CentOS 搭建DNS服务附WEB管理端安装

简介

PowerDNS 是一个跨平台的开源DNS服务组件,PowerDNS同时有Win32和Linux/Unix的版本。 PowerDNS在Win32下使用 Access的mdb文件记录DNS信息,而在Linux/Unix下则使用MySQL来记录DNS信息。无论是mdb亦或MySQL,备份是非常方便的事情。

PowerDNS 支持超多的解析记录种类: A、AAAA、AFSDB、ALIAS(ANAME)、CAA、CERT、CDNSKEY、CDS、CNAME、DNSKEY、DNAME、DS、HINFO、KEY、LOC、MX、NAPTR、NS、NSEC、NSEC3、NSEC3PARAM、OPENPGPKEY、PTR、RP、RRSIG、SOA、SPF、SSHFP、SRV、TKEY、TSIG、TLSA、TXT、URI 等。

安装前准备

关闭自带iptables

service iptables stop

如果不需要启动iptables 可使用如下命令关闭iptables自启动。

chkconfig iptables off

禁用SELinux

编辑SELinux配置文件

vi /etc/selinux/config

将SELINUX=enforcing修改为SELINUX=disabled

selinux配置修改完毕需要重启服务器才可生效。

CentOS 搭建DNS服务附WEB管理端安装

PowerDNS安装配置

安装MySQL

yum -y install mysql mysql-server mysql-devel

CentOS 搭建DNS服务附WEB管理端安装

启动mysql并设置为开机自启动

service mysqld start

chkconfig mysqld on

CentOS 搭建DNS服务附WEB管理端安装

MySQL初始化

mysql_secure_installation

根据给出的提示问题和选项完成mysql的初始配置。

提示解释与建议:

Enter current password for root (enter for none): //键入mysql密码(默认无密码,直接回车即可)

Set root password? [Y/n] Y //是否现在设置root的密码,Y并回车然后输入两次mysql的root密码。

Remove anonymous users? [Y/n] Y //是否删除匿名用户,Y并回车

Disallow root login remotely? [Y/n] Y //是否不允许mysql的root用户远程登录,Y并回车

Remove test database and access to it? [Y/n] Y //是否删除测试数据库,Y并回车

Reload privilege tables now? [Y/n] Y //是否现在重新加载特权配置信息,Y并回车

CentOS 搭建DNS服务附WEB管理端安装

CentOS 搭建DNS服务附WEB管理端安装

安装PowerDNS主程序

yum install -y epel*

yum install -y pdns pdns-backend-mysql

修改配置文件

修改配置文件

vi /etc/pdns/pdns.conf

下面是作者配置好的,将下面信息覆盖到原配置文件中即可,然后需要改配置文件底部的 Mysql 信息。

setuid=pdns

setgid=pdns

launch=bind

# Autogenerated configuration file template

#################################

# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response

#

# add-superfluous-nsec3-for-old-bind=no

#################################

# allow-axfr-ips Allow zonetransfers only to these subnets

#

# allow-axfr-ips=0.0.0.0/0,::/0

#################################

# allow-recursion List of subnets that are allowed to recurse

#

allow-recursion=0.0.0.0/0

#################################

# any-to-tcp Answer ANY queries with tc=1, shunting to TCP

#

# any-to-tcp=no

#################################

# cache-ttl Seconds to store packets in the PacketCache

#

# cache-ttl=20

#################################

# chroot If set, chroot to this directory for more security

#

# chroot=

#################################

# config-dir Location of configuration directory (pdns.conf)

#

# config-dir=/usr/local/etc

#################################

# config-name Name of this virtual configuration – will rename the binary image

#

# config-name=

#################################

# control-console Debugging switch – don’t use

#

# control-console=no

#################################

# daemon Operate as a daemon

#

# daemon=no

#################################

# default-ksk-algorithms Default KSK algorithms

#

# default-ksk-algorithms=rsasha256

 

#################################

# default-ksk-size Default KSK size (0 means default)

#

# default-ksk-size=0

#################################

# default-soa-mail mail address to insert in the SOA record if none set in the backend

#

# default-soa-mail=

#################################

# default-soa-name name to insert in the SOA record if none set in the backend

#

# default-soa-name=a.misconfigured.powerdns.server

#################################

# default-ttl Seconds a result is valid if not set otherwise

#

# default-ttl=3600

#################################

# default-zsk-algorithms Default ZSK algorithms

#

# default-zsk-algorithms=rsasha256

#################################

# default-zsk-size Default KSK size (0 means default)

#

# default-zsk-size=0

#################################

# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis

#

# direct-dnskey=no

#################################

# disable-axfr Disable zonetransfers but do allow TCP queries

#

# disable-axfr=no

#################################

# disable-tcp Do not listen to TCP queries

#

# disable-tcp=no

#################################

# distributor-threads Default number of Distributor (backend) threads to start

#

# distributor-threads=3

#################################

# do-ipv6-additional-processing Do AAAA additional processing

#

# do-ipv6-additional-processing=yes

#################################

# edns-subnet-option-number EDNS option number to use

#

# edns-subnet-option-number=20730

#################################

# edns-subnet-processing If we should act on EDNS Subnet options

#

# edns-subnet-processing=no

#################################

# entropy-source If set, read entropy from this file

#

# entropy-source=/dev/urandom

#################################

# experimental-json-interface If the webserver should serve JSON data

#

# experimental-json-interface=no

#################################

# experimental-logfile Filename of the log file for JSON parser

#

# experimental-logfile=/var/log/pdns.log

#################################

# fancy-records Process URL and MBOXFW records

#

# fancy-records=no

 

#################################

# guardian Run within a guardian process

#

# guardian=no

#################################

# include-dir Include *.conf files from this directory

#

# include-dir=

#################################

# launch Which backends to launch and order to query them in

#

# launch=

#################################

# load-modules Load this module – supply absolute or relative path

#

# load-modules=

#################################

# local-address Local IP addresses to which we bind

#

local-address=0.0.0.0

#################################

# local-ipv6 Local IP address to which we bind

#

# local-ipv6=

#################################

# local-port The port on which we listen

#

local-port=53

#################################

# log-dns-details If PDNS should log DNS non-erroneous details

#

# log-dns-details=

#################################

# log-dns-queries If PDNS should log all incoming DNS queries

#

# log-dns-queries=no

#################################

# log-failed-updates If PDNS should log failed update requests

#

# log-failed-updates=

#################################

# logging-facility Log under a specific facility

#

# logging-facility=

#################################

# loglevel Amount of logging. Higher is more. Do not set below 3

#

# loglevel=4

#################################

# lua-prequery-script Lua script with prequery handler

#

# lua-prequery-script=

#################################

# master Act as a master

#

# master=no

#################################

# max-cache-entries Maximum number of cache entries

#

# max-cache-entries=1000000

#################################

# max-ent-entries Maximum number of empty non-terminals in a zone

#

# max-ent-entries=100000

#################################

# max-nsec3-iterations Limit the number of NSEC3 hash iterations

#

# max-nsec3-iterations=500

#################################

# max-queue-length Maximum queuelength before considering situation lost

#

# max-queue-length=5000

#################################

# max-tcp-connections Maximum number of TCP connections

#

# max-tcp-connections=10

#################################

# module-dir Default directory for modules

#

# module-dir=/usr/local/lib

#################################

# negquery-cache-ttl Seconds to store negative query results in the QueryCache

#

# negquery-cache-ttl=60

#################################

# no-shuffle Set this to prevent random shuffling of answers – for regression testing

#

# no-shuffle=off

#################################

# out-of-zone-additional-processing Do out of zone additional processing

#

# out-of-zone-additional-processing=yes

#################################

# overload-queue-length Maximum queuelength moving to packetcache only

#

# overload-queue-length=0

#################################

# pipebackend-abi-version Version of the pipe backend ABI

#

# pipebackend-abi-version=1

#################################

# prevent-self-notification Don’t send notifications to what we think is ourself

#

# prevent-self-notification=yes

#################################

# query-cache-ttl Seconds to store query results in the QueryCache

#

# query-cache-ttl=20

#################################

# query-local-address Source IP address for sending queries

#

# query-local-address=0.0.0.0

#################################

# query-local-address6 Source IPv6 address for sending queries

#

# query-local-address6=::

#################################

# query-logging Hint backends that queries should be logged

#

# query-logging=no

#################################

# queue-limit Maximum number of milliseconds to queue a query

#

# queue-limit=1500

#################################

# receiver-threads Default number of receiver threads to start

#

# receiver-threads=1

#################################

# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache

#

# recursive-cache-ttl=10

#################################

# recursor If recursion is desired, IP address of a recursing nameserver

#

# recursor=no

#################################

# retrieval-threads Number of AXFR-retrieval threads for slave operation

#

# retrieval-threads=2

#################################

# security-poll-suffix Domain name from which to query security update notifications

#

# security-poll-suffix=secpoll.powerdns.com.

#################################

# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority

#

# send-root-referral=no

#################################

# server-id Returned when queried for ‘server.id’ TXT or NSID, defaults to hostname

#

# server-id=

#################################

# setgid If set, change group id to this gid for more security

#

# setgid=

#################################

# setuid If set, change user id to this uid for more security

#

# setuid=

#################################

# signing-threads Default number of signer threads to start

#

# signing-threads=3

#################################

# slave Act as a slave

#

# slave=no

#################################

# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds

#

# slave-cycle-interval=60

#################################

# slave-renotify If we should send out notifications for slaved updates

#

# slave-renotify=no

#################################

# smtpredirector Our smtpredir MX host

#

# smtpredirector=a.misconfigured.powerdns.smtp.server

#################################

# soa-expire-default Default SOA expire

#

# soa-expire-default=604800

#################################

# soa-minimum-ttl Default SOA minimum ttl

#

# soa-minimum-ttl=3600

#################################

# soa-refresh-default Default SOA refresh

#

# soa-refresh-default=10800

#################################

# soa-retry-default Default SOA retry

#

# soa-retry-default=3600

#################################

# soa-serial-offset Make sure that no SOA serial is less than this number

#

# soa-serial-offset=0

#################################

# socket-dir Where the controlsocket will live

#

# socket-dir=/var/run

#################################

# tcp-control-address If set, PowerDNS can be controlled over TCP on this address

#

# tcp-control-address=

#################################

# tcp-control-port If set, PowerDNS can be controlled over TCP on this address

#

# tcp-control-port=53000

#################################

# tcp-control-range If set, remote control of PowerDNS is possible over these networks only

#

# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10

#################################

# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret

#

# tcp-control-secret=

#################################

# traceback-handler Enable the traceback handler (Linux only)

#

# traceback-handler=yes

#################################

# trusted-notification-proxy IP address of incoming notification proxy

#

# trusted-notification-proxy=

#################################

# urlredirector Where we send hosts to that need to be url redirected

#

# urlredirector=127.0.0.1

#################################

# version-string PowerDNS version in packets – full, anonymous, powerdns or custom

#

# version-string=full

#################################

# webserver Start a webserver for monitoring

#

# webserver=no

#################################

# webserver-address IP Address of webserver to listen on

#

# webserver-address=127.0.0.1

#################################

# webserver-password Password required for accessing the webserver

#

# webserver-password=

#################################

# webserver-port Port of webserver to listen on

#

# webserver-port=8081

#################################

# webserver-print-arguments If the webserver should print arguments

#

# webserver-print-arguments=no

#################################

# wildcard-url Process URL and MBOXFW records

#

# wildcard-url=no

#################################

# xfr-max-received-mbytes Maximum number of megabytes received from an incoming AXFR

#

# xfr-max-received-mbytes=100

launch=gmysql

gmysql-host=localhost

gmysql-user=powerdns

gmysql-password=password

gmysql-dbname=powerdns

数据库导入

登录 mysql数据库的命令行,创建一个名为 powerdns 的用户以及数据库,并导入以下数据。

创建数据库

登录mysql命令行

[root@localhost ~]# mysql -uroot -p

CentOS 搭建DNS服务附WEB管理端安装

创建powerdns数据库

mysql> create database powerdns;

CentOS 搭建DNS服务附WEB管理端安装

创建powerdns用户

创建powerdns用户同时配置密码为password

create user ‘powerdns’@’localhost’ identified by ‘password’;

赋予仅可操作powerdns数据库的权限。

grant ALL on powerdns.* to powerdns;

立即刷新权限

flush privileges;

CentOS 搭建DNS服务附WEB管理端安装

退出mysql命令行

exit

CentOS 搭建DNS服务附WEB管理端安装

导入SQL文件到数据库

将一下SQL文件代码保存到家目录,命名为powerdns.sql

vi powerdns.sql

 

CREATE TABLE domains (

id INT AUTO_INCREMENT,

name VARCHAR(255) NOT NULL,

master VARCHAR(128) DEFAULT NULL,

last_check INT DEFAULT NULL,

type VARCHAR(6) NOT NULL,

notified_serial INT DEFAULT NULL,

account VARCHAR(40) DEFAULT NULL,

PRIMARY KEY (id)

) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (

id INT AUTO_INCREMENT,

domain_id INT DEFAULT NULL,

name VARCHAR(255) DEFAULT NULL,

type VARCHAR(10) DEFAULT NULL,

content VARCHAR(64000) DEFAULT NULL,

ttl INT DEFAULT NULL,

prio INT DEFAULT NULL,

change_date INT DEFAULT NULL,

disabled TINYINT(1) DEFAULT 0,

ordername VARCHAR(255) BINARY DEFAULT NULL,

auth TINYINT(1) DEFAULT 1,

PRIMARY KEY (id)

) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);

CREATE INDEX domain_id ON records(domain_id);

CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (

ip VARCHAR(64) NOT NULL,

nameserver VARCHAR(255) NOT NULL,

account VARCHAR(40) NOT NULL,

PRIMARY KEY (ip, nameserver)

) Engine=InnoDB;

CREATE TABLE comments (

id INT AUTO_INCREMENT,

domain_id INT NOT NULL,

name VARCHAR(255) NOT NULL,

type VARCHAR(10) NOT NULL,

modified_at INT NOT NULL,

account VARCHAR(40) NOT NULL,

comment VARCHAR(64000) NOT NULL,

PRIMARY KEY (id)

) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);

CREATE INDEX comments_name_type_idx ON comments (name, type);

CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (

id INT AUTO_INCREMENT,

domain_id INT NOT NULL,

kind VARCHAR(32),

content TEXT,

PRIMARY KEY (id)

) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (

id INT AUTO_INCREMENT,

domain_id INT NOT NULL,

flags INT NOT NULL,

active BOOL,

content TEXT,

PRIMARY KEY(id)

) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (

id INT AUTO_INCREMENT,

name VARCHAR(255),

algorithm VARCHAR(50),

secret VARCHAR(255),

PRIMARY KEY (id)

) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

将sql文件导入到数据库中

mysql -uroot -p powerdns < ~/powerdns.sql

CentOS 搭建DNS服务附WEB管理端安装

没有提示则为成功导入。

启动PowerDNS服务

到这里,PowerDNS 部署部分完成,我们使用下面的命令设置开机自启,以及立即启动 PowerDNS。

chkconfig –levels 235 pdns on

/etc/init.d/pdns start

CentOS 搭建DNS服务附WEB管理端安装

验证下 PowerDNS 服务是否正常启动

netstat -an | grep 53

CentOS 搭建DNS服务附WEB管理端安装

如果启动失败可通过观察messages日志文件状态进行拍错。

tail -f /var/log/messages

PowerAdmin管理平台安装配置

安装Apache+PHP环境

yum -y install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext

CentOS 搭建DNS服务附WEB管理端安装

设置开机启动Apache

chkconfig –levels 235 httpd on

/etc/init.d/httpd start

安装支持组件

安装环境需要支持组件

yum install -y php-pear-DB php-pear-MDB2-Driver-mysql

CentOS 搭建DNS服务附WEB管理端安装

安装PowerAdmin

源代码导入

先在临时文件夹tmp中下载和解压poweradmin源代码包,然后移动到/var/www/html目录下。

cd /tmp

wget https://soft.laozuo.org/powerdns/poweradmin-2.1.7.tgz

// 如果 wget无法成功下载源码包,可以选择先用迅雷下载到本地然后上传到服务器中。

tar zxvf poweradmin-2.1.7.tgz

mv poweradmin-2.1.7 /var/www/html/poweradmin

touch /var/www/html/poweradmin/inc/config.inc.php

chown -R apache:apache /var/www/html/poweradmin/

CentOS 搭建DNS服务附WEB管理端安装

程序安装

访问http://IP地址/poweradmin/install/打开POWERDNS安装向导。

例如 http://192.168.1.105/poweradmin/install/

选择第一个英文语言,后面我们在设置账户登录时候可以选择回中文。

CentOS 搭建DNS服务附WEB管理端安装

step2为提醒信息,直接下一步

CentOS 搭建DNS服务附WEB管理端安装

设置数据库信息,以及设置Poweradmin面板密码。相关解释如下:

Username 填入数据库账号,例如root

Password 填入数据库密码,例如123456

Database type 选择数据库类型,应为MySQL

Hostname 服务器主机名,默认为localhost

DB Port 数据库端口,默认为3306

Database 数据库名称 powerdns

Poweradmin administrator password 管理界面密码,例如password

CentOS 搭建DNS服务附WEB管理端安装

为poweradmin设置管理数据库的用户,以及DNS的域名服务器信息。

CentOS 搭建DNS服务附WEB管理端安装

生成SQL语句,复制界面中的SQL语句。

CentOS 搭建DNS服务附WEB管理端安装

在Linux中以root用户登录mysql的命令行,并执行复制的SQL语句。

GRANT SELECT, INSERT, UPDATE, DELETE

ON powerdns.*

TO ‘poweradmin’@’localhost’

IDENTIFIED BY ‘password’;

刷新权限

mysql> flush privileges;

CentOS 搭建DNS服务附WEB管理端安装

执行结束后在WEB界面中点击下一步按钮。

提示出安装信息保存的位置,确认无误后进入下一步

CentOS 搭建DNS服务附WEB管理端安装

到setp7安装已经完毕,提示需要删除install/目录文件才可以正常使用。

CentOS 搭建DNS服务附WEB管理端安装

删除安装目录

rm -rf /var/www/html/poweradmin/install

CentOS 搭建DNS服务附WEB管理端安装

访问验证

使用浏览器打开poweradmin主页。

http://192.168.1.105/poweradmin

出现以下页面代表安装成功。

CentOS 搭建DNS服务附WEB管理端安装

输入用户名和刚才配置的密码登录尝试。

超级管理员默认用户名 admin

刚才配置的密码 password

此时Language可选择为Chinese

出现欢迎界面代表已经完全安装成功。

CentOS 搭建DNS服务附WEB管理端安装

DNS简单配置案例

修改解析前状态

打开CMD命令行窗口,使用ping命令查看www.5ec8.com的解析IP。

ping www.5ec8.com

CentOS 搭建DNS服务附WEB管理端安装

可以看到当前解析的IP地址为 118.212.233.19

修改本地DNS地址

配置本地PC,进入IP属性对话框,将DNS配置为DNS服务器的IP。

然后保存退出

CentOS 搭建DNS服务附WEB管理端安装

poweradmin配置解析

登录poweradmin管理界面,点击添加主域按钮。

CentOS 搭建DNS服务附WEB管理端安装

在添加主域界面的域名输入框中输入要解析的主域名。

例如 5ec8.com

其他可保持默认,然后点击添加域按钮来保存。

CentOS 搭建DNS服务附WEB管理端安装

提示5ec8.com – Zone has been added successfully.代表成功。

CentOS 搭建DNS服务附WEB管理端安装

点击域列表,来查看刚才添加的域名,点击域前面的编辑按钮来添加域名解析。

CentOS 搭建DNS服务附WEB管理端安装

例如添加一个www的解析,可参照下图修改,

CentOS 搭建DNS服务附WEB管理端安装

单击添加记录完成添加解析。

CentOS 搭建DNS服务附WEB管理端安装

修改解析后状态

重新使用cmd命令行ping www.5ec8.com,查看结果。

CentOS 搭建DNS服务附WEB管理端安装

解析结果已经变成了刚才配置的IP了,说明NDS服务器配置、功能均没有问题。此时,DNS服务已经搭建、测试完成。

参考链接

  • powerdns官方网站 https://www.powerdns.com/

  • poweradmin 官方网站 www.poweradmin.org

  • powerdns 百度百科 https://baike.baidu.com/item/PowerDNS/3832081

 

文章均为本站原创,转载请注明出处为安全吧!