背景
配置epel源
公司内部服务之间调用,由原来IP地址访问,调整为域名访问,便于后期维护。
选择PowerDNS的原因- 权威服务器和递归服务器可分离部署
- 支持LDAP(4.0.0版本开始)
- 提供API接口,为自动化运维提供扩展性
- 易于配置
名称 | 版本 |
操作系统 | CentOS Linux release 7.9.2009 (Core) |
pdns | 4.1.14 |
mysql | 5.7.32 |
poweradmin | 2.1.7 |
使用yum方式安装pdns,依赖于epel源。
- 配置epel源
rm -f /etc/yum.repos.d/*.repo wget http://mirrors.163.com/.help/CentOS7-Base-163.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum clean all yum makecache部署PowerDNS Authoritative Server查看安装包版本
# yum list|grep pdns pcp-pmda-pdns.x86_64 4.3.2-13.el7_9 updates pdns.x86_64 4.1.14-1.el7 epel pdns-backend-geoip.x86_64 4.1.14-1.el7 epel pdns-backend-ldap.x86_64 4.1.14-1.el7 epel pdns-backend-lua.x86_64 4.1.14-1.el7 epel pdns-backend-mydns.x86_64 4.1.14-1.el7 epel pdns-backend-mysql.x86_64 4.1.14-1.el7 epel pdns-backend-pipe.x86_64 4.1.14-1.el7 epel pdns-backend-postgresql.x86_64 4.1.14-1.el7 epel pdns-backend-remote.x86_64 4.1.14-1.el7 epel pdns-backend-sqlite.x86_64 4.1.14-1.el7 epel pdns-backend-tinydns.x86_64 4.1.14-1.el7 epel pdns-recursor.x86_64 4.1.16-1.el7 epel pdns-tools.x86_64 4.1.14-1.el7 epel安装pdns
yum -y install pdns pdns-backend-mysql.x86_64
- 使用mysql作为后端存储
官网下载地址:https://downloads.mysql.com/archives/community/
# wget https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.32-1.el7.x86_64.rpm-bundle.tar # tar xf mysql-5.7.32-1.el7.x86_64.rpm-bundle.tar # ll -rw-r--r-- 1 root root 542750720 9月 25 2020 mysql-5.7.32-1.el7.x86_64.rpm-bundle.tar -rw-r--r-- 1 7155 31415 26460548 9月 25 2020 mysql-community-client-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 314936 9月 25 2020 mysql-community-common-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 3918236 9月 25 2020 mysql-community-devel-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 47479624 9月 25 2020 mysql-community-embedded-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 23263144 9月 25 2020 mysql-community-embedded-compat-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 130933732 9月 25 2020 mysql-community-embedded-devel-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 2457204 9月 25 2020 mysql-community-libs-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 1260336 9月 25 2020 mysql-community-libs-compat-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 181712536 9月 25 2020 mysql-community-server-5.7.32-1.el7.x86_64.rpm -rw-r--r-- 1 7155 31415 124941892 9月 25 2020 mysql-community-test-5.7.32-1.el7.x86_64.rpm安装mysql
# rpm -ivh *.rpm --nodeps --force 警告:mysql-community-client-5.7.32-1.el7.x86_64.rpm: 头V3 DSA/SHA1 Signature, 密钥 ID 5072e1f5: NOKEY 准备中... ################################# [100%] 正在升级/安装... 1:mysql-community-common-5.7.32-1.e################################# [ 10%] 2:mysql-community-libs-5.7.32-1.el7################################# [ 20%] 3:mysql-community-client-5.7.32-1.e################################# [ 30%] 4:mysql-community-server-5.7.32-1.e################################# [ 40%] 5:mysql-community-devel-5.7.32-1.el################################# [ 50%] 6:mysql-community-embedded-5.7.32-1################################# [ 60%] 7:mysql-community-embedded-devel-5.################################# [ 70%] 8:mysql-community-test-5.7.32-1.el7################################# [ 80%] 9:mysql-community-libs-compat-5.7.3################################# [ 90%] 10:mysql-community-embedded-compat-5################################# [100%]配置mysql
- 启动时报错
#报错内容 /usr/local/mysql/bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory #解决办法 # yum install libaio -y
- 启动mysql
# systemctl start mysqld
- 查看root密码
# grep "password" /var/log/mysqld.log 2021-04-14T02:05:15.501708Z 1 [Note] A temporary password is generated for root@localhost: gm75PFQgc0=1
- 重置root密码
# mysql -uroot -p ALTER USER 'root'@'localhost' IDENTIFIED BY '!QAZ2wsx#EDC'; Query OK, 0 rows affected (0.00 sec) //查看密码设置规范 SHOW VARIABLES LIKE 'validate_password%'; //设置密码查看规范 set global validate_password_length=4; //设置长度最低为4位 set global validate_password_policy=0; //设置可以为简单的密码
- 常规调整
mysql> use mysql; # 查看用户信息 mysql> select host,user from user; +-----------+---------------+ | host | user | +-----------+---------------+ | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+---------------+ 3 rows in set (0.00 sec) #修改root用户授权信息 mysql> update user set host='%' where user='root'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 #验证是否生效 mysql> select host,user from user; +--------------+---------------+ | host | user | +--------------+---------------+ | 192.168.31.% | root | | localhost | mysql.session | | localhost | mysql.sys | +--------------+---------------+ 3 rows in set (0.00 sec) # 查看数据库字符集 mysql> show variables like 'character_set%'; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | utf8 | | character_set_connection | utf8 | | character_set_database | latin1 | | character_set_filesystem | binary | | character_set_results | utf8 | | character_set_server | latin1 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.00 sec)
mysql5.7.32无法修改character_set_database字符集,需要在创建数据库的时候指定
初始化powerdns数据库创建数据库CREATE USER 'powerdnsuser'@'%' IDENTIFIED BY 'powerdns'; create database powerdns default charset utf8; grant all privileges on powerdns.* to powerdnsuser@'%' identified by 'powerdns';导入数据表
导入对应版本的表结构即可。
https://github.com/PowerDNS/pdns/blob/rel/auth-4.1.x/modules/gmysqlbackend/schema.mysql.sql
CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX ordername ON records (ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, comment TEXT CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);配置pdns.conf文件调整如下配置
# grep -vE "^$|#" /etc/pdns/pdns.conf allow-dnsupdate-from=127.0.0.0/8,::1,192.168.31.0/24 api=yes api-key=powerdns api-logfile=/var/log/pdns.log cache-ttl=20 config-dir=/etc/pdns daemon=yes default-ttl=3600 disable-syslog=yes launch=gmysql gmysql-host=192.168.31.72 gmysql-port=3306 gmysql-user=powerdnsuser gmysql-dbname=powerdns gmysql-password=powerdns local-address=0.0.0.0 local-port=53 setgid=pdns setuid=pdns webserver=yes webserver-address=0.0.0.0 webserver-allow-from=127.0.0.1,::1,192.168.31.0/24 webserver-password=powerdns webserver-port=8081 write-pid=yes启动pdns权威服务
# systemctl start pdns验证
- 可以访问web管理服务:http://192.168.31.72:8081
- 用户名和密码:powerdns/powerdns(webserver-password=powerdns)
wget https://nchc.dl.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz tar xf poweradmin-2.1.7.tgz mv /root/poweradmin-2.1.7 /var/www/html/poweradmin部署httpd和php
yum install httpd php php-common php-curl php-devel php-gd php-pear php-imap php-mcrypt php-mhash php-mysql php-xmlrpc gettext -y数据库使用powerdns的账户信息
CREATE USER 'powerdnsuser'@'%' IDENTIFIED BY 'powerdns';配置poweradmin
访问http://192.168.31.69/poweradmin/install/
- 选择语言进行安装,此处选择英文继续安装
- 进入数据库配置
- 填写powerdns的数据库账户信息
- 创建一个较小权限用户,用于poweradmin操作powerdns数据库
- 在mysql执行授权命令
#数据库和poweradmin分离,需要注意访问权限 mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'poweradminuser'@'%' IDENTIFIED BY 'poweradmin';
- poweradmin配置文件修改
- 完成配置
- 登录
- 登录成功
