By

文章目录
  1. 1. Put PowerDNS to Practice
    1. 1.1. The Authoritative Server
      1. 1.1.1. 1. Primary server
      2. 1.1.2. 2. The secondary name server
    2. 1.2. The PowerDNS recursor
      1. 1.2.1. The PowerDNS recursor supports:
    3. 1.3. install
    4. 1.4. configure
    5. 1.5. CentOS 安装 recursor :
    6. 1.6. configure :
    7. 1.7. manage recursor service :
  2. 2. Performance and Tuning
  3. 3. Summary

Put PowerDNS to Practice

PowerDNS is proud to be an open source product for DNS parsing . It is one such marvelous open alternative domain name system (DNS). PowerDNS is notably in use at some of the largest ISPs and websites in the world, such as AOL, Shaw Cable, and even Wikipedia. Its compact codebase and focus on security, scalability, and reliability make it a great name server choice. PowerDNS is jam packed with features that would impress any network or system admin.

###Good things : 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Authoritative DNS server (hosting)
Resolving DNS server (caching)
API to provision zones and records
DNSSEC support (as of 3.x)
Web-based management options
DNS data stored in plaintext (BIND compatible)
IPv4 and IPv6, UDP/TCP, 100% compliant
MySQL, PostgreSQL, Microsoft SQL Server, Oracle, Sybase database back ends
Load balancing/failover algorithms
SNMP support
Remotely pollable statistics for real-time graphing
Optional built-in web server
Debugging tools
Support for Linux, BSD, Unix

##Key components of PowerDNS

The Authoritative Server

角色 :

1. Primary server

1
2
Sometimes called a master server, which is the original and definitive 
source for all zone records for a domain.

2. The secondary name server

1
2
3
4
Often called a slave server, is an identical replica used to provide redundancy and high availability.
Like any service as vital as DNS, you should build redundancy into your infrastructure. That means at 
least two or more of everything, or you will need much more than two aspirins to deal with the 
headaches caused by downtime.

The PowerDNS recursor

1
2
3
4
Simply provides caching or a standalone recursive resolver for clients accessing your network or the 
greater Internet (i.e., it is your first line of DNS for client machines). Recall that it isn’t 
authoritative but simply provides query resolution to the network client resolver (the client-side
portion used to perform DNS queries) on your local machine.

The PowerDNS recursor supports:

1
2
3
4
5
6
7
8
9
10
All relevant standards
Advanced anti-spoofing measures
Reconfiguration without downtime
Plain BIND zone files for “resolved hosting”
Question interception, answer reconditioning, NXDOMAIN redirection
-(including “block lists” and security measures)
The rec_control utility, an API for direct control of the PowerDNS recursor and to output data 
-to MRTG and RDD for pretty network graphs
Local and remote access
DNS64

##Installing the PowerDNS

install

1
2
3
4
yum install wget
wget http://soft.laozuo.org/powerdns/epel-release-6-8.noarch.rpm
rpm -Uvh ./epel-release-6-8.noarch.rpm
yum install pdns pdns-backend-mysql

configure

BackEnd: MySQL 

1
2
3
create database powerdnsdb; 
GRANT ALL ON powerdns.* TO 'pownerdns'@'localhost' IDENTIFIED BY 'pownerdns';
FLUSH PRIVILEGES;

SQL : 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;    
CREATE UNIQUE INDEX name_index ON domains(name);    

CREATE TABLE records (
  id                    INT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB;    
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername); 

CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;    

CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) NOT NULL,
  comment               VARCHAR(64000) NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;    
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);   

CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB;    
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);    

CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB;    
CREATE INDEX domainidindex ON cryptokeys(domain_id);    

CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB;    
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

RECORD : 

1
2
3
4
5
6
7
8
9
10
11
12
*************************** 258. row ***************************
       id: 649
domain_id: 1
     name: ruiaylin2.sjz.autohome.com.cn
     type: A
  content: 192.168.xx.xxx
      ttl: 86400
     prio: 0
change_date: 1425371097
 disabled: 0
ordername: NULL
     auth: 1

ADD DNS :

1
2
3
4
5
insert into records(
domain_id, name, type, content, ttl, prio,change_date, disabled,  ordername, auth
) values (
1, 'ruiaylin3.sjz.autohome.com.cn' , 'A' , '192.168.xx.xx' , 86400, 0 , 1425371097 ,0,'',1
) ;

core variables : 

1
2
3
4
forward-zones=autohome.com.cn=192.168.xxx.xxxx;192.168.xxx.xxx
local-address=0.0.0.0
max-cache-ttl=120  // dns cache invalid time 
// other variables use the default value

##Installing the PowerDNS Recursor

CentOS 安装 recursor :

1
yum -y install pdns pdns-backend-mysql pdns-recursor

configure :

1
2
3
4
5
6
7
launch=gmysql
gmysql-host=192.168.xxx.xxx
gmysql-user=xxx
gmysql-password=xxx
gmysql-dbname=powerdnsdb 
max-cache-ttl=120  // dns cache invalid time 
// other variables use the default value

manage recursor service :

1
service pdns-recursor start / stop

Performance and Tuning

We can reference the docs : https://doc.powerdns.com/md/authoritative/performance/#performance-and-tuning

Summary

powerDNS is a alternative DNS for OPS basic service . Happy to use it !

文章目录
  1. 1. Put PowerDNS to Practice
    1. 1.1. The Authoritative Server
      1. 1.1.1. 1. Primary server
      2. 1.1.2. 2. The secondary name server
    2. 1.2. The PowerDNS recursor
      1. 1.2.1. The PowerDNS recursor supports:
    3. 1.3. install
    4. 1.4. configure
    5. 1.5. CentOS 安装 recursor :
    6. 1.6. configure :
    7. 1.7. manage recursor service :
  2. 2. Performance and Tuning
  3. 3. Summary