基于ubuntu_22.04的PowerDNS+PGSQL+SmartDNS+PDNS管理工具,内网最强DNS管理系统
在当今互联网架构中,DNS(域名系统) 作为网络基础设施的核心组件,承载着域名与 IP 地址解析的关键任务。无论是企业内部网络、家庭服务器,还是云上服务,一个稳定、高效且可管理的 DNS 系统都至关重要。
本文记录了一套基于 Ubuntu 22.04 系统,集成 PowerDNS(权威 DNS 服务器)、PostgreSQL(后端数据库)、SmartDNS(递归/缓存 DNS)以及 PDNS管理工具 软件的完整部署流程。通过分步实施与配置,不仅实现了内外网域名的智能解析与分流,还加入了安全策略、广告拦截与日志审计等增强功能。
📌 适用场景包括:
自建内网 DNS 服务
搭建具备管理界面的权威 DNS 服务器
实现国内外域名的解析优化与访问加速
学习 Linux 环境下服务配置与集成
整篇文档结构清晰、命令详实,适合具备一定 Linux 基础的系统管理员、运维工程师或网络爱好者参考与实践。让我们开始构建属于你自己的智能 DNS 解析体系吧。
1、系统准备
更新系统、安装PowerDNS软件
# 更新系统
sudo apt update && sudo apt upgrade -y
# 安装PowerDNS和Postgresql
sudo apt install -y postgresql postgresql-contrib pdns-server pdns-backend-pgsql
2、配置 PostgreSQL
2.1、使用脚本创建数据库:powerdns 和用户:powerdns
#!/bin/bash
set -e
# ================= 自动获取 PostgreSQL 版本 =================
PG_VERSION=$(psql --version | awk '{print $3}' | cut -d. -f1)
if [[ -z "$PG_VERSION" ]]; then
echo "❌ 无法获取 PostgreSQL 版本,请确认 psql 已安装"
exit 1
fi
# ================= 配置区 =================
PG_ADMIN_PASS="postgres" # postgres 管理员密码
DB_NAME="powerdns" # 业务数据库名
DB_USER="powerdns" # 业务用户
DB_PASS="powerdns" # 业务用户密码
PG_CONF="/etc/postgresql/${PG_VERSION}/main/postgresql.conf"
PG_HBA="/etc/postgresql/${PG_VERSION}/main/pg_hba.conf"
# =========================================
echo ">>> 检测到 PostgreSQL 版本: ${PG_VERSION}"
echo
echo ">>> [1/5] 初始化 PostgreSQL 用户和数据库"
# 切换到临时目录,避免 home 权限警告
cd /tmp
sudo -u postgres psql <<EOF
-- 设置 postgres 管理员密码
ALTER USER postgres WITH PASSWORD '${PG_ADMIN_PASS}';
-- 创建业务用户(如不存在)
DO \$\$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='${DB_USER}') THEN
CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';
ALTER USER ${DB_USER} CREATEDB;
END IF;
END
\$\$;
-- 创建数据库(直接用 SQL 判断并创建)
SELECT 'CREATE DATABASE ${DB_NAME} OWNER ${DB_USER} ENCODING ''UTF8'' LC_COLLATE ''en_US.UTF-8'' LC_CTYPE ''en_US.UTF-8'' TEMPLATE template0'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname='${DB_NAME}')\gexec
GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};
EOF
echo ">>> [2/5] 配置 postgresql.conf(监听所有地址)"
sudo sed -i \
-e "s/^#listen_addresses =.*/listen_addresses = '*'/" \
-e "s/^listen_addresses =.*/listen_addresses = '*'/" \
"$PG_CONF"
echo ">>> [3/5] 配置 pg_hba.conf(允许所有远程连接 IPv4/IPv6)"
# 备份 pg_hba.conf
sudo cp "$PG_HBA" "${PG_HBA}.bak.$(date +%F_%T)"
# 避免重复写入
grep -qE "^host\s+all\s+all\s+0.0.0.0/0\s+md5" "$PG_HBA" || \
echo "host all all 0.0.0.0/0 md5" | sudo tee -a "$PG_HBA" > /dev/null
grep -qE "^host\s+all\s+all\s+::/0\s+md5" "$PG_HBA" || \
echo "host all all ::/0 md5" | sudo tee -a "$PG_HBA" > /dev/null
echo ">>> [4/5] 重载 PostgreSQL 配置"
sudo systemctl reload postgresql
echo ">>> [5/5] 验证监听状态"
ss -lntp | grep 5432 || true
echo
echo "======================================"
echo " PostgreSQL PowerDNS 初始化完成 ✅"
echo
echo " PostgreSQL 版本 : ${PG_VERSION}"
echo " 数据库名 : ${DB_NAME}"
echo " 用户名 : ${DB_USER}"
echo " 密码 : ${DB_PASS}"
echo
echo " 连接示例:"
echo " psql -h <服务器IP> -U ${DB_USER} -d ${DB_NAME}"
echo "======================================"
2.2、导入Powerdns数据
sudo -u postgres psql -U powerdns -d powerdns -h 127.0.0.1 < /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql
3、配置PowerDNS
cat <<EOF> /etc/powerdns/pdns.conf
# zone-metadata-cache-ttl=60
# 启用 PostgreSQL 后端
# 配置端口和运行所有IP监听
local-port=54 ## 53端口为SmartDNS用
local-address=0.0.0.0
# 配置后端为pgsql数据库
launch=gpgsql
gpgsql-host=127.0.0.1
gpgsql-port=5432
gpgsql-dbname=powerdns
gpgsql-user=powerdns
gpgsql-password=powerdns
# 启用 API(供 Web UI 使用)
api=yes
api-key=E2JLjP5A@BtjfzxUadeapK@XUU97cV86VhpUUHyR9PcPKn
webserver-address=0.0.0.0
webserver-port=8081
webserver-allow-from=0.0.0.0/0,::1
# 日志(可选)
loglevel=6
EOF
4、安装配置SmartDNS
4.1、下载SmartDNS文件
wget -O /usr/sbin/smartdns https://github.com/pymumu/smartdns/releases/download/Release47.1/smartdns-x86_64 && sudo chmod +x /usr/sbin/smartdns
4.2、编写SmartDNS配置文件
## 创建目录
mkdir /etc/smartdns/
## 编写配置文件
cat <<EOF> /etc/smartdns/smartdns.conf
# SmartDNS 优化配置文件
# 适用于 Ubuntu/Debian 个人或家庭服务器
# 监听 127.0.0.1:53 + [::1]:53,仅本机可用
# ======================
# 基础配置
# ======================
bind :53
bind [::1]:53
# 强制返回 SOA 记录以避免某些应用报错
force-qtype-SOA 65
# ======================
# 日志配置(生产环境建议 info)
# ======================
log-file /var/log/smartdns/smartdns.log
log-level info # debug → info,减少日志量
log-num 2
log-size 128k
# ======================
# 审计与缓存
# ======================
audit-enable yes
audit-file /var/log/smartdns/smartdns-audit.log
cache-file /var/cache/smartdns/smartdns.cache
cache-persist yes
cache-size 4096
# ======================
# 性能与响应策略
# ======================
response-mode fastest-response
speed-check-mode ping,tcp:80
tcp-idle-time 120
prefetch-domain yes # 预取常用域名,提升体验
# ======================
# 安全与 TTL 控制
# ======================
max-reply-ip-num 2
rr-ttl-min 60
rr-ttl-max 3600
# ======================
# 上游 DNS 服务器(精简高可靠)
# ======================
# 国内主流 DNS(保留 3~4 个足够)
# 👇 新增:内网权威 DNS(PowerDNS)
server 127.0.0.1:54 -group internal
server 223.6.6.6 -group china # 阿里 DNS
server 119.29.29.29 -group china # 腾讯 DNSPod
server 180.76.76.76 -group china # 百度 DNS
server 114.114.114.114 -group china # 电信公共 DNS
# 国外主流 DNS
server 8.8.8.8 -group foreign # Google
server 1.1.1.1 -group foreign # Cloudflare
# 安全 DNS(可选)
server 114.114.114.119 -group safe # 114 安全版(屏蔽恶意)
server 9.9.9.9 -group safe # Quad9(国外安全)
# ======================
# IPv6 支持(如网络支持 IPv6 可保留,否则注释)
# ======================
# server 2400:3200::1 -group china-ipv6
# server 2001:4860:4860::8888 -group foreign-ipv6
# server 2606:4700:4700::1111 -group foreign-ipv6
# 这里添加PowerDNS解析的内网域名,下面是两个例子,一个正向区域解析,一个反向区域解析
# domain-rules /whguanghe.com/ -nameserver internal
# domain-rules /168.192.in-addr.arpa/ -nameserver internal
# 国内域名走国内 DNS
domain-rules /cn/ -nameserver china
domain-rules /com.cn/ -nameserver china
domain-rules /baidu.com/ -nameserver china
domain-rules /qq.com/ -nameserver china
domain-rules /taobao.com/ -nameserver china
domain-rules /tmall.com/ -nameserver china
domain-rules /jd.com/ -nameserver china
domain-rules /weibo.com/ -nameserver china
domain-rules /bilibili.com/ -nameserver china
domain-rules /zhihu.com/ -nameserver china
domain-rules /alipay.com/ -nameserver china
domain-rules /aliyun.com/ -nameserver china
domain-rules /tencent.com/ -nameserver china
domain-rules /163.com/ -nameserver china
domain-rules /sohu.com/ -nameserver china
# 国外域名走国外 DNS
domain-rules /google.com/ -nameserver foreign
domain-rules /youtube.com/ -nameserver foreign
domain-rules /github.com/ -nameserver foreign
domain-rules /microsoft.com/ -nameserver foreign
domain-rules /apple.com/ -nameserver foreign
domain-rules /wikipedia.org/ -nameserver foreign
domain-rules /cloudflare.com/ -nameserver foreign
domain-rules /netflix.com/ -nameserver foreign
# ======================
# 广告与跟踪域名拦截(增强版)
# ======================
address /ads.google.com/#
address /doubleclick.net/#
address /googleadservices.com/#
address /pagead2.googlesyndication.com/#
address /pubads.g.doubleclick.net/#
address /static.ads-twitter.com/#
address /ads.youtube.com/#
address /ad.xiaomi.com/#
address /tracking.*.com/#
address /analytics.*.com/#
address /beacon.*.com/#
# 常见广告/跟踪主域泛拦截(谨慎使用)
#address /*ad*/#
#address /*track*/#
#address /*analytic*/#
#address /*metric*/#
EOF
4.3、配置SmartDNS启动脚本文件
cat <<EOF> /etc/systemd/system/smartdns.service
[Unit]
Description=SmartDNS Server
After=network.target
Before=network-online.target
Before=nss-lookup.target
Wants=nss-lookup.target
StartLimitBurst=0
StartLimitIntervalSec=60
[Service]
Type=forking
PIDFile=/run/smartdns.pid
ExecStart=/usr/sbin/smartdns -c /etc/smartdns/smartdns.conf -p /run/smartdns.pid
Restart=always
RestartSec=2
TimeoutStopSec=15
[Install]
WantedBy=multi-user.target
Alias=smartdns.service
EOF
5、启动所有服务
systemctl daemon-reload
## 关闭默认的DNS服务
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
## 启动pdns和smartdns
systemctl restart pdns.service
systemctl restart smartdns.service
systemctl enable pdns.service
systemctl enable smartdns.service
systemctl enable postgresql.service
6、验证端口和服务
## 查看端口情况
➜ ~ ss -lntup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("smartdns",pid=558639,fd=9))
udp UNCONN 0 0 0.0.0.0:54 0.0.0.0:* users:(("pdns_server",pid=542512,fd=5))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("smartdns",pid=558639,fd=10))
tcp LISTEN 0 10 0.0.0.0:8081 0.0.0.0:* users:(("pdns_server",pid=542512,fd=7))
tcp LISTEN 0 244 0.0.0.0:5432 0.0.0.0:* users:(("postgres",pid=4506,fd=5))
tcp LISTEN 0 128 0.0.0.0:54 0.0.0.0:* users:(("pdns_server",pid=542512,fd=6))
tcp LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=424,fd=13))
tcp LISTEN 0 4096 127.0.0.1:42105 0.0.0.0:* users:(("containerd",pid=107,fd=8))
tcp LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=424,fd=14))
tcp LISTEN 0 244 [::]:5432 [::]:* users:(("postgres",pid=4506,fd=6))
tcp LISTEN 0 4096 *:5000 *:* users:(("docker-registry",pid=95,fd=6))
tcp LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=48))
## 查看服务运行情况
➜ ~ systemctl status pdns.service
* pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2025-12-18 07:35:09 UTC; 20h ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 542512 (pdns_server)
Tasks: 10 (limit: 386416)
Memory: 48.6M
CPU: 3min 20.194s
CGroup: /system.slice/pdns.service
`-542512 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Dec 19 03:05:15 SmartDNS pdns_server[542512]: Not validating response for security status update, this is a non-release version
Dec 19 03:10:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:15:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:20:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:25:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:30:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:35:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:35:15 SmartDNS pdns_server[542512]: Not validating response for security status update, this is a non-release version
Dec 19 03:40:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Dec 19 03:45:15 SmartDNS pdns_server[542512]: gpgsql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
➜ ~ systemctl status smartdns.service
* smartdns.service - SmartDNS Server
Loaded: loaded (/etc/systemd/system/smartdns.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2025-12-18 08:59:56 UTC; 18h ago
Process: 558637 ExecStart=/usr/sbin/smartdns -c /etc/smartdns/smartdns.conf -p /run/smartdns.pid (code=exited, status=0/SUCCESS)
Main PID: 558639 (smartdns)
Tasks: 6 (limit: 386416)
Memory: 3.7M
CPU: 12.746s
CGroup: /system.slice/smartdns.service
`-558639 /usr/sbin/smartdns -c /etc/smartdns/smartdns.conf -p /run/smartdns.pid
Dec 18 08:59:56 SmartDNS systemd[1]: Starting SmartDNS Server...
Dec 18 08:59:56 SmartDNS systemd[1]: Started SmartDNS Server.
评论区