使用MariaDB後端在Ubuntu 18.04 / Debian 9上安裝PowerDNS和PowerDNS-Admin
原作者:Josphat Mutai 轉載來源:https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/
使用MariaDB後端在Ubuntu18.04/Debian 9上安裝PowerDNS和PowerDNS-Admin
在本指南中,我們將介紹在Ubuntu 18.04和Debian 9版Linux上安裝PowerDNS權威名稱伺服器和PowerDNS-Admin。PowerDNS是一個DNS伺服器,用C ++編寫並根據GPL許可。它執行在大多數Linux和所有其他Unix衍生產品上。在撰寫本文時,最新版本是4.1.X版本。
在Ubuntu 18.04 / Debian 9上安裝PowerDNS
在本節中,我們將安裝和配置:
- MariaDB資料庫伺服器。
- PowerDNS服務
步驟1:安裝和配置MariaDB資料庫伺服器
我們需要安裝資料庫伺服器,PowerDNS將使用它來儲存區域檔案。請注意,您還可以選擇使用BIND等文字檔案。我們選擇的資料庫伺服器是MariaDB。
要在Ubuntu 18.04上安裝MariaDB,請檢查
在Ubuntu 18.04和CentOS 7上安裝MariaDB 10.x.
對於Debian 9 / Debian使用:
如何在Debian 9 / Debian 8上安裝MariaDB 10.3
安裝並執行資料庫伺服器後,繼續在MariaDB中建立PowerDNS資料庫和使用者帳戶。
$ mysql -u root -p
create database powerdns;
接下來是建立powerdns
資料庫使用者和分配許可權:
grant all on powerdns *.* 'powerdns'@'localhost' identified by 'password';
重新整理許可權以更新使用者設定:
flush privileges;
切換到powerdns
資料庫以建立表:
use powerdns;
建立所需的表:
CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT UNSIGNED DEFAULT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX ordername ON records (ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, comment TEXT CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
您可以確認您的表已建立:
MariaDB [powerdns]> show tables;
+--------------------+
| Tables_in_powerdns |
+--------------------+
| comments |
| cryptokeys |
| domainmetadata |
| domains |
| records |
| supermasters |
| tsigkeys |
+--------------------+
7 rows in set (0.000 sec)
現在我們有了一個數據庫和一個空表。PowerDNS現在應該可以用它啟動了。
第2步:在Ubuntu 18.04 / Debian 9上安裝PowerDNS
Ubuntu 18.04附帶systemd-resolve,你需要禁用它,因為它繫結到埠 53 ,這將與PowerDNS埠衝突。
執行以下命令以禁用已解析的服務:
sudo systemctl禁用systemd-resolved
sudo systemctl stop systemd-resolved
另外,刪除符號連結的resolv.conf檔案
$ ls -lh /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Jul 24 15:50 /etc/resolv.conf - > ../run/systemd/resolve/stub-resolv.conf
$ sudo rm /etc/resolv.conf
然後建立新的resolv.conf檔案。
sudo echo“nameserver 8.8.8.8”> /etc/resolv.conf
請注意,您可以從官方apt儲存庫或PowerDNS儲存庫安裝PowerDNS。要從apt儲存庫安裝,請執行:
sudo apt-get update
sudo apt-get install pdns-server pdns-backend-mysql
為Ubuntu 18.04新增官方PowerDNS儲存庫。
$ cat /etc/apt/sources.list.d/pdns.list
deb [arch = amd64] http://repo.powerdns.com/ubuntu bionic-auth-41 main
匯入GPG金鑰:
捲曲https://repo.powerdns.com/FD380FBB-pub.asc | sudo apt-key add -
更新軟體包列表並安裝PowerDNS軟體包(pdns-server)和MySQL後端(pdns-backend-mysql)。
sudo apt-get update
sudo apt-get install pdns-server pdns-backend-mysql
對於Debian 9,從apt儲存庫安裝軟體包而不新增新的repo:
sudo apt-get update
sudo apt-get install pdns-server pdns-backend-mysql
當詢問是否使用dbconfig-common配置PowerDNS資料庫時 ,請 回答 否
配置PowerDNS以使用MySQL後端:
這是我對PowerDNS的MySQL配置:
#cat /etc/powerdns/pdns.d/pdns.local.gmysql.conf
#MySQL配置
#啟動gmysql後端
推出+ = gmysql
#gmysql引數
gmysql主機=本地主機
gmysql埠= 3306
gmysql-DBNAME = powerdns
gmysql使用者= powerdns
gmysql密碼= strongpassword
gmysql-DNSSEC = YES
#gmysql-socket =
重新啟動pdns服務
sudo systemctl restart pdns
您現在可以測試PowerDNS以確認該服務是否線上:
# netstat -tap | grep pdns
tcp 0 0 0.0.0.0:domain 0.0.0.0:* LISTEN 31719/pdns_server
tcp6 0 0 [::]:domain [::]:*
檢查PowerDNS服務是否正確響應:
# dig @127.0.0.1
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 65465
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;. IN NS
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 10 15:57:10 UTC 2018
;; MSG SIZE rcvd: 28
在Ubuntu 18.04 / Debian 9上安裝PowerDNS-Admin
PowerDNS-Admin是一個具有以下高階功能的PowerDNS Web介面:
- 多域管理
- 域模板
- 使用者管理
- 基於域的使用者訪問管理
- 使用者活動記錄
- 本地DB / LDAP / Active Directory使用者身份驗證
- 支援SAML身份驗證
- Google OAuth身份驗證
- Github OAuth身份驗證
- 支援雙因素身份驗證(TOTP)
- 儀表板和pdns服務統計資訊
- DynDNS 2協議支援
- 直接使用IPv6地址編輯IPv6 PTR(不再編輯文字地址!)
安裝Python 3開發包
sudo apt-get install python3-dev
從requirements.txt檔案安裝構建python庫所需的包
sudo apt-get install -y libmysqlclient-dev python-mysqldb libsasl2-dev libffi-dev \
libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev pkg-config
安裝紗線以構建資產檔案:
sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
sudo echo“deb https://dl.yarnpkg.com/debian/ stable main”> /etc/apt/sources.list.d/yarn.list
sudo apt-get update
sudo apt-get安裝紗線
結帳原始碼並建立virtualenv:
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git / opt / web / powerdns-admin
cd / opt / web / powerdns-admin
virtualenv -p python3 flask
輸出:
已經使用直譯器/ usr / bin / python3
使用基本字首'/ usr'
/ opt / web / powerdns-admin / flask / bin / python3中的新python可執行檔案
還在/ opt / web / powerdns-admin / flask / bin / python中建立可執行檔案
安裝setuptools,pkg_resources,pip,wheel ...... done。
啟用python3環境並安裝庫:
。./flask/bin/activate
pip install -r requirements.txt
建立和配置資料庫:
$ mysql -u root -p
CREATE DATABASE powerdnsadmin;
grant all privileges on powerdnsadmin.* to 'pdnsadminuser'@'%' identified by 'password';
flush privileges;
在執行PowerDNS-Admin之前,請確保您具有config.py可用。讓我們從模板中建立一個:
cp config_template.py config.py
編輯檔案到
vim config.py
這些是必需的配置:
- 資料庫連線資訊
- PNDS API服務端點和API金鑰
- 使用的埠號
- 繫結地址
註釋掉SQLite SQLALCHEMY_DATABASE_URI
行並取消註釋MySQL:
# DATABASE CONFIG
#You'll need MySQL-python
SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = 'strongpassword'
SQLA_DB_HOST = 'localhost'
SQLA_DB_NAME = 'powerdns'
#MySQL
SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'\
+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME
#SQLite
#SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
見下面的截圖:
一旦你的config.py準備好了。通過執行命令建立資料庫模式:
(flask) $ export FLASK_APP=app/__init__.py
(flask)$ flask db upgrade
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> 787bdba9e147, Init DB
然後執行db migrate:
(flask)$ flask db migrate -m "Init DB"
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.autogenerate.compare] Detected removed index 'domainidindex' on 'cryptokeys'
INFO [alembic.autogenerate.compare] Detected removed table 'cryptokeys'
INFO [alembic.autogenerate.compare] Detected removed index 'namealgoindex' on 'tsigkeys'
INFO [alembic.autogenerate.compare] Detected removed table 'tsigkeys'
INFO [alembic.autogenerate.compare] Detected removed table 'supermasters'
INFO [alembic.autogenerate.compare] Detected removed index 'nametype_index' on 'records'
INFO [alembic.autogenerate.compare] Detected removed table 'records'
INFO [alembic.autogenerate.compare] Detected removed index 'domainmetadata_idx' on 'domainmetadata'
INFO [alembic.autogenerate.compare] Detected removed table 'domainmetadata'
INFO [alembic.autogenerate.compare] Detected removed index 'name_index' on 'domains'
INFO [alembic.autogenerate.compare] Detected removed table 'domains'
INFO [alembic.autogenerate.compare] Detected removed index 'comments_name_type_idx' on 'comments'
INFO [alembic.autogenerate.compare] Detected removed index 'comments_order_idx' on 'comments'
INFO [alembic.autogenerate.compare] Detected removed table 'comments'
Generating /opt/web/powerdns-
admin/migrations/versions/42ca771ac430_init_db.py ... done
使用yarn生成資產檔案:
(flask)$ yarn install --pure-lockfile
yarn install v1.9.4
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
Done in 14.59s.
(flask)$ flask assets build
Building bundle: generated/login.js
[INFO] Building bundle: generated/login.js
Building bundle: generated/login.css
[INFO] Building bundle: generated/login.css
Building bundle: generated/main.js
[INFO] Building bundle: generated/main.js
Building bundle: generated/main.css
[INFO] Building bundle: generated/main.css
測試您的PowerDNS-Admin是否正常執行:
$ ./run.py
[INFO] *在http://127.0.0.1:9191/上執行(按CTRL + C退出)
[INFO] *使用stat重新啟動
[警告] *偵錯程式處於活動狀態!
[INFO] *偵錯程式密碼:466-405-858
配置systemd服務和Nginx
我們將使用systemd管理PowerDNS-Admin。建立如下的服務單元檔案:
$ sudo vim /etc/systemd/system/powerdns-admin.service
[Unit]
Description=PowerDNS-Admin
After=network.target
[Service]
User=root
Group=root
WorkingDirectory=/opt/web/powerdns-admin
ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
[Install]
WantedBy=multi-user.target
啟動Powerdns-Admin服務並將其設定為在啟動時啟動:
sudo systemctl daemon-reload
sudo systemctl start powerdns-admin
sudo systemctl enable powerdns-admin
確認狀態是否正在執行狀態:
# systemctl status powerdns-admin
● powerdns-admin.service - PowerDNS-Admin
Loaded: loaded (/etc/systemd/system/powerdns-admin.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-10 16:45:16 UTC; 22s ago
Main PID: 10405 (gunicorn)
Tasks: 3 (limit: 1152)
CGroup: /system.slice/powerdns-admin.service
├─10405 /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admi
├─10427 /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admi
└─10428 /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admi
Aug 10 16:45:16 ubuntu-01 systemd[1]: Started PowerDNS-Admin.
Aug 10 16:45:17 ubuntu-01 gunicorn[10405]: [2018-08-10 16:45:17 +0000] [10405] [INFO] Starting gunicorn 19.7.1
Aug 10 16:45:17 ubuntu-01 gunicorn[10405]: [2018-08-10 16:45:17 +0000] [10405] [INFO] Listening at: unix:/opt/web/powerdns-admin/powerdns-admin.sock (
Aug 10 16:45:17 ubuntu-01 gunicorn[10405]: [2018-08-10 16:45:17 +0000] [10405] [INFO] Using worker: sync
Aug 10 16:45:17 ubuntu-01 gunicorn[10405]: [2018-08-10 16:45:17 +0000] [10427] [INFO] Booting worker with pid: 10427
Aug 10 16:45:17 ubuntu-01 gunicorn[10405]: [2018-08-10 16:45:17 +0000] [10428] [INFO] Booting worker with pid: 10428
為Powerdns-Admin安裝和配置Nginx
使用以下命令安裝Nginx:
sudo apt-get install nginx
配置Nginx
sudo vim /etc/nginx/conf.d/powerdns-admin.conf
新增如下內容:
server {
listen *:80;
server_name powerdns-admin.example.com www.powerdns-admin.example.com;
index index.html index.htm index.php;
root /opt/web/powerdns-admin;
access_log /var/log/nginx/powerdns-admin.local.access.log combined;
error_log /var/log/nginx/powerdns-admin.local.error.log;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_buffer_size 8k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_headers_hash_bucket_size 64;
location ~ ^/static/ {
include /etc/nginx/mime.types;
root /opt/web/powerdns-admin/app;
location ~* \.(jpg|jpeg|png|gif)$ {
expires 365d;
}
location ~* ^.+.(css|js)$ {
expires 7d;
}
}
location / {
proxy_pass http://unix:/opt/web/powerdns-admin/powerdns-admin.sock;
proxy_read_timeout 120;
proxy_connect_timeout 120;
proxy_redirect off;
}
}
檢查nginx語法然後重啟nginx服務:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# systemctl restart nginx
訪問PowerDNS-Admin Web介面。
http://powerdns-admin.example.com/
單擊“建立帳戶” 按鈕並註冊使用者。第一個使用者將處於管理員角色。
當您使用建立的使用者名稱和密碼登入時,您應該獲得如下介面:
享受在Ubuntu 18.04 / Debian 9伺服器上使用PowerDNS-Admin管理PowerDNS。