数据库 postgresql pdns powerdns 系列之二 PowerDNS Authoritative Server

PowerDNS Authoritative Server 权威服务器，直接查询数据库去尝试解析，数据库中若不存在此记录，则直接返回空结果。

os: centos 7.8.2003 pnds: 4.7.3

安装 pdns

安装 pdns auth

yum install epel-release yum-plugin-priorities

curl -o /etc/yum.repos.d/powerdns-auth-47.repo https://repo.powerdns.com/repo-files/el-auth-47.repo

yum install pdns

安装 pdns backend

使用 postgresql 作为存储数据库，需要安装 pdns-backend-postgresql

这里有个小细节需要注意下

依赖安装 postgresql-libs 的版本较低，登录 pgsql 10 及以上会提示 SCRAM authentication requires libpq version 10 or above 。

需要 postgresql-libs 最低为 10 版本，可提前下载这两个 rpm 包 。

postgresql10.x86_64 10.23-1PGDG.rhel7 @pgdg10

postgresql10-libs.x86_64 10.23-1PGDG.rhel7 @pgdg10

安装 pdns backend

yum install pdns-backend-geoip \

pdns-backend-ldap \

pdns-backend-lmdb \

pdns-backend-lua2 \

pdns-backend-mysql \

pdns-backend-odbc \

pdns-backend-pipe \

pdns-backend-postgresql \

pdns-backend-remote \

pdns-backend-sqlite \

pdns-backend-tinydns

登录数据库 创建 user、database，参考 https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings

create user pdns with password 'xxxxx';

create database pdns_db with owner='pdns';

创建表，参考 https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings

CREATE TABLE domains (

id SERIAL PRIMARY KEY,

name VARCHAR(255) NOT NULL,

master VARCHAR(128) DEFAULT NULL,

last_check INT DEFAULT NULL,

type TEXT NOT NULL,

notified_serial BIGINT DEFAULT NULL,

account VARCHAR(40) DEFAULT NULL,

options TEXT DEFAULT NULL,

catalog TEXT DEFAULT NULL,

CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))

);

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE INDEX catalog_idx ON domains(catalog);

CREATE TABLE records (

id BIGSERIAL PRIMARY KEY,

domain_id INT DEFAULT NULL,

name VARCHAR(255) DEFAULT NULL,

type VARCHAR(10) DEFAULT NULL,

content VARCHAR(65535) DEFAULT NULL,

ttl INT DEFAULT NULL,

prio INT DEFAULT NULL,

disabled BOOL DEFAULT 'f',

ordername VARCHAR(255),

auth BOOL DEFAULT 't',

CONSTRAINT domain_exists

FOREIGN KEY(domain_id) REFERENCES domains(id)

ON DELETE CASCADE,

CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))

);

CREATE INDEX rec_name_index ON records(name);

CREATE INDEX nametype_index ON records(name,type);

CREATE INDEX domain_id ON records(domain_id);

CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);

CREATE TABLE supermasters (

ip INET NOT NULL,

nameserver VARCHAR(255) NOT NULL,

account VARCHAR(40) NOT NULL,

PRIMARY KEY(ip, nameserver)

);

CREATE TABLE comments (

id SERIAL PRIMARY KEY,

domain_id INT NOT NULL,

name VARCHAR(255) NOT NULL,

type VARCHAR(10) NOT NULL,

modified_at INT NOT NULL,

account VARCHAR(40) DEFAULT NULL,

comment VARCHAR(65535) NOT NULL,

CONSTRAINT domain_exists

FOREIGN KEY(domain_id) REFERENCES domains(id)

ON DELETE CASCADE,

CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))

);

CREATE INDEX comments_domain_id_idx ON comments (domain_id);

CREATE INDEX comments_name_type_idx ON comments (name, type);

CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (

id SERIAL PRIMARY KEY,

domain_id INT REFERENCES domains(id) ON DELETE CASCADE,

kind VARCHAR(32),

content TEXT

);

CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);

CREATE TABLE cryptokeys (

id SERIAL PRIMARY KEY,

domain_id INT REFERENCES domains(id) ON DELETE CASCADE,

flags INT NOT NULL,

active BOOL,

published BOOL DEFAULT TRUE,

content TEXT

);

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (

id SERIAL PRIMARY KEY,

name VARCHAR(255),

algorithm VARCHAR(50),

secret VARCHAR(255),

CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))

);

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

配置

cp /etc/pdns/pdns.conf /etc/pdns/pdns.conf.bak

> /etc/pdns/pdns.conf

vi /etc/pdns/pdns.conf

#启用 rest api

api=yes

api-key=aabbccdd112233009988

#默认配置

daemon=no

guardian=no

setgid=pdns

setuid=pdns

#数据库设置

launch=gpgsql

gpgsql-host=xxx.xxx.xxx.xxx

gpgsql-port=5432

gpgsql-dbname=pdns_db

gpgsql-user=pdns

gpgsql-password=xxxxx

#DNS服务监听设置

local-address=0.0.0.0

local-port=53

#启用 webserver 监控

webserver=yes

webserver-address=0.0.0.0

webserver-allow-from=0.0.0.0/0

webserver-port=8081

#域名动态解析

enable-lua-records=yes

启动

chmod -R 755 /etc/pdns/pdns.conf

systemctl enable pdns

systemctl start pdns

systemctl status pdns

如果碰到启动错误，是端口 53 被占用的话，可以参考这篇文章处理下 <>

日常配置

建议通过 PowerDNS-Admin 来完成

安装UI界面

如果全部使用命令行，操作缺失比较麻烦，可以通过第三方 PowerDNS-Admin 实现界面管理。参考 https://github.com/PowerDNS-Admin/PowerDNS-Admin

安装

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

systemctl enable docker

systemctl start docker

docker run -d \

-e SECRET_KEY='a-very-secret-key' \

-v pda-data:/data \

-p 9191:80 \

ngoduykhanh/powerdns-admin:latest

查看启动效果

docker ps

netstat -natp

访问 http://localhost:9191/login 第一次访问需要创建个账号 按照操作一步步进行。

日常配置

登录PowerDNS-Admin，左侧选择 +New Domain，即可添加新的域，点击提交

点击域名 Action 的 Manage

增加两条记录后，点击右上 Apply Changes 生效。

参考： https://repo.powerdns.com/ https://doc.powerdns.com/ https://doc.powerdns.com/authoritative/backends/generic-postgresql.html#settings

查看原文