raspberry:pidora_power_dns
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | |||
raspberry:pidora_power_dns [2015/03/14 13:34] – [Reverse DNS Einträge hinzufügen] gpipperr | raspberry:pidora_power_dns [2015/03/14 16:57] (aktuell) – [Alternativ] gpipperr | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | =====Raspberry PI als DNS Applicance für PowerDNS===== | ||
+ | |||
+ | === PowerDNS === | ||
+ | |||
+ | |||
+ | PowerDNS besteht aus dem: | ||
+ | * PowerDNS Server - advanced and high performance authoritative-only nameserver | ||
+ | * https:// | ||
+ | * PowerDNS Recursor - high performance recursing/ | ||
+ | * https:// | ||
+ | * Einer Datenbank wie PostgreSQL | ||
+ | * https:// | ||
+ | |||
+ | |||
+ | Für Pidora steht PowerDNS als Packet zur Verfügung. Als Datenbank | ||
+ | |||
+ | |||
+ | === Installation === | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | yum install pdns pdns-recursor pdns-backend-postgresql pdns-tools | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | === Eine PostgreSQL Datenbank einrichten === | ||
+ | |||
+ | == DB Software installieren== | ||
+ | <code bash> | ||
+ | |||
+ | yum install postgresql-server postgresql postgresql-contrib | ||
+ | |||
+ | </ | ||
+ | |||
+ | == Datenbank anlegen == | ||
+ | |||
+ | Service starten und Datenbank anlegen: | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | systemctl enable postgresql | ||
+ | |||
+ | postgresql-setup initdb | ||
+ | |||
+ | systemctl start postgresql | ||
+ | |||
+ | </ | ||
+ | |||
+ | Data Location: / | ||
+ | |||
+ | DB anlegen: | ||
+ | <code sql> | ||
+ | su - postgres | ||
+ | |||
+ | psql | ||
+ | |||
+ | psql (9.3.4) | ||
+ | Type " | ||
+ | |||
+ | postgres=# CREATE USER powerdns WITH PASSWORD ' | ||
+ | postgres=# CREATE DATABASE pdns OWNER powerdns; | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | PowerDNS Schema Object anlegen (siehe https:// | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | postgres=# \connect pdns | ||
+ | You are now connected to database " | ||
+ | |||
+ | #SQL block weise ausführen: | ||
+ | |||
+ | CREATE TABLE domains ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | name VARCHAR(255) NOT NULL, | ||
+ | master | ||
+ | last_check | ||
+ | type VARCHAR(6) NOT NULL, | ||
+ | notified_serial | ||
+ | account | ||
+ | CONSTRAINT c_lowercase_name CHECK (((name):: | ||
+ | ); | ||
+ | |||
+ | CREATE UNIQUE INDEX name_index ON domains(name); | ||
+ | |||
+ | |||
+ | CREATE TABLE records ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | domain_id | ||
+ | name VARCHAR(255) DEFAULT NULL, | ||
+ | type VARCHAR(10) DEFAULT NULL, | ||
+ | content | ||
+ | ttl INT DEFAULT NULL, | ||
+ | prio INT DEFAULT NULL, | ||
+ | change_date | ||
+ | disabled | ||
+ | ordername | ||
+ | auth BOOL DEFAULT ' | ||
+ | CONSTRAINT domain_exists | ||
+ | FOREIGN KEY(domain_id) REFERENCES domains(id) | ||
+ | ON DELETE CASCADE, | ||
+ | CONSTRAINT c_lowercase_name CHECK (((name):: | ||
+ | ); | ||
+ | CREATE INDEX rec_name_index ON records(name); | ||
+ | CREATE INDEX nametype_index ON records(name, | ||
+ | CREATE INDEX domain_id ON records(domain_id); | ||
+ | CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops); | ||
+ | |||
+ | |||
+ | CREATE TABLE supermasters ( | ||
+ | ip INET NOT NULL, | ||
+ | nameserver | ||
+ | account | ||
+ | PRIMARY KEY(ip, nameserver) | ||
+ | ); | ||
+ | |||
+ | |||
+ | CREATE TABLE comments ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | domain_id | ||
+ | name VARCHAR(255) NOT NULL, | ||
+ | type VARCHAR(10) NOT NULL, | ||
+ | modified_at | ||
+ | account | ||
+ | comment | ||
+ | CONSTRAINT domain_exists | ||
+ | FOREIGN KEY(domain_id) REFERENCES domains(id) | ||
+ | ON DELETE CASCADE, | ||
+ | CONSTRAINT c_lowercase_name CHECK (((name):: | ||
+ | ); | ||
+ | |||
+ | CREATE INDEX comments_domain_id_idx ON comments (domain_id); | ||
+ | CREATE INDEX comments_name_type_idx ON comments (name, type); | ||
+ | CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); | ||
+ | |||
+ | |||
+ | CREATE TABLE domainmetadata ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | domain_id | ||
+ | kind VARCHAR(32), | ||
+ | content | ||
+ | ); | ||
+ | |||
+ | CREATE INDEX domainidmetaindex ON domainmetadata(domain_id); | ||
+ | CREATE TABLE cryptokeys ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | domain_id | ||
+ | flags INT NOT NULL, | ||
+ | active | ||
+ | content | ||
+ | ); | ||
+ | |||
+ | CREATE INDEX domainidindex ON cryptokeys(domain_id); | ||
+ | |||
+ | |||
+ | CREATE TABLE tsigkeys ( | ||
+ | id SERIAL PRIMARY KEY, | ||
+ | name VARCHAR(255), | ||
+ | algorithm | ||
+ | secret | ||
+ | CONSTRAINT c_lowercase_name CHECK (((name):: | ||
+ | ); | ||
+ | |||
+ | CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, | ||
+ | |||
+ | # Ergebnis kontrollieren: | ||
+ | |||
+ | pdns=# \d | ||
+ | List of relations | ||
+ | | ||
+ | --------+-----------------------+----------+---------- | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | (13 rows) | ||
+ | |||
+ | grant all on table comments | ||
+ | grant all on table comments_id_seq | ||
+ | grant all on table cryptokeys | ||
+ | grant all on table cryptokeys_id_seq | ||
+ | grant all on table domainmetadata | ||
+ | grant all on table domainmetadata_id_seq to powerdns; | ||
+ | grant all on table domains | ||
+ | grant all on table domains_id_seq | ||
+ | grant all on table records | ||
+ | grant all on table records_id_seq | ||
+ | grant all on table supermasters | ||
+ | grant all on table tsigkeys | ||
+ | grant all on table tsigkeys_id_seq | ||
+ | |||
+ | pdns-# \q | ||
+ | |||
+ | </ | ||
+ | |||
+ | === DB auf localhost erlauben === | ||
+ | <code bash> | ||
+ | |||
+ | vi / | ||
+ | |||
+ | |||
+ | # | ||
+ | listen_addresses=' | ||
+ | |||
+ | port = 5432 | ||
+ | |||
+ | # aus indent wird trust! | ||
+ | # sonst fehler "psql: FATAL: | ||
+ | vi / | ||
+ | |||
+ | host all | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | siehe auch http:// | ||
+ | |||
+ | Neu starten mit: | ||
+ | <code bash> | ||
+ | systemctl stop postgresql | ||
+ | systemctl start postgresql | ||
+ | systemctl status postgresql | ||
+ | </ | ||
+ | |||
+ | |||
+ | Testen mit password Eingabe im Prompt: | ||
+ | <code bash> | ||
+ | |||
+ | psql -h localhost -d pdns -U powerdns -W | ||
+ | |||
+ | </ | ||
+ | === PowerDNS Dienst einrichten === | ||
+ | |||
+ | Datei pdns.conf und /etc/pdns bearbeiten: | ||
+ | <code bash > | ||
+ | |||
+ | cd /etc/pdns | ||
+ | |||
+ | vi pdns.conf | ||
+ | |||
+ | query-local-address=192.168.178.100 | ||
+ | |||
+ | # Back-end settings | ||
+ | load-modules=gpgsql | ||
+ | launch=gpgsql | ||
+ | |||
+ | |||
+ | # PostgreSQL back-end settings | ||
+ | gpgsql-host=localhost | ||
+ | gpgsql-dbname=pdns | ||
+ | gpgsql-user=powerdns | ||
+ | gpgsql-password=powerdns1234 | ||
+ | |||
+ | </ | ||
+ | |||
+ | === DNS Forwarding einrichten === | ||
+ | |||
+ | Datei pdns.conf unter /etc/pdns bearbeiten: | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | cd /etc/pdns | ||
+ | |||
+ | vi pdns.conf | ||
+ | |||
+ | #my local internet nameserver | ||
+ | recursor=192.168.178.1 | ||
+ | |||
+ | allow-recursion=10.10.10.0/ | ||
+ | lazy-recursion=yes | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | testen mit: | ||
+ | <code bash> | ||
+ | dig @192.168.178.100 www.oracle.de | ||
+ | </ | ||
+ | === Monitoring einrichten === | ||
+ | siehe http:// | ||
+ | |||
+ | Datei pdns.conf und /etc/pdns bearbeiten: | ||
+ | <code bash > | ||
+ | |||
+ | cd /etc/pdns | ||
+ | |||
+ | vi pdns.conf | ||
+ | |||
+ | webserver=yes | ||
+ | webserver-address=168.178.250 | ||
+ | webserver-password=powerdns1234 | ||
+ | webserver-port=8081 | ||
+ | |||
+ | # Nur in Testumgebungen | ||
+ | webserver-print-arguments=yes | ||
+ | |||
+ | </ | ||
+ | |||
+ | webserver-print-arguments nur in Test Umgebungen verwenden! Alle Parameter inkl. passwort werden angezeigt! | ||
+ | |||
+ | ===Service starten=== | ||
+ | <code bash> | ||
+ | systemctl enable pdns | ||
+ | systemctl start pdns | ||
+ | |||
+ | #prüfen | ||
+ | systemctl status pdns | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===Service überwachen === | ||
+ | |||
+ | Ist der Webserver aktiviert kann über die URL: < | ||
+ | |||
+ | User: powerdns und das zuvor in der Konfiguration gesetzte Password. | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | |||
+ | === Eine erste Domain per manuell einfügen === | ||
+ | |||
+ | Im folgenden Bespiel wird die notwendige DNS Auflösung für ein Oracle Real Application Cluster hinterlegt. | ||
+ | |||
+ | SQL zusammenstellen und die Daten in der DB einfügen: | ||
+ | <code sql> | ||
+ | #Anmelden mit Password Prompt | ||
+ | psql -h localhost -d pdns -U powerdns -W | ||
+ | |||
+ | #domain hinzufügen | ||
+ | insert into domains(name, | ||
+ | #id der domain ermitteln und merken | ||
+ | select * from domains; | ||
+ | #SOA record hinzufügen | ||
+ | insert into records(domain_id, | ||
+ | #NS record | ||
+ | insert into records(domain_id, | ||
+ | #A record | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | #Einträge für das RAC Cluster in der Domain | ||
+ | |||
+ | #A record für racdb01 | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | #A record für racdb02 | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | #A mit doppelten Name für Oracle Scan Listener | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | Auf die Schreibweise des Typs achten, GROSSBUCHSTABEN verwenden! | ||
+ | |||
+ | testen mit: | ||
+ | <code bash> | ||
+ | |||
+ | dig @192.168.178.100 -tAXFR pipperr.local | ||
+ | |||
+ | ; <<>> | ||
+ | ; (1 server found) | ||
+ | ;; global options: +cmd | ||
+ | pipperr.local. | ||
+ | racdb01-priv.pipperr.local. 3600 IN | ||
+ | racdb01.pipperr.local. | ||
+ | racdb02-priv.pipperr.local. 3600 IN | ||
+ | racdb02-vip.pipperr.local. 3600 IN A | ||
+ | racdb01-vip.pipperr.local. 3600 IN A | ||
+ | racdb02.pipperr.local. | ||
+ | scanracdb.pipperr.local. 3600 | ||
+ | scanracdb.pipperr.local. 3600 | ||
+ | ns1.pipperr.local. | ||
+ | pipperr.local. | ||
+ | pipperr.local. | ||
+ | ;; Query time: 186 msec | ||
+ | ;; SERVER: 192.168.178.100# | ||
+ | ;; WHEN: Sat Mar 14 12:33:55 CET 2015 | ||
+ | ;; XFR size: 12 records (messages 3, bytes 466) | ||
+ | |||
+ | |||
+ | #alternativ abfragen mit | ||
+ | |||
+ | host -l pipperr.local | sort | ||
+ | |||
+ | ns1.pipperr.local has address 192.168.178.100 | ||
+ | pipperr.local name server ns1.pipperr.local. | ||
+ | racdb01-priv.pipperr.local has address 10.1.1.192 | ||
+ | racdb01-vip.pipperr.local has address 10.10.10.192 | ||
+ | racdb01.pipperr.local has address 10.10.10.190 | ||
+ | racdb02-priv.pipperr.local has address 10.1.1.196 | ||
+ | racdb02-vip.pipperr.local has address 10.10.10.196 | ||
+ | racdb02.pipperr.local has address 10.10.10.194 | ||
+ | scanracdb.pipperr.local has address 10.10.10.200 | ||
+ | scanracdb.pipperr.local has address 10.10.10.210 | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | === Reverse DNS Einträge hinzufügen === | ||
+ | |||
+ | <code sql> | ||
+ | #Reverse Einträge hinzufügen | ||
+ | |||
+ | INSERT INTO domains(name, | ||
+ | INSERT INTO domains(name, | ||
+ | INSERT INTO domains(name, | ||
+ | |||
+ | #id | ||
+ | SELECT * FROM domains; | ||
+ | |||
+ | #SOA | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | #PTR | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | insert into records(domain_id, | ||
+ | insert into records(domain_id, | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | Testen mit: | ||
+ | <code bash> | ||
+ | |||
+ | dig -x 10.10.10.196 | ||
+ | .. | ||
+ | ;; ANSWER SECTION: | ||
+ | 196.10.10.10.in-addr.arpa. 3600 IN PTR | ||
+ | .. | ||
+ | |||
+ | host -i 10.10.10.196 | ||
+ | 196.10.10.10.in-addr.arpa domain name pointer racdb02-vip.pipperr.local. | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== GUI==== | ||
+ | |||
+ | * https:// | ||
+ | |||
+ | === Unter Linux x86 === | ||
+ | |||
+ | siehe => [[linux: | ||
+ | |||
+ | |||
+ | ==== Quellen ==== | ||
+ | |||
+ | Siehe: | ||
+ | |||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | PowerDNS mit PostGreSQL | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | PostGreSQL | ||
+ | |||
+ | * https:// |
raspberry/pidora_power_dns.txt · Zuletzt geändert: 2015/03/14 16:57 von gpipperr