部署环境
公司内部安装powerdns实现局域网服务DNS解析,避免通过ip访问。
系统: CentOS 7.9
mysql版本: 5.7.33
pdns版本: 4.4.1
pdns-recursor版本: 4.4.2
PowerDNS-admin版本: 0.2.3
DNS服务器主机: 10.x.x.109
测试服务器ip: 10.y.y.195
使用docker方式安装mysql,docker-compose.yml如下所示:
--- version: '3.7' services: mysql: hostname: mysql container_name: mysql restart: always image: mysql:5.7.33 ports: - 3306:3306 command: [ '--default-authentication-plugin=mysql_native_password', '--max_connections=5000', '--expire_logs_days=5', '--character-set-server=utf8mb4', '--collation-server=utf8mb4_unicode_ci', '--slow_query_log=on', '--long_query_time=2', '--slow_query_log_file=/var/lib/mysql/slow_query.log' ] environment: MYSQL_DATABASE: powerdns MYSQL_ROOT_PASSWORD: XpWxxxxx0WmE MYSQL_USER: normal MYSQL_PASSWORD: 2GVoxxxxxtUsI5y volumes: - /data/mysql/data:/var/lib/mysql - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro - ./my.cnf:/etc/mysql/my.cnf networks: - mysql networks: mysql: external: true
mysql配置my.cnf如下:
[mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql secure-file-priv= NULL # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION slow_query_log = on long_query_time = 2 slow_query_log_file = /var/lib/mysql/slow_query.log log_queries_not_using_indexes = ON max_connections = 4000 skip-name-resolve #lower_case_table_names = 1 # Custom config should go here !includedir /etc/mysql/conf.d/
配置powerdns yum源
yum install epel-release yum-plugin-priorities && curl -o /etc/yum.repos.d/powerdns-auth-44.repo https://repo.powerdns.com/repo-files/centos-auth-44.repo && yum makecache fast
安装pdns及pdns连接mysql插件
yum install pdns.x86_64 pdns-backend-mysql.x86_64
修改pdns.conf配置:
api=yes api-key=Qno9k64Vkkkyfz1LtC3klk daemon=no guardian=no launch=gmysql gmysql-host=10.x.x.109 gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=root gmysql-password=XpWxxxxx0WmE local-address=0.0.0.0, :: local-port=5300 setgid=pdns setuid=pdns webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081
初始化数据库:
mysql -h10.x.x.109 -uroot -pXpWxxxxx0WmE -e "use powerdns; source /usr/share/doc/pdns-backend-mysql-4.4.1/schema.mysql.sql;"
启动pdns服务:
systemctl start pdns && systemctl enable pdns
安装递归查询服务pdns-recursor
配置yum源
curl -o /etc/yum.repos.d/powerdns-rec-44.repo https://repo.powerdns.com/repo-files/centos-rec-44.repo && yum makecache fast
安装pdns-recursor
yum install pdns-recursor
修改pdns-recursor配置文件pdns-recursor.conf
allow-from=10.10.0.0/16, 10.20.0.0/16 #对应权威服务器的allow-recursion 允许哪些ip进行递归 #forward-zones=mydomain.com=10.x.x.109:5300 #哪些域名需要自己的权威服务器来解析,域名=权威服务器ip:端口 forward-zones-file=/etc/pdns-recursor/zones forward-zones-recurse=.=223.5.5.5, .=180.76.76.76, .=114.114.114.114 # 除forward-zones外其他所有的请求发至223.5.5.5, 180.76.76.76, 114.114.114.114 local-address=0.0.0.0 #对应权威服务器的local-address local-port=53 setgid=pdns-recursor setuid=pdns-recursor
配置哪些域名强制走内网dns解析,/etc/pdns-recursor/zones配置如下
+mydomain.com=10.x.x.109:5300 test.dev.mydomain.com=10.x.x.109:5300 test2.prod.mydomain.com=10.x.x.109:5300
启动pdns-recursor服务
systemctl start pdns-recursor && systemctl enable pdns-recursor
安装PowerDNS管理后台服务powerdns-admin,docker-compose.ymk如下
--- version: '3.7' services: powerdnsadmin: hostname: pdnsadmin container_name: pdnsadmin image: ngoduykhanh/powerdns-admin:0.2.3 restart: always ports: - 80:80 networks: - pdns volumes: - /data/pdnsadmin/data:/data logging: driver: json-file options: max-file: '3' max-size: '10m' networks: pdns: driver: bridge external: true
访问powerdns-admin页面并配置接口信息
添加A记录
修改测试客户端10.y.y.195的dns ip为10.x.x.109并解析上一步添加的A记录
解析A记录
解析baidu.com,通过内网递归查询到外部域名
至此内网单机版dns服务器部署完毕,可以正常解析域名。
