利用powerdns自建DNS服务器 - AFF大佬 - 分享有价值的主机信息和服务器运维编程技术
当前位置: 主页 » 技术干货 » 利用powerdns自建DNS服务器

利用powerdns自建DNS服务器

   affdalao      2019年05月25日   阅读 112 次     0 评论   Tags: · ·

DNS互联网的基石,当我们访问网址的时候,必须先访问DNS来获取网址对应的IP地址,由于IP不是特别好记,所以人们发明了DNS.

相关链接:
基于运营商的分布式DNS搭建
自建DNS权威服务器全过程(多域名解析)

###如果想搞主从,可以通过MariaDB进行主从复制等等,把pdns数据表,主从一下就可以了。
基于SSL实现Mysql加密的主从复制配置

1、准备工作安装Mariadb和pdns


###创建Mariadb软件源
[root@SGcdn001 ~]# vi /etc/yum.repos.d/MariaDB.repo 
[mariadb]
name = MariaDB
baseurl = https://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

###安装Mariadb和pdns
yum install -y MariaDB-server MariaDB-client MariaDB-devel  jemalloc MariaDB-shared  pdns pdns-backend-mysql


2、配置pdns文件支持MariaDB数据库


[root@vps219074 ~]# vi /etc/pdns/pdns.conf 

###在文件末尾加入

launch=gmysql
gmysql-host=localhost
gmysql-socket=/var/lib/mysql/mysql.sock
gmysql-port=3306
gmysql-dbname=pdns   #数据库
gmysql-user=pdns   #数据库用户名
gmysql-password=密码  #你的数据库密码

3、创建pdns数据库表
参考:https://doc.powerdns.com/authoritative/guides/basic-database.html



###创建root用户,可以管理整个数据库
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '密码;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY '密码';

###创建pdns用户只能管理pdns数据库
GRANT ALL ON pdns.* TO 'pdns'@'%' IDENTIFIED BY '密码';

GRANT ALL ON pdns.* TO 'pdns'@'127.0.0.1' IDENTIFIED BY '密码';

GRANT ALL ON pdns.* TO 'pdns'@'localhost' IDENTIFIED BY '密码';

###删除空密码的用户
use mysql;
delete from user where password="";
flush privileges;

create database pdns charset=utf8;
use pdns;

CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT UNSIGNED DEFAULT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    BIGINT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX ordername ON records (ordername);


CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB CHARACTER SET 'latin1';


CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);


CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);


###这里面最常用的两个表,一个为domains,一个为records表,domains负责保存需要解析的域名,records负责保存domains表的域名的记录



4、分别向domains和records插入数据:



###定义DNS服务SOA A AAAA记录
INSERT INTO domains (name, type) values ('toydns.com', 'NATIVE');
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'toydns.com','localhost admin.toydns.com 1 10380 3600 604800 3600','SOA',86400,NULL);

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'toydns.com','ns1.toydns.com','NS',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'toydns.com','ns2.toydns.com','NS',86400,NULL);

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns1.toydns.com','1.1.1.1','A',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns2.toydns.com','1.1.1.1','A',3600,NULL);


INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns1.toydns.com','2402:::1','AAAA',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'ns2.toydns.com','2402:::1','AAAA',3600,NULL);


###定义需要解析的域名记录
###往domains表中插入需要解析的域名

INSERT INTO domains (name, type) values ('affdalao.com', 'NATIVE');

###数字2要和domains中的domains id保持一致,并且必须有SOA和NS记录,
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','localhost admin.toydns.com 1 10380 3600 604800 3600','SOA',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','ns2.toydns.com','NS',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','ns1.toydns.com','NS',86400,NULL);


INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'www.affdalao.com','1.1.1.1','A',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','1.1.1.1','A',3600,NULL);


INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'www.affdalao.com','2402:::70','AAAA',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','2402:::70','AAAA',3600,NULL);



INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'www.affdalao.com','1.1.1.1','A',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'affdalao.com','1.1.1.1','A',3600,NULL);

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'down.affdalao.com','1.1.1.1','A',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (2,'down.affdalao.com','2402:::88','AAAA',3600,NULL);

###定义需要解析的域名记录 
###数字3要和domains中的domains id保持一致,并且必须有SOA和NS记录,

INSERT INTO domains (name, type) values ('cdntiger.com', 'NATIVE');

INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (3,'cdntiger.com','localhost admin.toydns.com 1 10380 3600 604800 3600','SOA',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (3,'cdntiger.com','ns1.toydns.com','NS',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (3,'cdntiger.com','ns2.toydns.com','NS',86400,NULL);


INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (3,'www.cdntiger.com','1.1.1.1','A',3600,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (3,'cdntiger.com','1.1.1.1','A',3600,NULL);



5、在防火墙开放53端口:



firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --reload


6、在你的域名注册商注册nameserver服务器,并把需要解析的域名的DNS服务器更改为自己的DNS服务服务器即可,以namesilo为例:



  • 版权声明:本文版权归AFF大佬和原作者所有,未经许可不得转载。文章部分来源于网络仅代表作者看法,如有不同观点,欢迎进行交流。除非注明,文章均由 AFF大佬 整理发布,欢迎转载,转载请带版权。

  • 来源:AFF大佬 ( https://www.affdalao.com/ ),分享有价值的主机信息和服务器运维编程技术。
  • 链接:https://www.affdalao.com/1004.html
  • 评论(0

    1. 还没有任何评论,你来说两句吧

    发表评论

    电子邮件地址不会被公开。 必填项已用*标注