使用MariaDB和PowerDNS-Admin在CentOS 8上安装PowerDNS
时间:2020-02-23 14:31:15 来源:igfitidea点击:
什么是PowerDNS? PowerDNS是一种开放源代码的权威名称服务器,已被用作BIND DNS的替代方法。 PowerDNS以最小的内存使用量提供了更高的性能。权威名称服务器直接从自身提供记录,而递归名称服务器则查询其他名称服务器以获取所需答案。在本指南中,我们将研究如何使用MariaDB和PowerDNS-Admin在CentOS 8上安装PowerDNS。
准备服务器
首先,我们将禁用CentOS SElinux,以确保它不会阻止我们将要执行的任何安装。
$sudo vim /etc/selinux/config
如图所示编辑行,以禁用SElinux。保存文件并重新启动服务器
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
重新启动服务器
sudo reboot
安装EPEL和Remi存储库。
我们需要先安装PowerDNS依赖项。在这种情况下,我们将安装EPEL存储库和REMI以进行PHP安装。运行以下命令。
sudo dnf -y install epel-release sudo dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
添加存储库后,可使用以下命令启用PHP 7.4 Remi存储库。
sudo dnf module enable php:remi-7.4
安装和配置MariaDB
运行以下命令以在服务器上安装MariaDB。
sudo dnf -y install mariadb mariadb-server
安装完成后,启动MariaDB服务并启用它以在启动时启动。
sudo systemctl start mariadb sudo systemctl enable mariadb
MariaDB服务现在正在运行。我们需要保护它并设置root密码。使用下面显示的命令。
sudo mysql_secure_installation
回答如下提示:
Answer the prompts as shown: NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): Press Enter OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorization. Set root password? [Y/n] y New password: Enter New Password Re-enter new password: Repeat New Password Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB
接下来,我们需要为PowerDNS安装创建一个数据库,并添加一个用户来管理该数据库。首先,使用以下命令登录MariaDB:
$mysql -u root -p
输入我们在上方设置的密码,然后继续创建数据库和用户,并授予用户对该数据库的所有权限。
Enter password: Enter your DB root password Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.3.17-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database powerdns; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> create user 'pdns' identified by 'mypassword' ; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> grant all privileges on powerdns.* to 'pdns'@'localhost' identified by 'mypassword'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.001 sec)
创建数据库和用户后,通过运行以下显示的MySQL命令为创建的数据库创建表结构:
use powerdns;
运行以下MySQL命令
CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); quit;
我们可以确认是否按以下方式创建了表:
MariaDB [powerdns]> show tables; +--------------------+ | Tables_in_powerdns | +--------------------+ | comments | | cryptokeys | | domainmetadata | | domains | | records | | supermasters | | tsigkeys | +--------------------+ 7 rows in set (0.000 sec)
在CentOS 8上安装PowerDNS
首先,我们需要默认禁用CentOS附带的systemd-resolve。这是为了防止端口冲突,因为PowerDNS也将使用端口53
sudo systemctl disable systemd-resolved sudo systemctl stop systemd-resolved
还要删除符号链接的resolve.conf并创建一个新的。
$ls -lh /etc/resolv.conf $echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
现在该安装PowerDNS了。使用以下命令:
sudo dnf -y install pdns pdns-backend-mysql bind-utils
默认的PowerDNS配置文件是/etc/pdns/pdns.conf。用我们喜欢的编辑器打开文件。默认情况下,PowerDNS使用bind作为后端。我们需要通过注释launch = bind行来禁用此功能,并允许MySQL后端配置。如下编辑文件:
#launch=bind launch=gmysql gmysql-host=localhost gmysql-user=pdns gmysql-password=mypassword gmysql-dbname=powerdns
保存更改并关闭文件。继续启动PowerDNS服务,并使其在启动时启动。
sudo systemctl start pdns. sudo systemctl enable pdns
也允许DNS服务通过防火墙
sudo firewall-cmd --add-service=dns --permanent sudo firewall-cmd –reload
此时,PowerDNS已安装并正在运行。我们可以使用以下命令确认状态。
$systemctl status pdns
在CentOS 8上安装PowerAdmin
PowerAdmin是用于管理PowerDNS的基于Web的应用程序,它基于PHP。要安装它,我们首先需要安装PHP以使我们能够运行该应用程序。
sudo dnf -y install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext
同样,安装其他的php pear软件包,如下所示:
sudo dnf -y install php-pear-DB
现在启动httpd服务并启用它以在系统启动时启动
sudo systemctl start httpd sudo systemctl enable httpd
使用以下命令确认httpd服务
systemctl status httpd
输出量
接下来,我们需要下载PowerDNS代码。更改为/var/www/html并运行播种的命令
wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz
现在解压缩存档文件并给它一个新名称
tar xvf poweradmin-2.1.7.tgz mv poweradmin-2.1.7/cd /var/www/html/poweradmin/
允许通过防火墙的HTTP和HTTPS协议。
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd –reload
此时,我们可以继续进行PowerAdmin的在线设置。打开浏览器,然后输入http://<服务器-ip>/poweradmin/install。我们将看到如下所示的页面
选择我们喜欢的语言,然后单击"转到",然后在下一页中,单击"转到"。
我们将看到一个页面,用于配置数据库。其中使用创建PowerDNS数据库之前使用的详细信息。
接下来是创建具有有限权限的用户。
单击转到,我们将其中看到已添加用户的详细信息。此时,我们可以返回到终端,通过运行以下MySQL命令为新用户授予命名权限。
GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'lorna'@'localhost' IDENTIFIED BY 'mypassword'
现在,返回到Web浏览器,然后单击"转到"。我们将看到如下页面,告诉我们手动创建文件../inc/config.inc.php。
在终端上,运行显示的命令:
cd /var/www/html/poweradmin sudo vim inc/config.inc.php
并粘贴网页中的内容并保存文件。
<?php
$db_host = 'localhost';
$db_user = 'lorna';
$db_pass = 'mypassword';
$db_name = 'powerdns';
$db_type = 'mysql';
$db_layer = 'PDO';
$session_key = '=v(sm${yxUEsxcpA~FxT$=Ks%2B#J[theitroad@localhost';
$iface_lang = 'en_EN';
$dns_hostmaster = 'hostmaster.example.com';
$dns_ns1 = 'ns1.example.com';
$dns_ns2 = 'ns2.example.com';
返回浏览器,然后单击"转到"。我们将看到配置已完成。
要支持其他动态提供程序使用的URL,请运行以下命令:
cd /var/www/html/poweradmin sudo cp install/htaccess.dist .htaccess
请注意,我们必须删除安装目录才能继续。
sudo rm -rf /var/www/html/poweradmin/install
现在返回浏览器并输入http://<服务器-ip>/poweradmin。
使用admin用户和我们为admin用户设置的密码登录,然后单击GO。我们将看到一个如图所示的页面。
安装已完成!现在,我们可以继续添加主区域。
