DNS-bind+namedmanager安装

2019/06/28 17:04
阅读数 666

##安装web_dns(namedmanager+bind)

###配置安装bind

  • 安装
yum -y install bind
  • 配置bind
#备份原配置
cp /etc/named.conf /etc/named.conf.bak
 
#替换配置文件 /etc/named.conf
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
 
        recursion yes;
 
        dnssec-enable no;
        dnssec-validation no;
 
        bindkeys-file "/etc/named.iscdlv.key";
 
        managed-keys-directory "/var/named/dynamic";
 
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
 
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
zone "." IN {
        type hint;
        file "named.ca";
};
 
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
  • 检查配置文件并启动服务
#检查配置文件(没有报错就是正确的)
named-checkconf
 
#启动配置文件()
systemctl enable named
systemctl start named
  • 修改本机DNS指向
#1.增加或修改网卡配置 /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1="10.10.10.10"
#2.增加或修改DNS配置 /etc/resolv.conf
nameserver 10.10.10.10

###配置rndc远程控制管理

  • 生成rndc-key
rndc-confgen -r /dev/urandom

根据输入内容将 key 以及 options写入到对应配置文件。

  • 修改配置文件
#新增配置文件 /etc/rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
 
options {
        default-key "rndc-key";
        default-server 10.10.10.10;
        default-port 953;
};
 
#增加配置 /etc/named.conf
key "rndc-key" {
      algorithm hmac-md5;
      secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
 
controls {
      inet 10.10.10.10 port 953
              allow { 10.10.10.10; } keys { "rndc-key"; };
};

根据rndc-confgen -r /dev/urandom输出,修改对应配置文件。

  • 删除原有key及重启named
rm -rf /etc/rcdn.key
systemctl restart named.service
  • 检查rndc是否可用
rndc status

###安装配置namedmanager

  • 下载程序并安装程序
wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
 
yum -y install namedmanager-*
  • 修改配置bind
#新建文件夹并修改宿主
touch /etc/named.namedmanager.conf
chown apache:named /etc/named.namedmanager.conf
 
#增加配置 /etc/named.conf
include "/etc/named.namedmanager.conf";
  • 配置mysql
#启动mysql
systemctl enable mariadb.service
systemctl start mariadb.service
 
#配置root密码
mysqladmin -uroot password 123456
 
#导入脚本
/usr/share/namedmanager/resources/autoinstall.pl
###Please enter MySQL root password (if any): ###输入root密码
  • 配置php及http及hosts文件
#增加配置 /etc/namedmanager/config.php
$_SERVER['HTTPS'] = "TRUE";
 
#修改配置 /etc/namedmanager/config-bind.php
$config["api_url"]              = "http://127.0.0.1:8080/namedmanager";
$config["api_server_name"]      = "dns.server";
$config["api_auth_key"]         = "dnskey";
$config["log_file"]             = "/var/log/namedmanager_bind_configwriter";
 
#修改配置 /etc/php.ini
max_input_vars = 1000
 
#添加修改配置 /etc/httpd/conf/httpd.conf
Listen 8080
ServerName dns.server:8080
<Directory />
    AllowOverride none
    allow from all
    #Require all denied
</Directory>

#增加hosts解析 /etc/hosts
127.0.0.1 dns.server
  • 启动httpd
systemctl enable httpd
systemctl start httpd
 
#web访问地址
http://10.10.10.10:8080/namedmanager/
  • 配置namedmanager脚本
#添加记录 /etc/hosts
 
#修改配置文件 /usr/share/namedmanager/bind/include/application/inc_soap_api.php
preg_match("/^http:\/\/(\S*?)[:0-9]*\//", $GLOBALS["config"]["api_url"], $matches);
 
#修改 /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
if (flock($fh_lock, LOCK_EX ))
{
        log_write("debug", "script", "Obtained filelock");
}
 
#赋执行权限 /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
chmod +x /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
  • 启动namedmanager脚本
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit start
  • 检查启动结果
ps -ef|grep php|egrep -v grep
  • 使用supervisor管理namedmanager脚本

namedmanager脚本是namedmanager核心,需持续在后台工作,建议使用监护软件对其进行管理。

#安装
yum -y install supervisor
 
#创建托管配置文件 /etc/supervisord.d/namedmanager_logpush.ini
[program:namedmanager_logpush]
command=php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
numprocs=1
directory=/usr/share/namedmanager/resources
autostart=true
autorestart=true
startsecs=22
startretries=4
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=false
stdout_logfile=/var/log/namedmanager_logpush.out
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=4
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/namedmanager_logpush.err
stderr_logfile_maxbytes=64MB
stderr_logfile_backups=4
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
 
#结束namedmanager脚本
ps aux |grep 'namedmanager_logpush.php' |awk '{print $2}' |xargs kill -9
 
#启动supervisor
systemctl enable supervisord.service
systemctl start supervisord.service
 
#检查运行状态
supervisorctl status

###配置namedmanager页面,添加bind服务器

浏览器打开 http://10.10.10.10/namedmanager 登录用户名/密码 (setup/setup123)

  • 配置Configuration选项卡

    • DEFAULT_HOSTMASTER

    1@2.3

    • DEFAULT_TTL_SOA

    86400

    • DEFAULT_TTL_NS

    120

    • DEFAULT_TTL_MX

    60

    • DEFAULT_TTL_OTHER

    60

    • ADMIN_API_KEY

    dnskey

    • DATEFORMAT

    yyyy-mm-dd

    • TIMEZONE_DEFAULT

    Asia/Shanghai

    • Save Changes
  • 配置New Servers选项卡

    • Add New Server
    • Name Server FQDN *

    dns.server 注意:这里一定要填config-bind.php里对应$config["api_server_name"]项配置的值

    • Server Type

    API

    • API Authentication Key *

    dnskey

    • Nameserver Group *

    default -- Default Nameserver Group

    • Primary Nameserver *

    Make this server the primary one used for DNS SOA records.

    • Use as NS Record *

    Adds this name server to all domains as a public NS record.

    • Save Changes

保存后View Name Servers选项卡下,当Zonefile StatusLogging Status变绿且成为status_synced,如一直不变绿,需要进行排错。

  • 增加新的域 Domains/Zones

  • View Domains查看新增的域, domain records添加域名解析

坑点1:config-bind.php里对应$config["api_server_name"] 使用主机名会导致无法将配置生效至配置文件。

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部