
三、安装 PowerDNS
3.1 安装 PowerDNS
yum install -y pdns pdns-backend-mysql
PowerDNS 的配置文件位于 /etc/pdns/pdns.conf
3.2 新建数据库
mysql -uroot -p CREATE DATABASE powerdns; GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'powerdns'; FLUSH PRIVILEGES;
3.3 创建数据库表
use powerdns;CREATE TABLE domains (id INT AUTO_INCREMENT,name VARCHAR(255) NOT NULL,master VARCHAR(128) DEFAULT NULL,last_check INT DEFAULT NULL,type VARCHAR(6) NOT NULL,notified_serial INT DEFAULT NULL,account VARCHAR(40) DEFAULT NULL,PRIMARY KEY (id) ) Engine=InnoDB;CREATE UNIQUE INDEX name_index ON domains(name);CREATE TABLE records (id BIGINT AUTO_INCREMENT,domain_id INT DEFAULT NULL,name VARCHAR(255) DEFAULT NULL,type VARCHAR(10) DEFAULT NULL,content VARCHAR(64000) DEFAULT NULL,ttl INT DEFAULT NULL,prio INT DEFAULT NULL,change_date INT DEFAULT NULL,disabled TINYINT(1) DEFAULT 0,ordername VARCHAR(255) BINARY DEFAULT NULL,auth TINYINT(1) DEFAULT 1,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername);CREATE TABLE supermasters (ip VARCHAR(64) NOT NULL,nameserver VARCHAR(255) NOT NULL,account VARCHAR(40) NOT NULL,PRIMARY KEY (ip, nameserver) ) Engine=InnoDB;CREATE TABLE comments (id INT AUTO_INCREMENT,domain_id INT NOT NULL,name VARCHAR(255) NOT NULL,type VARCHAR(10) NOT NULL,modified_at INT NOT NULL,account VARCHAR(40) NOT NULL,comment VARCHAR(64000) NOT NULL,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);CREATE TABLE domainmetadata (id INT AUTO_INCREMENT,domain_id INT NOT NULL,kind VARCHAR(32),content TEXT,PRIMARY KEY (id) ) Engine=InnoDB;CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);CREATE TABLE cryptokeys (id INT AUTO_INCREMENT,domain_id INT NOT NULL,flags INT NOT NULL,active BOOL,content TEXT,PRIMARY KEY(id) ) Engine=InnoDB;CREATE INDEX domainidindex ON cryptokeys(domain_id);CREATE TABLE tsigkeys (id INT AUTO_INCREMENT,name VARCHAR(255),algorithm VARCHAR(50),secret VARCHAR(255),PRIMARY KEY (id) ) Engine=InnoDB;CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);flush privileges; show databases; show tables;
exit
3.4 配置PowerDNS
cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak
vim /etc/pdns/pdns.conf# backend launch=gmysql gmysql-host=localhost gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=powerdns gmysql-password=powerdns# pdns API webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081 api=yes api-key=wmqpdns api-logfile=/var/log/pdns-api.log
3.5 开机启动
systemctl enable pdns.service
systemctl start pdns.service
systemctl status pdns.service
查看8081、53两个端口
netstat -tulnp|grep pdns_servertcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 9712/pdns_server tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 9712/pdns_server tcp6 0 0 :::53 :::* LISTEN 9712/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 9712/pdns_server udp6 0 0 :::53 :::* 9712/pdns_server
四、安装PowerDNS-Admin
4.1 安装python3.6 + pip
yum install -y epel-release yum install -y https://centos7.iuscommunity.org/ius-release.rpm yum install -y python36u python36u-devel python36u-pip pip3.6 install -U pip pip install -U virtualenv rm -f /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python3
4.2 安装构建python库所需包
1)如果使用 Centos 默认的 mariadb 5.5 版本,安装如下:
yum install -y gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
2)如果使用mariadb 10.x 版本,安装如下:
yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
4.3 安装 Nodejs 10
curl -sL https://rpm.nodesource.com/setup_10.x | bash - curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo yum install -y yarn
4.4 创建python3 virtualenv环境
yum install -y git
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin cd /opt/web/powerdns-admin virtualenv -p python3 flask
激活 python3 环境并安装python库(后续操作都是基于python3 环境下操作)
source ./flask/bin/activate pip install python-dotenv pip install -r requirements.txt
下载的包临时存放在 /root/.cache/pip/wheels 目录下。
4.5 创建数据库
mysql -u root -p CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd'; FLUSH PRIVILEGES;
exit
4.6 配置 config.py
cp config_template.py config.py
vim config.py
#地址改成0.0.0.0 BIND_ADDRESS = '0.0.0.0' # 配置数据库连接信息,库/用户/密码是之前手动创建的,不是pdns数据库 SQLA_DB_USER = 'pdnsadminuser' SQLA_DB_PASSWORD = 'p4ssw0rd' SQLA_DB_HOST = 'localhost' SQLA_DB_NAME = 'powerdnsadmin' # 开启MySQL # DATABASE - MySQL SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+':'+str(SQLA_DB_PORT)+'/'+SQLA_DB_NAME # 注释sqlite # DATABASE - SQLite # SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
4.7 创建表并创建资产文件
1、创建表
export FLASK_APP=app/__init__.py
flask db upgrade
报如下错:
Traceback (most recent call last):File "/opt/web/powerdns-admin/flask/bin/flask", line 10, in <module>sys.exit(main())File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 894, in maincli.main(args=args, prog_name=name)File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line 557, in mainreturn super(FlaskGroup, self).main(*args, **kwargs)File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/core.py", line 696, in main_verify_python3_env()File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/_unicodefun.py", line 124, in _verify_python3_env' mitigation steps.' + extra RuntimeError: Click will abort further execution because Python 3 was configured to use ASCII as encoding for the environment. Consult https://click.palletsprojects.com/en/7.x/python3/ for mitigation steps. This system lists a couple of UTF-8 supporting locales that you can pick from. The following suitable locales were discovered: en_US.utf8
解决:
export LC_ALL=en_US.utf8
2、创建资产文件
yarn install --pure-lockfile flask assets build
4.8 启动
./run.py
访问PowerDNS-Admin Web界面:http://192.168.159.128:9191
1、先注册用户,第一个用户将处于管理员角色。
2、第一次登录时,将被重定向到设置页面以配置PDNS API信息。
#填入在/etc/pdns/pdns.cof配置的API信息:
PDNS API URL:http://192.168.159.128:8081 PDNS API KEY:wmqpdns
4.9 配置systemd服务
使用systemd管理PowerDNS-Admin
vim /usr/lib/systemd/system/powerdns-admin.service
[Unit] Description=PowerDNS-Admin After=network.target[Service] User=root Group=root WorkingDirectory=/opt/web/powerdns-admin ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app[Install] WantedBy=multi-user.target
启动Powerdns-Admin服务并将其设置为在启动时启动:
systemctl daemon-reload systemctl start powerdns-admin systemctl enable powerdns-admin
可以运行systemctl status powerdns-admin命令确认状态是否正在运行,没问题的话会返回相关的成功信息。
systemctl status powerdns-admin
4.10 安装nginx
yum install -y nginx
配置nginx
vim /etc/nginx/conf.d/powerdns-admin.conf
server {listen *:80;server_name 192.168.159.128;index index.html index.htm index.php;root /opt/web/powerdns-admin;access_log /var/log/nginx/powerdns-admin.local.access.log combined;error_log /var/log/nginx/powerdns-admin.local.error.log;client_max_body_size 10m;client_body_buffer_size 128k;proxy_redirect off;proxy_connect_timeout 90;proxy_send_timeout 90;proxy_read_timeout 90;proxy_buffers 32 4k;proxy_buffer_size 8k;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_headers_hash_bucket_size 64;location ~ ^/static/ {include /etc/nginx/mime.types;root /opt/web/powerdns-admin/app;location ~* \.(jpg|jpeg|png|gif)$ {expires 365d;}location ~* ^.+.(css|js)$ {expires 7d;}}location / {proxy_pass http://unix:/opt/web/powerdns-admin/powerdns-admin.sock;proxy_read_timeout 120;proxy_connect_timeout 120;proxy_redirect off;} }
启动nginx
nginx -t
systemctl restart nginx
systemctl enable nginx
浏览器访问 192.168.159.128 即可打开powerdns-admin登入页
注意:如果添加 new domain 时候提示 400 错误,应该是添加的域名格式不对(可能后面有空格)。
4.11 集成OpenLADP
LDAP URI : ldap://192.168.159.130:389 LDAP Base DN : ou=People,dc=wmqe,dc=com LDAP admin username : cn=admin,dc=wmqe,dc=com LDAP admin password : •••••••• Basic filter : (objectClass=inetOrgPerson) Username field : cn
或者:ldaps://192.168.159.130:636
五、提供域名解析服务
配置子域名解析,可直接在公网生效,不用在本地指定DNS地址。通过配置NS记录作为子域名向外提供服务,后续将三级子域名设置为DNS提供域名解析。
5.1 注册域名,并配置解析记录
因NS记录不能直接指定IP,需先配置A记录,再配置NS记录。
1)注册域名 wmqxxxxx.com
2)配置A记录,指定到pdns的外网IP(确保53端口的tcp,udp协议都开放)
pdns.wmqxxxxx.com –> 54.223.118.175
3)配置NS记录,指定到前面创建的A记录
prod.wmqxxxxx.com –> pdns.wmqxxxxx.com
5.2 配置pdnsadmin
1)添加domain
添加之前NS记录作为domain:prod.wmqxxxxx.com
2)添加A记录解析(记得要点右上角的Apply Changes)
pdnsadmin -> 172.31.57.1
3)这样就可以通过 pdnsadmin.prod.wmqxxxxx.com 这个域名访问内网172.31.57.1地址的服务了,用dig命令测试下效果:
dig pdnsadmin.prod.wmqxxxxx.com
; <<>> DiG 9.13.7 <<>> pdnsadmin.prod.wmqxxxxx.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52112 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 19;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pdnsadmin.prod.wmqxxxxx.com. IN A;; ANSWER SECTION: pdnsadmin.prod.wmqxxxxx.com. 46 IN A 172.31.57.1;; AUTHORITY SECTION: wmqxxxxx.com. 169277 IN NS dns10.hichina.com. wmqxxxxx.com. 169277 IN NS dns9.hichina.com.;; ADDITIONAL SECTION: dns9.hichina.com. 18845 IN A 140.205.81.15 dns9.hichina.com. 18845 IN A 140.205.81.25 dns9.hichina.com. 18845 IN A 106.11.141.115 dns9.hichina.com. 18845 IN A 106.11.141.125 dns9.hichina.com. 18845 IN A 106.11.211.55 dns9.hichina.com. 18845 IN A 106.11.211.65 dns9.hichina.com. 18845 IN A 140.205.41.15 dns9.hichina.com. 18845 IN A 140.205.41.25 dns9.hichina.com. 18845 IN AAAA 2400:3200:2000:28::1 dns10.hichina.com. 18845 IN A 140.205.81.26 dns10.hichina.com. 18845 IN A 106.11.141.116 dns10.hichina.com. 18845 IN A 106.11.141.126 dns10.hichina.com. 18845 IN A 106.11.211.56 dns10.hichina.com. 18845 IN A 106.11.211.66 dns10.hichina.com. 18845 IN A 140.205.41.16 dns10.hichina.com. 18845 IN A 140.205.41.26 dns10.hichina.com. 18845 IN A 140.205.81.16 dns10.hichina.com. 18845 IN AAAA 2400:3200:2000:29::1;; Query time: 22 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Jul 12 11:20:07 中国标准时间 2019 ;; MSG SIZE rcvd: 432
参考
官网仓库:https://github.com/ngoduykhanh/PowerDNS-Admin
官网安装 MariaDB wiki:https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin
官网安装 PowerDNS-Admin wiki:https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
其他链接:https://windyboy.github.io/post/2017/10/setup-powerdns-authoritative-with-dnssec/
https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/
转载于:https://www.cnblogs.com/weavepub/p/11152919.html