powerdns 常见维护备忘

1. vcapple.com  dev.vpapple.com  qa.vpapple.com  10.199 反向解析  上述 DNS 数据修改时候, 只能够修改 master ( 10.199.132.152 )

2. 当上述域名数据修改后,  数据会自动同步至 10.199.132.168 (slave) 与 10.199.129.21 (slave)

3. 10.199.132.152 (pdns, master ) 10.199.132.168 (pdns, slave) 与 10.199.129.21 (bind, slave)

4. 10.199.132.152 (pdns, master ) 10.199.132.168 (pdns, slave) 需利用 mysql AB 复制实现数据同步

5. 域名解析在数据库中需要有 NS 记录与 A记录与 SOA 记录

5.1  SOA 为唯一记录

mysql> select domain_id, name, type, content from records where type='SOA';
+-----------+---------------------+------+----------------------------------------------------------------------------+
| domain_id | name                | type | content                                                                    |
+-----------+---------------------+------+----------------------------------------------------------------------------+
|         1 | vcapple.com         | SOA  | dns.vcapple.com dns.vcapple.com 201401104 28800 7200 604800 86400          |
|         2 | 199.10.in-addr.arpa | SOA  | dns.vcapple.com dns.vcapple.com 201401104 28800 7200 604800 86400          |
|         5 | qa.vpapple.com      | SOA  | dns.qa.vpapple.com dns.qa.vpapple.com 2014013002 28800 7200 604800 86400   |
|         6 | dev.vpapple.com     | SOA  | dns.dev.vpapple.com dns.dev.vpapple.com 2014013002 28800 7200 604800 86400 |
+-----------+---------------------+------+----------------------------------------------------------------------------+
4 rows in set (0.00 sec)

5.2  NS 记录必须包含所有 DNS 服务器记录

mysql> select domain_id, name,type, content from records where type='NS' and name='vcapple.com';
+-----------+-------------+------+----------------------------------+
| domain_id | name        | type | content                          |
+-----------+-------------+------+----------------------------------+
|         1 | vcapple.com | NS   | dns.vcapple.com                  |
|         1 | vcapple.com | NS   | dns-slave.vcapple.com            |
|         1 | vcapple.com | NS   | hh-yun-puppet-129021.vcapple.com |
+-----------+-------------+------+----------------------------------+
3 rows in set (0.00 sec)

mysql> select domain_id, name, type, content from recordswhere type='NS' and name='199.10.in-addr.arpa';
+-----------+---------------------+------+----------------------------------+
| domain_id | name                | type | content                          |
+-----------+---------------------+------+----------------------------------+
|         2 | 199.10.in-addr.arpa | NS   | dns.vcapple.com                  |
|         2 | 199.10.in-addr.arpa | NS   | dns-slave.vcapple.com            |
|         2 | 199.10.in-addr.arpa | NS   | hh-yun-puppet-129021.vcapple.com |
+-----------+---------------------+------+----------------------------------+
3 rows in set (0.00 sec)

5.3 域名中需要填写对应的 DNS 服务器记录

mysql> select domain_id, name, type, content, ttl from records where type='A' and name='vcapple.com';
+-----------+-------------+------+----------------+------+
| domain_id | name        | type | content        | ttl  |
+-----------+-------------+------+----------------+------+
|         1 | vcapple.com | A    | 10.199.132.152 |  360 |
|         1 | vcapple.com | A    | 10.199.132.168 |  360 |
|         1 | vcapple.com | A    | 10.199.129.21  |  360 |
+-----------+-------------+------+----------------+------+
3 rows in set (0.00 sec)

5.4 必须具备上述主机的 A 记录, 建议具备PTR 记录

mysql> select id, domain_id, name, type, content, ttl from records where type='A' and name in ( 'dns.vcapple.com', 'dns-slave.vcapple.com', 'hh-yun-puppet-129021.vcapple.com');
+------+-----------+----------------------------------+------+----------------+------+
| id   | domain_id | name                             | type | content        | ttl  |
+------+-----------+----------------------------------+------+----------------+------+
| 5407 |         1 | dns-slave.vcapple.com            | A    | 10.199.132.168 | 3306 |
| 3965 |         1 | dns.vcapple.com                  | A    | 10.199.132.152 |  360 |
| 3672 |         1 | hh-yun-puppet-129021.vcapple.com | A    | 10.199.129.21  |  360 |
+------+-----------+----------------------------------+------+----------------+------+
3 rows in set (0.00 sec)

5.5 子域需重新授权

mysql> select id, domain_id, name, type, content, ttl from records where domain_id=1 and type='NS';
+------+-----------+-----------------+------+----------------------------------+------+
| id   | domain_id | name            | type | content                          | ttl  |
+------+-----------+-----------------+------+----------------------------------+------+
| 3962 |         1 | vcapple.com     | NS   | dns.vcapple.com                  | 360  |
| 5404 |         1 | vcapple.com     | NS   | dns-slave.vcapple.com            | 3306 |
| 5418 |         1 | vcapple.com     | NS   | hh-yun-puppet-129021.vcapple.com |  360 |
| 5441 |         1 | dev.vcapple.com | NS   | dns.dev.vcapple.com              |  360 |  <- 子域授权
+------+-----------+-----------------+------+----------------------------------+------+
4 rows in set (0.00 sec)

6. 经检验 PDNS 新版本才支持通知 bind 进行自动更新 dns 数据功能

[root@pdns-8tedp ~]# rpm -qa | grep pdns
pdns-static-3.4.1-1.x86_64

配置简要说明

[root@pdns-8tedp ~]# cat /etc/powerdns/pdns.conf | grep -v "#" | grep -v ^$

allow-axfr-ips=10.199.196.233,10.199.129.21
allow-recursion=10.199.196.233,10.199.129.21
also-notify=10.199.196.233,10.199.129.21    <-- 旧版本不支持该功能, 该功能能够主动通知从服务器进行数据更新
daemon=yes
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-user=pdns
gmysql-dbname=pdns
gmysql-password=vipshop
guardian=yes
master=yes
recursor=10.199.129.21

参考测试数据库

mysql> select * from domains;
+----+-----------+--------+------------+--------+-----------------+---------+
| id | name      | master | last_check | type   | notified_serial | account |
+----+-----------+--------+------------+--------+-----------------+---------+
|  1 | terry.com | NULL   |       NULL | MASTER |               4 | NULL    |
+----+-----------+--------+------------+--------+-----------------+---------+
1 row in set (0.00 sec)


mysql> select * from records;
+----+-----------+-----------------+------+--------------------------------------------------------+------+------+-------------+----------+-----------+------+
| id | domain_id | name            | type | content                                                | ttl  | prio | change_date | disabled | ordername | auth |
+----+-----------+-----------------+------+--------------------------------------------------------+------+------+-------------+----------+-----------+------+
|  1 |         1 | terry.com       | NS   | dns.terry.com                                          | 3360 | NULL |        NULL |        0 | NULL      |    1 |
|  3 |         1 | dns.terry.com   | A    | 10.199.197.19                                          | 3360 | NULL |        NULL |        0 | NULL      |    1 |
|  4 |         1 | terry.com       | NS   | slave.terry.com                                        | 3360 | NULL |        NULL |        0 | NULL      |    1 |
|  5 |         1 | slave.terry.com | A    | 10.199.196.233                                         | 3360 | NULL |        NULL |        0 | NULL      |    1 |
|  6 |         1 | ttt.terry.com   | A    | 5.5.5.5                                                | 3360 | NULL |        NULL |        0 | NULL      |    1 |
|  7 |         1 | terry.com       | SOA  | dns.terry.com admin.terry.com 4 10800 3600 604800 3600 | 3360 |    0 |        NULL |        0 | NULL      |    1 |
+----+-----------+-----------------+------+--------------------------------------------------------+------+------+-------------+----------+-----------+------+
6 rows in set (0.00 sec)

每次执行DNS 更新, 都需要执行 soa 更新

soa 值来源于上面 domains 表中  notified_serial  列中的值 (select notified_serial from domains where name='terry.com';)

更新 SOA 方法如下, 替换下面关键字 新的 SOA_NUM, 常见新的 SOA 为上一次的数字 +1 的操作

select notified_serial +1 from domains where name='terry.com'
update records set content='dns.terry.com admin.terry.com 新的SOA_NUM 10800 3600 604800 3600' where name='terry.com' and type='SOA';