PowerDNS + PowerDNS-Admin

一、基础配置

1.1 环境说明

Centos 7.5.1804
PDNS 4.1.
MariaDB 5.5.

1.2 关闭防火墙和 selinux

setenforce
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld.service && systemctl disable firewalld.service
firewall-cmd --state

二、 安装 MariaDB

2.1 安装 MariaDB

1）更改存储目录

mkdir -p /opt/data/mysql/{data,log}

vim /etc/my.cnf

[mysqld]
datadir=/opt/data/mysql/data
socket=/opt/data/mysql/mysql.sock

[mysqld_safe]
log-error=/opt/data/mysql/log/mariadb.log
pid-file=/opt/data/mysql/mariadb.pid

2）默认安装的版本为5.5

#安装
yum install -y epel-release yum-plugin-priorities
yum install -y mariadb-server mariadb

#设置目录权限
cd /opt/data/
chown -R mysql.mysql mysql/

#启动
systemctl enable mariadb.service
systemctl start mariadb.service

2.2 初始化

1）设置软连接

ln -s /opt/data/mysql/mysql.sock /var/lib/mysql/mysql.sock

因为改动了mysqld的sock的默认目录，但mysql_client、mysql_secure_installation这些都没改，所以做一个软连接。

2）设置root密码

mysql_secure_installation
回车,
y,          #设置root密码
root密码,
重复root密码,
y,          #删除匿名登入
y,          #禁用root远程登入
y,          #删除test库
y           #刷新权限

2.3 设置字符集

vim /etc/my.cnf

[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake

vim /etc/my.cnf.d/client.cnf

[client]
default-character-set=utf8

vim /etc/my.cnf.d/mysql-clients.cnf

[mysql]
default-character-set=utf8

2.4 重启 MariaDB

systemctl restart mariadb

再次登录 MariaDB，查看字符集，发现已是 utf8 了。

mysql -uroot -p
show variables like "%character%";show variables like "%collation%";
exit

三、安装 PowerDNS

3.1 安装 PowerDNS

yum install -y pdns pdns-backend-mysql

PowerDNS 的配置文件位于 /etc/pdns/pdns.conf

3.2 新建数据库

mysql -uroot -p
CREATE DATABASE powerdns;
GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'powerdns';
FLUSH PRIVILEGES;

3.3 创建数据库表

use powerdns;

CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR() NOT NULL,
  master                VARCHAR() DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR() NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR() DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
  id                    BIGINT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR() DEFAULT NULL,
  type                  VARCHAR() DEFAULT NULL,
  content               VARCHAR() DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT() DEFAULT ,
  ordername             VARCHAR() BINARY DEFAULT NULL,
  auth                  TINYINT() DEFAULT ,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (
  ip                    VARCHAR() NOT NULL,
  nameserver            VARCHAR() NOT NULL,
  account               VARCHAR() NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR() NOT NULL,
  type                  VARCHAR() NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR() NOT NULL,
  comment               VARCHAR() NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(),
  algorithm             VARCHAR(),
  secret                VARCHAR(),
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

flush privileges;
show databases;
show tables;
exit

3.4 配置PowerDNS

cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak

vim /etc/pdns/pdns.conf
#ttl
default-ttl=300
# backend
launch=gmysql
gmysql-host=localhost
gmysql-port=
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=powerdns

# pdns API
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/
webserver-port=
api=yes
api-key=wmqpdns
api-logfile=/var/log/pdns-api.log

# id
setgid=pdns
setuid=pdns

说明：default-ttl（默认 ttl 改为5分钟）和 launch 两个参数是修改，其他都为添加。

3.5 开机启动

systemctl enable pdns.service
systemctl start pdns.service
systemctl status pdns.service

查看8081、53两个端口

netstat -tulnp|grep pdns_server

tcp               0.0.0.0:            0.0.0.0:*               LISTEN      /pdns_server
tcp               0.0.0.0:              0.0.0.0:*               LISTEN      /pdns_server
tcp6              :::                   :::*                    LISTEN      /pdns_server
udp               0.0.0.0:              0.0.0.0:*                           /pdns_server
udp6              :::                   :::*                                /pdns_server   

四、安装PowerDNS-Admin

4.1 安装python3.6 + pip

yum install -y epel-release
yum install -y https://centos7.iuscommunity.org/ius-release.rpm
yum install -y python36u python36u-devel python36u-pip
pip3. install -U pip
pip install -U virtualenv
rm -f /usr/bin/python3 && ln -s /usr/bin/python3. /usr/bin/python3

4.2 安装构建python库所需包

1）如果使用 Centos 默认的 mariadb 5.5 版本，安装如下：

yum install -y gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

2）如果使用mariadb 10.x 版本，安装如下：

yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel

4.3 安装 Nodejs 10

curl -sL https://rpm.nodesource.com/setup_10.x | bash -
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo
yum install -y yarn

4.4 创建python3 virtualenv环境

yum install -y git
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
cd /opt/web/powerdns-admin
virtualenv -p python3 flask

激活 python3 环境并安装python库（后续操作都是基于python3 环境下操作）

source ./flask/bin/activate
pip install python-dotenv
pip install -r requirements.txt

下载的包临时存放在 /root/.cache/pip/wheels 目录下。

4.5 创建数据库

mysql -u root -p
CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd';
FLUSH PRIVILEGES;
exit

4.6 配置 config.py

cp config_template.py config.py

vim config.py
#地址改成0.0.0.0
BIND_ADDRESS = '0.0.0.0'
# 配置数据库连接信息,库/用户/密码是之前手动创建的,不是pdns数据库
SQLA_DB_USER = 'pdnsadminuser'
SQLA_DB_PASSWORD = 'p4ssw0rd'
SQLA_DB_HOST = 'localhost'
SQLA_DB_NAME = 'powerdnsadmin'
# 开启MySQL
# DATABASE - MySQL
SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+':'+str(SQLA_DB_PORT)+'/'+SQLA_DB_NAME
# 注释sqlite
# DATABASE - SQLite
# SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')

4.7 创建表并创建资产文件

1、创建表

export FLASK_APP=app/__init__.py
flask db upgrade

报如下错：

Traceback (most recent call last):
  File "/opt/web/powerdns-admin/flask/bin/flask", line , in <module>
    sys.exit(main())
  File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line , in main
    cli.main(args=args, prog_name=name)
  File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/flask/cli.py", line , in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/core.py", line , in main
    _verify_python3_env()
  File "/opt/web/powerdns-admin/flask/lib/python3.6/site-packages/click/_unicodefun.py", line , in _verify_python3_env
    ' mitigation steps.' + extra
RuntimeError: Click will abort further execution because Python  was configured to use ASCII as encoding for the environment. Consult https://click.palletsprojects.com/en/7.x/python3/ for mitigation steps.

This system lists a couple of UTF- supporting locales that
you can pick from.  The following suitable locales were
discovered: en_US.utf8

解决：

export LC_ALL=en_US.utf8

2、创建资产文件

yarn install --pure-lockfile
flask assets build

4.8 启动

./run.py

访问PowerDNS-Admin Web界面：http://192.168.159.128:9191

1、先注册用户，第一个用户将处于管理员角色。

2、第一次登录时，将被重定向到设置页面以配置PDNS API信息。

#填入在/etc/pdns/pdns.cof配置的API信息：
PDNS API URL：http://127.0.0.1:8081
PDNS API KEY：wmqpdns

4.9 配置systemd服务

使用systemd管理PowerDNS-Admin

vim /usr/lib/systemd/system/powerdns-admin.service
[Unit]
Description=PowerDNS-Admin
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/opt/web/powerdns-admin
ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers  --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app

[Install]
WantedBy=multi-user.target

启动Powerdns-Admin服务并将其设置为在启动时启动：

systemctl daemon-reload
systemctl start powerdns-admin
systemctl enable powerdns-admin

可以运行systemctl status powerdns-admin命令确认状态是否正在运行，没问题的话会返回相关的成功信息。

systemctl status powerdns-admin

4.10 安装nginx

yum install -y nginx

配置nginx

vim /etc/nginx/conf.d/powerdns-admin.conf

server {
  listen *:;
  server_name               192.168.159.128;

  index                     index.html index.htm index.php;
  root                      /opt/web/powerdns-admin;
  access_log                /var/log/nginx/powerdns-admin.local.access.log combined;
  error_log                 /var/log/nginx/powerdns-admin.local.error.log;

  client_max_body_size              10m;
  client_body_buffer_size           128k;
  proxy_redirect                    off;
  proxy_connect_timeout             ;
  proxy_send_timeout                ;
  proxy_read_timeout                ;
  proxy_buffers                      4k;
  proxy_buffer_size                 8k;
  proxy_set_header                  Host $host;
  proxy_set_header                  X-Real-IP $remote_addr;
  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size    ;

  location ~ ^/static/  {
    include  /etc/nginx/mime.types;
    root /opt/web/powerdns-admin/app;

    location ~*  \.(jpg|jpeg|png|gif)$ {
      expires 365d;
    }

    location ~* ^.+.(css|js)$ {
      expires 7d;
    }
  }

  location / {
    proxy_pass            http://unix:/opt/web/powerdns-admin/powerdns-admin.sock;
    proxy_read_timeout    ;
    proxy_connect_timeout ;
    proxy_redirect        off;
  }
}

启动nginx

nginx -t
systemctl restart nginx
systemctl enable nginx

浏览器访问 192.168.159.128 即可打开powerdns-admin登入页

注意：如果添加 new domain 时候提示 400 错误，应该是添加的域名格式不对（可能后面有空格）。

4.11 集成OpenLADP

LDAP URI : ldap://192.168.159.130:389
LDAP Base DN : ou=People,dc=wmqe,dc=com
LDAP admin username : cn=admin,dc=wmqe,dc=com
LDAP admin password : ••••••••
Basic filter : (objectClass=inetOrgPerson)
Username field : cn

或者：ldaps://192.168.159.130:636

五、提供域名解析服务

配置子域名解析，可直接在公网生效，不用在本地指定DNS地址。通过配置NS记录作为子域名向外提供服务，后续将三级子域名设置为DNS提供域名解析。

5.1 注册域名，并配置解析记录

因NS记录不能直接指定IP，需先配置A记录，再配置NS记录。

1）注册域名 wmqxxxxx.com

2）配置A记录，指定到pdns的外网IP（确保53端口的tcp,udp协议都开放）

pdns.wmqxxxxx.com --> 54.223.118.175

3）配置NS记录，指定到前面创建的A记录

prod.wmqxxxxx.com --> pdns.wmqxxxxx.com

5.2 配置pdnsadmin

1）添加domain

添加之前NS记录作为domain：prod.wmqxxxxx.com

2）添加A记录解析（记得要点右上角的Apply Changes）

pdnsadmin -> 172.31.57.1

3）这样就可以通过 pdnsadmin.prod.wmqxxxxx.com 这个域名访问内网172.31.57.1地址的服务了，用dig命令测试下效果：

dig pdnsadmin.prod.wmqxxxxx.com

; <<>> DiG 9.13. <<>> pdnsadmin.prod.wmqxxxxx.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: 

;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;pdnsadmin.prod.wmqxxxxx.com.  IN      A

;; ANSWER SECTION:
pdnsadmin.prod.wmqxxxxx.com. 46 IN     A       172.31.57.1

;; AUTHORITY SECTION:
wmqxxxxx.com.            IN      NS      dns10.hichina.com.
wmqxxxxx.com.            IN      NS      dns9.hichina.com.

;; ADDITIONAL SECTION:
dns9.hichina.com.          IN      A       140.205.81.15
dns9.hichina.com.          IN      A       140.205.81.25
dns9.hichina.com.          IN      A       106.11.141.115
dns9.hichina.com.          IN      A       106.11.141.125
dns9.hichina.com.          IN      A       106.11.211.55
dns9.hichina.com.          IN      A       106.11.211.65
dns9.hichina.com.          IN      A       140.205.41.15
dns9.hichina.com.          IN      A       140.205.41.25
dns9.hichina.com.          IN      AAAA    :::::
dns10.hichina.com.         IN      A       140.205.81.26
dns10.hichina.com.         IN      A       106.11.141.116
dns10.hichina.com.         IN      A       106.11.141.126
dns10.hichina.com.         IN      A       106.11.211.56
dns10.hichina.com.         IN      A       106.11.211.66
dns10.hichina.com.         IN      A       140.205.41.16
dns10.hichina.com.         IN      A       140.205.41.26
dns10.hichina.com.         IN      A       140.205.81.16
dns10.hichina.com.         IN      AAAA    :::::

;; Query time:  msec
;; SERVER: 192.168.1.1#(192.168.1.1)
;; WHEN: Fri Jul  :: 中国标准时间
;; MSG SIZE  rcvd: 

参考

官网仓库：https://github.com/ngoduykhanh/PowerDNS-Admin

官网安装 MariaDB wiki：https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin

官网安装 PowerDNS-Admin wiki：https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7

其他链接：https://windyboy.github.io/post/2017/10/setup-powerdns-authoritative-with-dnssec/

https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/