Viridian - A CentOS based Power DNS (pdns) DNS server with PowerAdmin Web frontend
Howto install a pdns server, with a powerdns-on-rails web front end, on a CentOS x86_64 VM.
This describes a power DNS authoritative DNS server appliance. The VM is created with
- Name viridian.lucidsolutions.co.nz
- CentOS v5.5, x86_64, minimal packages
- 256MB RAM
- 2 cores
- 8GB root filesystem
- 1GB swap
- a IPv4 private static address (behind a NAT), and an IPv6 static address.
Install Packages
Install the PowerDNS & MySQL packages:
# yum install pdns pdns-backend-pipe pdns-backend-mysql pdns-backend-geo mysql-server
MySql Configuration
Configure mysql to :
- only listen on the localhost interface
- allow idle connection to stay open for longer than the sefauls 10seconds to overcom the message "Backend error: Failed to execute mysql_query, perhaps connection died? Err=1: MySQL server has gone away"
Add the following to '/etc/my.cnf'.
[mysqld] bind-address = localhost # Leave connections open for up to a day connect_timeout = 86400
Start the daemon
# chkconfig mysqld on # service mysqld start
Create the power DNS database
# mysqladmin create powerdns # mysql mysql> GRANT USAGE ON *.* TO 'powerdns'@'localhost' IDENTIFIED BY 'a-long-password'; mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, LOCK TABLES, ALTER ON powerdns.* TO 'powerdns'@'localhost'; mysql> flush privileges;
Power DNS Configuration
Create MySQL tables
Apply the sql from the appendix to create the MySQL tables, using the MySQL root user.
# mysql -D powerdns < pdns-generic-mysql.sql
pdns config
Reduce the power dns configuration '/etc/pdns/pdns.conf' down to support- ipv4 on a specific address
- ipv6 on a specific address
- generic mysql backend, using a unix domain socket (c.f. TCP)
setuid=pdns setgid=pdns local-address=10.20.2.10 local-ipv6=2001:4428:225:2::10 launch=gmysql gmysql-socket=/var/lib/mysql/mysql.sock gmysql-user=powerdns gmysql-password=a-long-password gmysql-dbname=powerdns
Start the power dns authoritative server:
# chkconfig pdns on # service pdns start
PowerAdmin Web interface
Use the PowerAdmin web interface with Nginx and php-fpm. PowerAdmin is packaged in the EPEL repository. Php-fpm is part of php v5.3.3 and greater; however this isn't available in the standard EL v5.x repositories so use the IUS community repository.
Install the EPEL repository. This is a dependency of the IUS repository and provides nginx.
# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Install IUS Community repository, and edit the repo file to explicitly include EL v5.5 or later RPM's. (Note: The default IUS repo file for EL v5.0 will NOT include the php53-fpm RPM).
# rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm
Install PHP with the fast-CGI process manager (php-fpm), as well as poweradmin and Nginx. As of Nov 2010 the lastest version of PowerAdmin in the EPEL repository is v2.1.2. Using the v2.1.4 source, a v2.1.4 binary RPM is available (which includes zone template support).
# yum install php53 php53-fpm php53-mcrypt php53-mysql php53u-pecl-apc poweradmin nginx
Configure PowerAdmin
The EPEL binary RPM doesn't come with the 'install' directory in the web server, so manually create the required database schema. Note that the 'zone templates' database tables are not included in the standard db structure script.
# mysql -D powerdns < /usr/share/doc/poweradmin-2.1.4/poweradmin-mysql-db-structure.sql # mysql -D powerdns < /tmp/poweradmin-2.1.4-zone-templates.sql
Edit '/etc/poweradmin/config.inc.php', and reference the localhost for the mysql database server, with the username/password and table define above. The password was the only thing that wasn't the default value.
$db_host = "localhost"; $db_user = "powerdns"; $db_pass = "long-password"; $db_name = "powerdns"; $db_type = "mysql";
Configure Nginx and php-fpm
Create a FastCGI Process Manager configuration file for the PowerAdmin site as '/etc/php-fpm.d/poweradmin.conf':
[poweradmin] listen = /var/lib/nginx/poweradmin.sock pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 user=nginx group=nginx slowlog = /var/log/php-fpm/poweradmin-slow.log php_admin_value[error_log] = /var/log/php-fpm/poweradmin-error.log php_admin_flag[log_errors] = on
Note: When php-fpm is installed, a default '/etc/php-fpm.d/www.conf' is created. I moved this config file out of the way (as the processes it creates were unused and consumed resources).
Add a nginx configuration for the web site as '/etc/nginx/conf.d/poweradmin.conf'. Note: The web site is sitting behind a reverse proxy that performs SSL/TLS offload, and deals with access control; thus just a http listener is configured.
server {
access_log /var/log/nginx/poweradmin.access.log main;
server_name _;
root /usr/share/poweradmin;
index index.php;
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (-f $request_filename) {
fastcgi_pass unix:/var/lib/nginx/poweradmin.sock;
}
}
location / {
}
}
Delete the whole of the 'server' section from the default nginx configuration (/etc/nginx/nginx.conf). The default configuration defines a default server (with the name '_') which will conflict with the default server in the configuration above.
The default installation assumes that Apache httpd will be used as the web server, and thus some files/directories have group ownership set to apache (e.g. '/var/lib/php/session'). Add the nginx user (the identity the Nginx server runs as) to the apache group:
# usermod -a -G apache nginx
Start the web server
Start the services, and browse to the web server:
# chkconfig nginx on # chkconfig php-fpm on # service php-fpm start # service nginx start
The default administrator username is 'admin' and the password is also 'admin' (md5sum 'admin' == 21232f297a57a5a743894a0e4a801fc3). As the instructions recommend, change this password.
Firewall rules
Add filewall rules to support the http management traffic to PowerAdmin, and DNS traffic to PowerDNS:
- ingress http (TCP 80)
- ingress SSH (TCP 22)
- ingress & egress DNS (TCP/UDP 53)
Links
PowerAdmin
PHP
Nginx
Appendices
PDNS MySQL
DROP TABLE IF EXISTS domains; create table domains ( id INT auto_increment, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, primary key (id) )type=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); DROP TABLE IF EXISTS records; CREATE TABLE records ( id INT auto_increment, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(6) DEFAULT NULL, content VARCHAR(255) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, primary key(id), CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ) TYPE = InnoDB; CREATE INDEX rec_name_index ON records(name); CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); DROP TABLE IF EXISTS supermasters; create table supermasters ( ip VARCHAR(25) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) DEFAULT NULL );
PowerAdmin v2.1.4 SQL changes
These changes are listed in the release notes, and not included in the standard SQL:
CREATE TABLE zone_templ ( id int(11) NOT NULL auto_increment, name varchar(128) NOT NULL, descr varchar(1024) NOT NULL, owner int(11) NOT NULL, PRIMARY KEY (id) ); CREATE TABLE zone_templ_records ( id int(11) NOT NULL auto_increment, zone_templ_id int(11) NOT NULL, name varchar(255) NOT NULL, type varchar(6) NOT NULL, content varchar(255) NOT NULL, ttl int(11) NOT NULL, prio int(11) NOT NULL, PRIMARY KEY (id) );
Installation of php53
The install of php53 pulls in a few X11 packages, which I found undesireable. The dependency chain seems to be php53 -> t1lib -> libX*.
# yum install php53 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package php53.x86_64 0:5.3.3-4.ius.el5 set to be updated --> Processing Dependency: php53-cli = 5.3.3-4.ius.el5 for package: php53 --> Processing Dependency: httpd-mmn = 20051115 for package: php53 --> Processing Dependency: php53-common = 5.3.3-4.ius.el5 for package: php53 --> Processing Dependency: php53-pear >= 1:1.8 for package: php53 --> Processing Dependency: libxslt >= 1.1.11 for package: php53 --> Processing Dependency: libtool-ltdl for package: php53 --> Processing Dependency: t1lib for package: php53 --> Processing Dependency: libedit for package: php53 --> Processing Dependency: libgmp.so.3()(64bit) for package: php53 --> Running transaction check ---> Package gmp.x86_64 0:4.1.4-10.el5 set to be updated ---> Package httpd.x86_64 0:2.2.3-43.el5.centos.3 set to be updated --> Processing Dependency: /etc/mime.types for package: httpd --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd ---> Package libedit.x86_64 0:2.11-2.20080712cvs.el5 set to be updated ---> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated ---> Package libxslt.x86_64 0:1.1.17-2.el5_2.2 set to be updated ---> Package php53-cli.x86_64 0:5.3.3-4.ius.el5 set to be updated ---> Package php53-common.x86_64 0:5.3.3-4.ius.el5 set to be updated ---> Package php53-pear.noarch 1:1.8.1-5.ius.el5 set to be updated ---> Package t1lib.x86_64 0:5.1.1-7.el5 set to be updated --> Processing Dependency: libXaw.so.7()(64bit) for package: t1lib --> Processing Dependency: libXt.so.6()(64bit) for package: t1lib --> Processing Dependency: libX11.so.6()(64bit) for package: t1lib --> Running transaction check ---> Package apr.x86_64 0:1.2.7-11.el5_5.3 set to be updated ---> Package apr-util.x86_64 0:1.2.7-11.el5_5.1 set to be updated --> Processing Dependency: libpq.so.4()(64bit) for package: apr-util ---> Package libX11.x86_64 0:1.0.3-11.el5 set to be updated --> Processing Dependency: xorg-x11-filesystem >= 0.99.2-3 for package: libX11 --> Processing Dependency: libXdmcp.so.6()(64bit) for package: libX11 --> Processing Dependency: libXau.so.6()(64bit) for package: libX11 ---> Package libXaw.x86_64 0:1.0.2-8.1 set to be updated --> Processing Dependency: libXext.so.6()(64bit) for package: libXaw --> Processing Dependency: libXmu.so.6()(64bit) for package: libXaw --> Processing Dependency: libXpm.so.4()(64bit) for package: libXaw ---> Package libXt.x86_64 0:1.0.2-3.2.el5 set to be updated --> Processing Dependency: libICE.so.6()(64bit) for package: libXt --> Processing Dependency: libSM.so.6()(64bit) for package: libXt ---> Package mailcap.noarch 0:2.1.23-1.fc6 set to be updated --> Running transaction check ---> Package libICE.x86_64 0:1.0.1-2.1 set to be updated ---> Package libSM.x86_64 0:1.0.1-3.1 set to be updated ---> Package libXau.x86_64 0:1.0.1-3.1 set to be updated ---> Package libXdmcp.x86_64 0:1.0.1-2.1 set to be updated ---> Package libXext.x86_64 0:1.0.1-2.1 set to be updated ---> Package libXmu.x86_64 0:1.0.2-5 set to be updated ---> Package libXpm.x86_64 0:3.5.5-3 set to be updated ---> Package postgresql-libs.x86_64 0:8.1.22-1.el5_5.1 set to be updated ---> Package xorg-x11-filesystem.noarch 0:7.1-2.fc6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================== Package Arch Version Repository Size ========================================================================================================== Installing: php53 x86_64 5.3.3-4.ius.el5 ius 1.3 M Installing for dependencies: apr x86_64 1.2.7-11.el5_5.3 updates 118 k apr-util x86_64 1.2.7-11.el5_5.1 updates 79 k gmp x86_64 4.1.4-10.el5 base 201 k httpd x86_64 2.2.3-43.el5.centos.3 updates 1.2 M libICE x86_64 1.0.1-2.1 base 54 k libSM x86_64 1.0.1-3.1 base 28 k libX11 x86_64 1.0.3-11.el5 base 798 k libXau x86_64 1.0.1-3.1 base 18 k libXaw x86_64 1.0.2-8.1 base 329 k libXdmcp x86_64 1.0.1-2.1 base 19 k libXext x86_64 1.0.1-2.1 base 37 k libXmu x86_64 1.0.2-5 base 63 k libXpm x86_64 3.5.5-3 base 44 k libXt x86_64 1.0.2-3.2.el5 base 181 k libedit x86_64 2.11-2.20080712cvs.el5 epel 80 k libtool-ltdl x86_64 1.5.22-7.el5_4 base 38 k libxslt x86_64 1.1.17-2.el5_2.2 base 488 k mailcap noarch 2.1.23-1.fc6 base 14 k php53-cli x86_64 5.3.3-4.ius.el5 ius 2.9 M php53-common x86_64 5.3.3-4.ius.el5 ius 566 k php53-pear noarch 1:1.8.1-5.ius.el5 ius 420 k postgresql-libs x86_64 8.1.22-1.el5_5.1 updates 196 k t1lib x86_64 5.1.1-7.el5 epel 208 k xorg-x11-filesystem noarch 7.1-2.fc6 base 5.4 k Transaction Summary ========================================================================================================== Install 25 Package(s) Upgrade 0 Package(s) Total download size: 9.3 M
