powerDNS服務器搭建

一、演示環境

3臺centos7 x86_64 最小化安裝系統

pdnsserver   192.168.0.22 (DNS server服務器）
node01           192.168.0.11
node02           192.168.0.18

二、powerdns 安裝

192.168.0.22 服務器上安裝pdns_server

搜索軟件安裝包是否支持安裝
yum search pdns-backend-mysql.x86_64

要是沒搜索到可以使用的安裝軟件的話，更換下下yum原即可以

yum list | grep epel-release
yum install -y epel-release
cd /etc/yum.repos.d
比原來的安裝源，多個2個文件epel.repo epel-testing.repo

使用阿里開源鏡像提供的epel源
#下載阿里開源鏡像的epel源文件

wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo

比原來的安裝源，多個3個文件epel.repo epel-testing.repo epel-7.repo
清除系統yum緩存，並重新生成新的yum緩存
yum makecache
##查看系統可用的yum源和所有的yum源
yum repolist enabled
yum repolist all

重新安裝
yum install pdns-backend-mysql.x86_64
安裝成功
[root@pdnsserver yum.repos.d]# which pdns_server
/usr/sbin/pdns_server

下載powerdns MySQL數據庫的表結構：

curl https://raw.githubusercontent.com/PowerDNS/pdns/rel/auth-4.1.x/modules/gmysqlbackend/schema.mysql.sql -o powerdns.sql 

登錄本機pdns_server MySQL然後創建pdns庫，並且授權給192.168.0.22

grant all on pdns.* to dnsuser@'1192.168.0.22' identified by '654321';flush privileges;
create database pdns;use pdns;
source /root/powerdns.sql;
use pdns;
INSERT INTO domains (name, type) values ('testdns01.com', 'NATIVE');
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'testdns01.com','localhost.dnstest.net 1','SOA',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'@','f1g1ns1.dnspod.net','NS',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'@','f1g1ns2.dnspod.net','NS',86400,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'r.testdns01.com','192.168.0.18','A',120,NULL);
INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'w.testdns01.com','192.168.0.11','A',120,NULL);

root@pdns_server [pdns]>select * from records;
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
| id | domain_id | name            | type | content                 | ttl   | prio | change_date | disabled | ordername | auth |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
|  8 |         1 | testdns01.com   | SOA  | localhost.dnstest.net 1 | 86400 | NULL |        NULL |        0 | NULL      |    1 |
|  9 |         1 | @               | NS   | f1g1ns1.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 10 |         1 | @               | NS   | f1g1ns2.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 11 |         1 | r.testdns01.com | A    | 192.168.0.18            |   120 | NULL |        NULL |        0 | NULL      |    1 |
| 12 |         1 | w.testdns01.com | A    | 192.168.0.11            |   120 | NULL |        NULL |        0 | NULL      |    1 |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+

在pdn_server的配置文件pdns.conf 開頭添加剛纔創建的鏈接pdns庫的賬戶信息：

[root@pdnsserver  ~]# head -10 /etc/pdns/pdns.conf 
launch=gmysql
gmysql-host=192.168.0.22
gmysql-user=dnsuser
gmysql-dbname=pdns
gmysql-password=654321

提示要把默認的#launch=bind 參數註釋掉，然後再添加launch=gmysql 否則啓動pdns服務會報錯

啓動pdns_server:

[root@pdnsserver pdns]#  /usr/sbin/pdns_server --daemon=no --guardian=no --loglevel=9
Jun 26 16:11:20 Reading random entropy from '/dev/urandom'
Jun 26 16:11:20 Loading '/usr/lib64/pdns/libgmysqlbackend.so'
Jun 26 16:11:20 [gmysqlbackend] This is the gmysql backend version 4.1.8 reporting
Jun 26 16:11:20 This is a standalone pdns
Jun 26 16:11:20 Listening on controlsocket in '/var/run/pdns.controlsocket'
Jun 26 16:11:20 UDP server bound to 0.0.0.0:53
Jun 26 16:11:20 UDPv6 server bound to [::]:53
Jun 26 16:11:20 TCP server bound to 0.0.0.0:53
Jun 26 16:11:20 TCPv6 server bound to [::]:53
Jun 26 16:11:20 PowerDNS Authoritative Server 4.1.8 (C) 2001-2018 PowerDNS.COM BV
Jun 26 16:11:20 Using 64-bits mode. Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-36).
Jun 26 16:11:20 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Jun 26 16:11:20 Set effective group id to 993
Jun 26 16:11:20 Set effective user id to 995
Jun 26 16:11:20 Creating backend connection for TCP
Jun 26 16:11:20 gmysql Connection successful. Connected to database 'pdns' on '192.168.0.11'.
Jun 26 16:11:20 About to create 3 backend threads for UDP
Jun 26 16:11:20 gmysql Connection successful. Connected to database 'pdns' on '192.168.0.11'.
Jun 26 16:11:20 gmysql Connection successful. Connected to database 'pdns' on '192.168.0.11'.
Jun 26 16:11:21 gmysql Connection successful. Connected to database 'pdns' on '192.168.0.11'.
Jun 26 16:11:21 Done launching threads, ready to distribute questions

查看pdnsserver的通信端口：

[root@pdnsserver ~]# ss -lntup|grep 53
udp    UNCONN     0      0         *:53                    *:*                   users:(("pdns_server",pid=16080,fd=6))
udp    UNCONN     0      0        :::53                   :::*                   users:(("pdns_server",pid=16080,fd=7))
tcp    LISTEN     0      128       *:53                    *:*                   users:(("pdns_server",pid=16080,fd=8))
tcp    LISTEN     0      128      :::53                   :::*                   users:(("pdns_server",pid=16080,fd=9))

提示pdns_server是採用tcp和udp協議的53端口進行通信的,要在防火牆iptables中放開53端口

[root@pdnsserver ~]# grep 53 /etc/sysconfig/iptables
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
[root@pdnsserver ~]#  systemctl restart iptables

到此處pdn_server安裝啓動完成。
pdns_server相關的詳細參數可以自行網上查找下，還是有很多說明介紹的，此處不再贅述

三、實例驗證

在192.168.0.11機器添加dns 服務地址192.168.0.22

[root@node01 ~]# cat /etc/resolv.conf 
nameserver 192.168.0.22
nameserver 221.228.255.1

ping測試：

[root@node01 ~]#  ping w.testdns01.com
PING w.testdns01.com (192.168.0.11) 56(84) bytes of data.
64 bytes from 192.168.0.11: icmp_seq=1 ttl=64 time=0.239 ms
64 bytes from 192.168.0.11: icmp_seq=2 ttl=64 time=0.223 ms
^C
--- w.testdns01.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.223/0.231/0.239/0.008 ms
[root@node01 ~]#  ping r.testdns01.com
PING r.testdns01.com (192.168.0.18) 56(84) bytes of data.
64 bytes from 192.168.0.18: icmp_seq=1 ttl=64 time=0.024 ms
64 bytes from 192.168.0.18: icmp_seq=2 ttl=64 time=0.030 ms
^C
--- r.testdns01.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.024/0.027/0.030/0.003 ms
[root@node01 ~]# 

dig測試：
安裝dig命令
yum -y install bind-utils

[root@node01 ~]# dig +trace r.testdns01.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> +trace r.testdns01.com
;; global options: +cmd
;; Received 28 bytes from 192.168.0.22#53(192.168.0.22) in 0 ms

[root@node01 ~]# dig +trace w.testdns01.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> +trace w.testdns01.com
;; global options: +cmd
;; Received 28 bytes from 192.168.0.22#53(192.168.0.22) in 0 ms

[root@node01 ~]# dig  w.testdns01.com  SOA

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> w.testdns01.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21294
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;w.testdns01.com.       IN  SOA

;; AUTHORITY SECTION:
testdns01.com.      3600    IN  SOA node01.dnstest.net. 1. 0 10800 3600 604800 3600

;; Query time: 0 msec
;; SERVER: 192.168.0.22#53(192.168.0.22)
;; WHEN: 六 6月 29 14:41:00 CST 2019
;; MSG SIZE  rcvd: 102

[root@node01 ~]# dig  w.testdns01.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> w.testdns01.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44913
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;w.testdns01.com.       IN  A

;; ANSWER SECTION:
w.testdns01.com.    120 IN  A   192.168.0.11

;; Query time: 3 msec
;; SERVER: 192.168.0.22#53(192.168.0.22)
;; WHEN: 六 6月 29 14:43:19 CST 2019
;; MSG SIZE  rcvd: 60

[root@node01 ~]# dig  r.testdns01.com 

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> r.testdns01.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60953
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;r.testdns01.com.       IN  A

;; ANSWER SECTION:
r.testdns01.com.    120 IN  A   192.168.0.18

;; Query time: 2 msec
;; SERVER: 192.168.0.22#53(192.168.0.22)
;; WHEN: 六 6月 29 14:43:24 CST 2019
;; MSG SIZE  rcvd: 60
[root@node01 ~]# 

192.168.0.18 機器上測試：

[root@node02 ~]# cat /etc/resolv.conf 
#Generated by NetworkManager
nameserver 192.168.0.22

安裝dig命令：
yum -y install bind-utils

[root@node02 ~]# dig  r.testdns01.com|grep r.testdns01.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> r.testdns01.com
;r.testdns01.com.       IN  A
r.testdns01.com.    120 IN  A   192.168.0.18
[root@node02 ~]# 
[root@node02 ~]# dig  w.testdns01.com|grep w.testdns01.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> w.testdns01.com
;w.testdns01.com.       IN  A
w.testdns01.com.    120 IN  A   192.168.0.11

[root@node02 ~]# dig  w.testdns01.com SOA|grep testdns01.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> w.testdns01.com SOA
;w.testdns01.com.       IN  SOA
testdns01.com.      3600    IN  SOA localhost.dnstest.net. 1. 0 10800 3600 604800 3600
[root@node02 ~]# dig  r.testdns01.com SOA|grep testdns01.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> r.testdns01.com SOA
;r.testdns01.com.       IN  SOA
testdns01.com.      3600    IN  SOA localhost.dnstest.net. 1. 0 10800 3600 604800 3600
[root@node02 ~]# 

後臺運行pdns_server服務：

[root@pdnsserver ~]# /usr/sbin/pdns_server --daemon=yes --guardian=no --loglevel=9
Jun 29 15:24:13 Reading random entropy from '/dev/urandom'
Jun 29 15:24:13 Loading '/usr/lib64/pdns/libgmysqlbackend.so'
Jun 29 15:24:13 [gmysqlbackend] This is the gmysql backend version 4.1.8 reporting

暫停pdnsserver中的r.testdns01.com A記錄解析：

root@pdnsserver [pdns]>select * from records;
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
| id | domain_id | name            | type | content                 | ttl   | prio | change_date | disabled | ordername | auth |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
|  8 |         1 | testdns01.com   | SOA  | localhost.dnstest.net 1 | 86400 | NULL |        NULL |        0 | NULL      |    1 |
|  9 |         1 | @               | NS   | f1g1ns1.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 10 |         1 | @               | NS   | f1g1ns2.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 11 |         1 | r.testdns01.com | A    | 192.168.0.18            |   120 | NULL |        NULL |        0 | NULL      |    1 |
| 12 |         1 | w.testdns01.com | A    | 192.168.0.11            |   120 | NULL |        NULL |        0 | NULL      |    1 |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
5 rows in set (0.00 sec)

root@pdnsserver [pdns]>update records set disabled=1 where name='r.testdns01.com';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0

root@pdnsserver [pdns]>
root@pdnsserver [pdns]>select * from records;
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
| id | domain_id | name            | type | content                 | ttl   | prio | change_date | disabled | ordername | auth |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
|  8 |         1 | testdns01.com   | SOA  | localhost.dnstest.net 1 | 86400 | NULL |        NULL |        0 | NULL      |    1 |
|  9 |         1 | @               | NS   | f1g1ns1.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 10 |         1 | @               | NS   | f1g1ns2.dnspod.net      | 86400 | NULL |        NULL |        0 | NULL      |    1 |
| 11 |         1 | r.testdns01.com | A    | 192.168.0.18            |   120 | NULL |        NULL |        1 | NULL      |    1 |
| 12 |         1 | w.testdns01.com | A    | 192.168.0.11            |   120 | NULL |        NULL |        0 | NULL      |    1 |
+----+-----------+-----------------+------+-------------------------+-------+------+-------------+----------+-----------+------+
5 rows in set (0.00 sec)

測試：

[root@node01 ~]# ping r.testdns01.com
ping: unknown host r.testdns01.com
[root@@node01 ~]# ping w.testdns01.com
PING w.testdns01.com (192.168.0.11) 56(84) bytes of data.
64 bytes from 192.168.0.11: icmp_seq=1 ttl=64 time=0.243 ms
64 bytes from 192.168.0.11: icmp_seq=2 ttl=64 time=0.232 ms
^C
--- w.testdns01.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.232/0.237/0.243/0.016 ms

[root@node02 ~]# ping r.testdns01.com
ping: unknown host r.testdns01.com
[root@kusou-es11 ~]# ping w.testdns01.com
PING w.testdns01.com (192.168.0.11) 56(84) bytes of data.
64 bytes from 192.168.0.11: icmp_seq=1 ttl=64 time=0.024 ms
^C
--- w.testdns01.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.024/0.024/0.024/0.000 ms
[root@node02 ~]# 

到此演示完成，說明此次試驗Powerdns服務搭建是成功的

powerDNS優化，壓測可以參考下面的鏈接地址：
https://www.cnblogs.com/anpengapple/p/5211557.html