参考文章

https://www.cnblogs.com/guangdelw/p/17348982.html
https://cn.linux-console.net/?p=2907#google_vignette

我的要求不高，只要能解析我自己设置的域名就行，所以dns配得比较简陋

PowerDNS

• 安装mysql，配置用户，数据库等

apt install mysql-server

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_pwd';
CREATE USER 'pdns'@'localhost' IDENTIFIED BY 'your_pwd';
CREATE DATABASE pdns;
GRANT ALL PRIVILEGES ON pdns.* TO 'pdns'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

• 禁用本地systemd-resolved，防止占用53

systemctl disable --now systemd-resolved

echo "nameserver 8.8.8.8" > /etc/resolv.conf

• 安装pdns

apt-get install pdns-server pdns-backend-mysql -y

• 初始化数据库表

mysql -u pdns -p pdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql

• /etc/powerdns/pdns.d/pdns.local.gmysql.conf

# MySQL Configuration
#
# Launch gmysql backend
launch+=gmysql

# gmysql parameters
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-dbname=pdns
gmysql-user=pdns
gmysql-password=password
gmysql-dnssec=yes
# gmysql-socket=

• 先停止服务，后续再起

systemctl stop pdns

PowerDNS Admin

web UI

• 安装依赖

apt-get install nginx python3-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https git virtualenv build-essential libmariadb-dev git python3-flask libpq-dev python-dev -y

• 安装nodejs

sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR=20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list

• 添加yarn存储库

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update -y
apt-get install yarn -y

• 配置PowerDNS Admin

git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /var/www/html/pdns
cd /var/www/html/pdns/
virtualenv -p python3 flask
source ./flask/bin/activate
# 此处需要将requirements.txt中的lxml那一行的东西删掉，只留 lxml===version
pip install -r requirements.txt
deac

• /var/www/html/pdns/powerdnsadmin/default_config.py

# 有默认的
SALT = 'yoursecretekey'
SECRET_KEY = 'yoursecretekey'
BIND_ADDRESS = '0.0.0.0'
PORT = 9191
HSTS_ENABLED = False
OFFLINE_MODE = False

SQLA_DB_USER = 'pdns'
SQLA_DB_PASSWORD = 'password'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_NAME = 'pdns'
SQLALCHEMY_TRACK_MODIFICATIONS = True

• 更新数据库，构建前端

cd /var/www/html/pdns/
source ./flask/bin/activate
export FLASK_APP=powerdnsadmin/__init__.py
flask db upgrade
yarn install --pure-lockfile
flask assets build
deactivate

• /etc/powerdns/pdns.conf

api=yes
api-key=e951e5a1f4b94151b360f47edf596dd2
local-address=0.0.0.0
# 改为54是为了配置递归服务器
local-port=54

• 启动pdns

systemctl start pdns

• /etc/nginx/conf.d/pdns-admin.conf

server {
  listen	*:80;
  server_name               server.name;

  index                     index.html index.htm index.php;
  root                      /var/www/html/pdns;
  access_log                /var/log/nginx/pdnsadmin_access.log combined;
  error_log                 /var/log/nginx/pdnsadmin_error.log;

  client_max_body_size              10m;
  client_body_buffer_size           128k;
  proxy_redirect                    off;
  proxy_connect_timeout             90;
  proxy_send_timeout                90;
  proxy_read_timeout                90;
  proxy_buffers                     32 4k;
  proxy_buffer_size                 8k;
  proxy_set_header                  Host $host;
  proxy_set_header                  X-Real-IP $remote_addr;
  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size    64;

  location ~ ^/static/  {
    include  /etc/nginx/mime.types;
    root /var/www/html/pdns/powerdnsadmin;

    location ~*  \.(jpg|jpeg|png|gif)$ {
      expires 365d;
    }

    location ~* ^.+.(css|js)$ {
      expires 7d;
    }
  }

  location / {
    proxy_pass            http://unix:/run/pdnsadmin/socket;
    proxy_read_timeout    120;
    proxy_connect_timeout 120;
    proxy_redirect        off;
  }

}

• 启动nginx

nginx -t
systemctl restart nginx

• 配置pdnsadmin

• /etc/systemd/system/pdnsadmin.service

[Unit]
Description=PowerDNS-Admin
Requires=pdnsadmin.socket
After=network.target

[Service]
PIDFile=/run/pdnsadmin/pid
User=pdns
Group=pdns
WorkingDirectory=/var/www/html/pdns
ExecStart=/var/www/html/pdns/flask/bin/gunicorn --pid /run/pdnsadmin/pid --bind unix:/run/pdnsadmin/socket 'powerdnsadmin:create_app()'
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

• /etc/systemd/system/pdnsadmin.socket

[Unit]
Description=PowerDNS-Admin socket

[Socket]
ListenStream=/run/pdnsadmin/socket

[Install]
WantedBy=sockets.target

• 配置目录

echo "d /run/pdnsadmin 0755 pdns pdns -" >> /etc/tmpfiles.d/pdnsadmin.conf
mkdir /run/pdnsadmin/
chown -R pdns: /run/pdnsadmin/
chown -R pdns: /var/www/html/pdns/powerdnsadmin/

• 启动

systemctl daemon-reload && systemctl enable --now pdnsadmin.service pdnsadmin.socket

PowerDNS-Recursor

• 安装

apt install -y pdns-recursor

• /etc/pdns-recursor/recursor.conf

#允许访问的地址
allow-from=0.0.0.0/0
#开启日志
disable-syslog=yes
#关闭dnssec 转发有用
dnssec=off
#forward-zones-recurse是找不到就递归，找的到就转发，用逗号分隔  这里是将pdns中定义的域名，转发到pdns服务的54端口上
forward-zones-recurse=jbn.rz,.=8.8.8.8
#绑定在所有ip
local-address=0.0.0.0
local-port=53
log-common-errors=yes
security-poll-suffix=
setgid=pdns-recursor
setuid=pdns-recursor

• 重启

systemctl restart pdns-recursor

• 此时即可解析自定义域名和其他已有域名

$ dig @127.0.0.1 jbn.rz

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 jbn.rz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1125
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;jbn.rz.                                IN      A

;; ANSWER SECTION:
jbn.rz.                 50      IN      A       10.0.0.236

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 08 14:16:06 UTC 2023
;; MSG SIZE  rcvd: 51

$ dig @127.0.0.1 baidu.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32924
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;baidu.com.                     IN      A

;; ANSWER SECTION:
baidu.com.              234     IN      A       110.242.68.66
baidu.com.              234     IN      A       39.156.66.10

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 08 14:16:10 UTC 2023
;; MSG SIZE  rcvd: 70