Power DNS
PowerDNS — представляет собой высокопроизводительный DNS-сервер, написанный на C++ и лицензируемый под лицензией GPL. Существуют версии для Unix и Windows-систем.
Установка
- apt-get install pdns-server pdns-recursor pdns-backend-mysql
Обновление
Mysql
CREATETABLE domainmetadata ( id INTAUTO_INCREMENT, domain_id INTNOTNULL, kind VARCHAR(16), content TEXT,PRIMARY KEY(id)); CREATETABLE cryptokeys ( id INTAUTO_INCREMENT, domain_id INTNOTNULL, flags INTNOTNULL, active BOOL, content TEXT,PRIMARY KEY(id)); ALTERTABLE records ADD ordername VARCHAR(255);ALTERTABLE records ADD auth BOOL;CREATEINDEX orderindex ON records(ordername); CREATETABLE tsigkeys ( id INTAUTO_INCREMENT, NAME VARCHAR(255),ALGORITHMVARCHAR(255), secret VARCHAR(255),PRIMARY KEY(id)); CREATEUNIQUEINDEX namealgoindex ON tsigkeys(NAME,ALGORITHM); ALTERTABLE records CHANGECOLUMNTYPETYPEVARCHAR(10);
Конфигурация
nano /etc/powerdns/pdns.conf
# Autogenerated configuration file template ################################# # allow-axfr-ips If enabled, restrict zonetransfers to originate from these # IP addresses # allow-axfr-ips=127.0.0.1 192.168.1.0/0 ################################# # allow-recursion List of netmasks that are allowed to recurse # allow-recursion=192.168.1.0/0 ################################# # allow-recursion-override Local data even about hosts that don't exist will # override the internet. (on/off) # # allow-recursion-override= ################################# # cache-ttl Seconds to store packets in the PacketCache # # cache-ttl=20 ################################# # chroot If set, chroot to this directory for more security # # chroot=/var/spool/powerdns ################################# # config-dir Location of configuration directory (pdns.conf) # config-dir=/etc/powerdns ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # control-console Debugging switch - don't use # # control-console=no ################################# # daemon Operate as a daemon # daemon=yes ################################# # default-soa-name name to insert in the SOA record if none set in the backend # # default-soa-name=a.misconfigured.powerdns.server ################################# # disable-axfr Disable zonetransfers but do allow TCP queries # disable-axfr=yes ################################# # disable-tcp Do not listen to TCP queries # # disable-tcp=no ################################# # distributor-threads Default number of Distributor (backend) threads to start # # distributor-threads=3 ################################# # fancy-records Process URL and MBOXFW records # # fancy-records=no ################################# # guardian Run within a guardian process # guardian=yes ################################# # launch Which backends to launch and order to query them in # #launch=gmysql,bind ################################# # load-modules Load this module - supply absolute or relative path # # load-modules= ################################# # local-address Local IP address to which we bind # local-address=127.0.0.1 192.168.1.113 ################################# # local-ipv6 Local IP address to which we bind # # local-ipv6= ################################# # local-port The port on which we listen # local-port=53 ################################# # log-dns-details If PDNS should log failed update requests # log-dns-details=/var/log/pdns/pdns-details.log ################################# # log-failed-updates If PDNS should log failed update requests # log-failed-updates=/var/log/pdns/pdns-fail.log ################################# # logfile Logfile to use (Windows only) # #logfile=/var/log/pdns/pdns.log ################################# # logging-facility Log under a specific facility # # logging-facility= ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # loglevel=9 ################################# # master Act as a master # # master=no ################################# # max-queue-length Maximum queuelength before considering situation lost # # max-queue-length=5000 ################################# # max-tcp-connections Maximum number of TCP connections # # max-tcp-connections=10 ################################# # module-dir Default directory for modules # module-dir=/usr/lib/powerdns ################################# # negquery-cache-ttl Seconds to store packets in the PacketCache # # negquery-cache-ttl=60 ################################# # out-of-zone-additional-processing Do out of zone additional processing # # out-of-zone-additional-processing=no ################################# # query-cache-ttl Seconds to store packets in the PacketCache # # query-cache-ttl=20 ################################# # query-logging Hint backends that queries should be logged # query-logging=no ################################# # queue-limit Maximum number of milliseconds to queue a query # # queue-limit=1500 ################################# # query-local-address The IP address to use as a source address for sending # queries. # query-local-address= ################################# # receiver-threads Number of receiver threads to launch # # receiver-threads=1 ################################# # recursive-cache-ttl Seconds to store packets in the PacketCache # # recursive-cache-ttl=10 ################################# # recursor If recursion is desired, IP address of a recursing nameserver # # recursor= recursor=127.0.0.1:54 ################################# # setgid If set, change group id to this gid for more security # setgid=pdns ################################# # setuid If set, change user id to this uid for more security # setuid=pdns ################################# # skip-cname Do not perform CNAME indirection for each query # # skip-cname=no ################################# # slave Act as a slave # # slave=no ################################# # slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds # # slave-cycle-interval=60 ################################# # smtpredirector Our smtpredir MX host # # smtpredirector=a.misconfigured.powerdns.smtp.server ################################# # soa-minimum-ttl Default SOA mininum ttl # # soa-minimum-ttl=3600 ################################# # soa-refresh-default Default SOA refresh # # soa-refresh-default=10800 ################################# # soa-retry-default Default SOA retry # # soa-retry-default=3600 ################################# # soa-expire-default Default SOA expire # # soa-expire-default=604800 ################################# # soa-serial-offset Make sure that no SOA serial is less than this number # # soa-serial-offset=0 ################################# # socket-dir Where the controlsocket will live # socket-dir=/var/run ################################# # strict-rfc-axfrs Perform strictly rfc compliant axfrs (very slow) # # strict-rfc-axfrs=no ################################# # urlredirector Where we send hosts to that need to be url redirected # # urlredirector=127.0.0.1 ################################# # use-logfile Use a log file (Windows only) # #use-logfile=yes ################################# # webserver Start a webserver for monitoring # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8081 ################################# # webserver-print-arguments If the webserver should print arguments # # webserver-print-arguments=no ################################# # wildcard-url Process URL and MBOXFW records # # wildcard-url=no ################################# # wildcards Honor wildcards in the database # # wildcards= ################################# # version-string What should PowerDNS return for version # allowed methods are anonymous / powerdns / full / custom version-string=powerdns include-dir=/etc/powerdns/pdns.d
nano /etc/powerdns/pdns.d/pdns.simplebind.conf
launch=gmysql,bind bind-config=/etc/powerdns/bindbackend.conf
nano /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# MySQL Configuration # # Launch gmysql backend #launch=gmysql # gmysql parameters gmysql-host=localhost gmysql-port=3306 gmysql-user=pdns gmysql-dbname=pdns gmysql-password=pdns_password gmysql-socket=/var/run/mysqld/mysqld.sock # DNSSEC is disabled by default to not break updates # If you want to do DNSSEC, make sure that your database # schema is DNSSEC-ready and set the option to yes here. gmysql-dnssec=no
Настройка
MySQL v5.x
DROP TABLE IF EXISTS domains; CREATE TABLE domains ( id INT AUTO_INCREMENT, NAME VARCHAR(255) NOT NULL, MASTER VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, TYPE VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) ENGINE=INNODB; CREATE UNIQUE INDEX name_index ON domains(NAME); DROP TABLE IF EXISTS records; CREATE TABLE records ( id INT AUTO_INCREMENT, domain_id INT DEFAULT NULL, NAME VARCHAR(255) DEFAULT NULL, TYPE VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, PRIMARY KEY(id) ) ENGINE=INNODB; CREATE INDEX rec_name_index ON records(NAME); CREATE INDEX nametype_index ON records(NAME,TYPE); CREATE INDEX domain_id ON records(domain_id); DROP TABLE IF EXISTS supermasters; CREATE TABLE supermasters ( ip VARCHAR(25) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) DEFAULT NULL ) ENGINE=INNODB; CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(16), content TEXT, PRIMARY KEY(id) ); CREATE INDEX domainmetaidindex ON domainmetadata(domain_id); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ); CREATE INDEX domainidindex ON cryptokeys(domain_id); ALTER TABLE records ADD ordername VARCHAR(255) BINARY; ALTER TABLE records ADD auth BOOL; CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, NAME VARCHAR(255), ALGORITHM VARCHAR(50), secret VARCHAR(255), PRIMARY KEY(id) ); GRANT SELECT ON supermasters TO pdns; GRANT ALL ON domains TO pdns; GRANT ALL ON records TO pdns; GRANT ALL ON powerdns.* TO 'pdns'@'localhost' IDENTIFIED BY 'pdns'; GRANT ALL ON powerdns.* TO 'pdns'@'localhost.localdomain' IDENTIFIED BY 'pdns';
pdns.conf
nano /etc/powerdns/pdns.conf
# Autogenerated configuration file template ################################# # allow-axfr-ips If enabled, restrict zonetransfers to originate from these # IP addresses # allow-axfr-ips=127.0.0.1 192.168.1.0/0 ################################# # allow-recursion List of netmasks that are allowed to recurse # allow-recursion=192.168.1.0/0 ################################# # allow-recursion-override Local data even about hosts that don't exist will # override the internet. (on/off) # # allow-recursion-override= ################################# # cache-ttl Seconds to store packets in the PacketCache # # cache-ttl=20 ################################# # chroot If set, chroot to this directory for more security # # chroot=/var/spool/powerdns ################################# # config-dir Location of configuration directory (pdns.conf) # config-dir=/etc/powerdns ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # control-console Debugging switch - don't use # # control-console=no ################################# # daemon Operate as a daemon # daemon=yes ################################# # default-soa-name name to insert in the SOA record if none set in the backend # # default-soa-name=a.misconfigured.powerdns.server ################################# # disable-axfr Disable zonetransfers but do allow TCP queries # disable-axfr=yes ################################# # disable-tcp Do not listen to TCP queries # # disable-tcp=no ################################# # distributor-threads Default number of Distributor (backend) threads to start # # distributor-threads=3 ################################# # fancy-records Process URL and MBOXFW records # # fancy-records=no ################################# # guardian Run within a guardian process # guardian=yes ################################# # launch Which backends to launch and order to query them in # launch=gmysql gmysql-host=127.0.0.1 gmysql-port=3306 gmysql-user=pdns gmysql-dbname=powerdns gmysql-password=pdns_password ################################# # lazy-recursion Only recurse if question cannot be answered locally # lazy-recursion=yes ################################# # load-modules Load this module - supply absolute or relative path # # load-modules= ################################# # local-address Local IP address to which we bind # local-address=127.0.0.1 192.168.1.124 ################################# # local-ipv6 Local IP address to which we bind # # local-ipv6= ################################# # local-port The port on which we listen # local-port=53 ################################# # log-dns-details If PDNS should log failed update requests # log-dns-details=/var/log/pdns/pdns-details.log ################################# # log-failed-updates If PDNS should log failed update requests # log-failed-updates=/var/log/pdns/pdns-fail.log ################################# # logfile Logfile to use # logfile=/var/log/pdns/pdns.log ################################# # logging-facility Log under a specific facility # # logging-facility= ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # loglevel=9 ################################# # master Act as a master # # master=no ################################# # max-queue-length Maximum queuelength before considering situation lost # # max-queue-length=5000 ################################# # max-tcp-connections Maximum number of TCP connections # # max-tcp-connections=10 ################################# # module-dir Default directory for modules # module-dir=/usr/lib/powerdns ################################# # negquery-cache-ttl Seconds to store packets in the PacketCache # # negquery-cache-ttl=60 ################################# # out-of-zone-additional-processing Do out of zone additional processing # # out-of-zone-additional-processing=no ################################# # query-cache-ttl Seconds to store packets in the PacketCache # # query-cache-ttl=20 ################################# # query-logging Hint backends that queries should be logged # query-logging=no ################################# # queue-limit Maximum number of milliseconds to queue a query # # queue-limit=1500 ################################# # query-local-address The IP address to use as a source address for sending # queries. # query-local-address= ################################# # receiver-threads Number of receiver threads to launch # # receiver-threads=1 ################################# # recursive-cache-ttl Seconds to store packets in the PacketCache # # recursive-cache-ttl=10 ################################# # recursor If recursion is desired, IP address of a recursing nameserver # recursor=127.0.0.1:54 ################################# # setgid If set, change group id to this gid for more security # setgid=pdns ################################# # setuid If set, change user id to this uid for more security # setuid=pdns ################################# # skip-cname Do not perform CNAME indirection for each query # # skip-cname=no ################################# # slave Act as a slave # # slave=no ################################# # slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds # # slave-cycle-interval=60 ################################# # smtpredirector Our smtpredir MX host # # smtpredirector=a.misconfigured.powerdns.smtp.server ################################# # soa-minimum-ttl Default SOA mininum ttl # # soa-minimum-ttl=3600 ################################# # soa-refresh-default Default SOA refresh # # soa-refresh-default=10800 ################################# # soa-retry-default Default SOA retry # # soa-retry-default=3600 ################################# # soa-expire-default Default SOA expire # # soa-expire-default=604800 ################################# # soa-serial-offset Make sure that no SOA serial is less than this number # # soa-serial-offset=0 ################################# # socket-dir Where the controlsocket will live # socket-dir=/var/run ################################# # strict-rfc-axfrs Perform strictly rfc compliant axfrs (very slow) # # strict-rfc-axfrs=no ################################# # urlredirector Where we send hosts to that need to be url redirected # # urlredirector=127.0.0.1 ################################# # use-logfile Use a log file # use-logfile=yes ################################# # webserver Start a webserver for monitoring # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8081 ################################# # webserver-print-arguments If the webserver should print arguments # # webserver-print-arguments=no ################################# # wildcard-url Process URL and MBOXFW records # # wildcard-url=no ################################# # wildcards Honor wildcards in the database # # wildcards= ################################# # version-string What should PowerDNS return for version # allowed methods are anonymous / powerdns / full / custom version-string=powerdns include=/etc/powerdns/pdns.d
recursor.conf
nano /etc/powerdns/recursor.conf
# Autogenerated configuration file template ################################# # aaaa-additional-processing turn on to do AAAA additional processing (slow) # # aaaa-additional-processing=off ################################# # allow-from If set, only allow these comma separated netmasks to recurse # # allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 allow-from=127.0.0.0/8 ################################# # allow-from-file If set, load allowed netmasks from this file # # allow-from-file= ################################# # auth-can-lower-ttl If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records # # auth-can-lower-ttl=off ################################# # auth-zones Zones for which we have authoritative data, comma separated domain=file pairs # # auth-zones= ################################# # chroot switch to chroot jail # # chroot= ################################# # client-tcp-timeout Timeout in seconds when talking to TCP clients # # client-tcp-timeout=2 ################################# # config-dir Location of configuration directory (recursor.conf) # # config-dir=/etc/powerdns/ ################################# # daemon Operate as a daemon # # daemon=yes ################################# # delegation-only Which domains we only accept delegations from # # delegation-only=com,net ################################# # dont-query If set, do not query these netmasks for DNS data # # dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 #dont-query= ################################# # entropy-source If set, read entropy from this file # # entropy-source=/dev/urandom ################################# # export-etc-hosts If we should serve up contents from /etc/hosts # # export-etc-hosts=off ################################# # fork If set, fork the daemon for possible double performance # # fork=no ################################# # forward-zones Zones for which we forward queries, comma separated domain=ip pairs # # forward-zones= ################################# # forward-zones-file File with domain=ip pairs for forwarding # # forward-zones-file= ################################# # hint-file If set, load root hints from this file # #hint-file=/etc/powerdns/root.zone ################################# # ignore-rd-bit Assume each packet requires recursion, for compatability # # ignore-rd-bit=off ################################# # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # local-address=127.0.0.1 ################################# # local-port port to listen on # local-port=54 ################################# # log-common-errors If we should log rather common errors # # log-common-errors=yes ################################# # logging-facility Facility to log messages as. 0 corresponds to local0 # # logging-facility= ################################# # max-cache-entries If set, maximum number of entries in the main cache # # max-cache-entries=0 ################################# # max-negative-ttl maximum number of seconds to keep a negative cached entry in memory # # max-negative-ttl=3600 ################################# # max-tcp-clients Maximum number of simultaneous TCP clients # #max-tcp-clients=128 ################################# # max-tcp-per-client If set, maximum number of TCP sessions per client (IP address) # # max-tcp-per-client=0 ################################# # no-shuffle Don't change # # no-shuffle=off ################################# # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ################################# # query-local-address6 Source IPv6 address for sending queries # # query-local-address6= ################################# # quiet Suppress logging of questions and answers # #quiet=yes ################################# # remotes-ringbuffer-entries maximum number of packets to store statistics for # # remotes-ringbuffer-entries=0 ################################# # serve-rfc1918 If we should be authoritative for RFC 1918 private IP space # # serve-rfc1918= ################################# # server-id Returned when queried for 'id.server' TXT, defaults to hostname # # server-id= ################################# # setgid If set, change group id to this gid for more security # setgid=pdns ################################# # setuid If set, change user id to this uid for more security # setuid=pdns ################################# # single-socket If set, only use a single socket for outgoing queries # # single-socket=off ################################# # soa-minimum-ttl Don't change # # soa-minimum-ttl=0 ################################# # soa-serial-offset Don't change # # soa-serial-offset=0 ################################# # socket-dir Where the controlsocket will live # HINT: If you change this from the default /var/run then rec_control # will still search in /var/run for the socket file. Keep in mind # to run it as 'rec_control --socket-dir=/your/socket/directory' then. # socket-dir=/var/run/ ################################# # spoof-nearmiss-max If non-zero, assume spoofing after this many near misses # # spoof-nearmiss-max=20 ################################# # stack-size stack size per mthread # # stack-size=200000 ################################# # trace if we should output heaps of logging # # trace=off ################################# # version-string string reported on version.pdns or version.bind # #version-string=PowerDNS Recursor 3.1.5 $Id: pdns_recursor.cc 1170 2008-03-22 20:43:44Z ahu $
Web intarface
- powerdns-webinterface (http://code.google.com/p/powerdns-webinterface/source/checkout)
- PDNS Admin (http://freshmeat.net/projects/pdns-admin/)
- PowerAdmin (http://www.poweradmin.org/)
- PowerDNS Administration (http://sourceforge.net/projects/powerdnsadmin/)
- TUPA (http://www.tupa-dns.org/)
- ZoneAdmin (http://freshmeat.net/projects/zoneadmin/)
- PowerDNS GUI (http://code.google.com/p/pdns-gui/)