安装web_dns(namedmanager+bind)
配置安装bind
- 安装
yum -y install bind
- 配置bind
#备份原配置
cp /etc/named.conf /etc/named.conf.bak
#替换配置文件 /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
- 检查配置文件并启动服务
#检查配置文件(没有报错就是正确的)
named-checkconf
#启动配置文件()
systemctl enable named
systemctl start named
- 修改本机DNS指向
#1.增加或修改网卡配置 /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1="10.10.10.10"
#2.增加或修改DNS配置 /etc/resolv.conf
nameserver 10.10.10.10
配置rndc远程控制管理
- 生成rndc-key
rndc-confgen -r /dev/urandom
根据输入内容将 key 以及 options写入到对应配置文件。
- 修改配置文件
#新增配置文件 /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
options {
default-key "rndc-key";
default-server 10.10.10.10;
default-port 953;
};
#增加配置 /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
controls {
inet 10.10.10.10 port 953
allow { 10.10.10.10; } keys { "rndc-key"; };
};
根据
rndc-confgen -r /dev/urandom输出,修改对应配置文件。
- 删除原有key及重启named
rm -rf /etc/rcdn.key
systemctl restart named.service
- 检查rndc是否可用
rndc status
安装配置namedmanager
- 下载程序并安装程序
wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
yum -y install namedmanager-*
- 修改配置bind
#新建文件夹并修改宿主
touch /etc/named.namedmanager.conf
chown apache:named /etc/named.namedmanager.conf
#增加配置 /etc/named.conf
include "/etc/named.namedmanager.conf";
- 配置mysql
#启动mysql
systemctl enable mariadb.service
systemctl start mariadb.service
#配置root密码
mysqladmin -uroot password 123456
#导入脚本
/usr/share/namedmanager/resources/autoinstall.pl
###Please enter MySQL root password (if any): ###输入root密码
- 配置php及http及hosts文件
#增加配置 /etc/namedmanager/config.php
$_SERVER['HTTPS'] = "TRUE";
#修改配置 /etc/namedmanager/config-bind.php
$config["api_url"] = "http://127.0.0.1:8080/namedmanager";
$config["api_server_name"] = "dns.server";
$config["api_auth_key"] = "dnskey";
$config["log_file"] = "/var/log/namedmanager_bind_configwriter";
#修改配置 /etc/php.ini
max_input_vars = 1000
#添加修改配置 /etc/httpd/conf/httpd.conf
Listen 8080
ServerName dns.server:8080
<Directory />
AllowOverride none
allow from all
#Require all denied
</Directory>
#增加hosts解析 /etc/hosts
127.0.0.1 dns.server
- 启动httpd
systemctl enable httpd
systemctl start httpd
#web访问地址
http://10.10.10.10:8080/namedmanager/
- 配置namedmanager脚本
#添加记录 /etc/hosts
#修改配置文件 /usr/share/namedmanager/bind/include/application/inc_soap_api.php
preg_match("/^http://(S*?)[:0-9]*//", $GLOBALS["config"]["api_url"], $matches);
#修改 /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
if (flock($fh_lock, LOCK_EX ))
{
log_write("debug", "script", "Obtained filelock");
}
#赋执行权限 /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
chmod +x /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
- 启动namedmanager脚本
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit start
- 检查启动结果
ps -ef|grep php|egrep -v grep
- 使用supervisor管理namedmanager脚本
namedmanager脚本是namedmanager核心,需持续在后台工作,建议使用监护软件对其进行管理。
#安装
yum -y install supervisor
#创建托管配置文件 /etc/supervisord.d/namedmanager_logpush.ini
[program:namedmanager_logpush]
command=php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
numprocs=1
directory=/usr/share/namedmanager/resources
autostart=true
autorestart=true
startsecs=22
startretries=4
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=false
stdout_logfile=/var/log/namedmanager_logpush.out
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=4
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/namedmanager_logpush.err
stderr_logfile_maxbytes=64MB
stderr_logfile_backups=4
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
#结束namedmanager脚本
ps aux |grep 'namedmanager_logpush.php' |awk '{print $2}' |xargs kill -9
#启动supervisor
systemctl enable supervisord.service
systemctl start supervisord.service
#检查运行状态
supervisorctl status
配置namedmanager页面,添加bind服务器
浏览器打开 http://10.10.10.10/namedmanager 登录用户名/密码 (setup/setup123)
-
配置Configuration选项卡
- DEFAULT_HOSTMASTER
1@2.3
- DEFAULT_TTL_SOA
86400
- DEFAULT_TTL_NS
120
- DEFAULT_TTL_MX
60
- DEFAULT_TTL_OTHER
60
- ADMIN_API_KEY
dnskey
- DATEFORMAT
yyyy-mm-dd
- TIMEZONE_DEFAULT
Asia/Shanghai
- Save Changes
-
配置New Servers选项卡
- Add New Server
- Name Server FQDN *
dns.server
注意:这里一定要填config-bind.php里对应$config["api_server_name"]项配置的值- Server Type
API
- API Authentication Key *
dnskey
- Nameserver Group *
default -- Default Nameserver Group
- Primary Nameserver *
Make this server the primary one used for DNS SOA records.
- Use as NS Record *
Adds this name server to all domains as a public NS record.
- Save Changes
保存后View Name Servers选项卡下,当
Zonefile Status,Logging Status变绿且成为status_synced,如一直不变绿,需要进行排错。
-
增加新的域
Domains/Zones -
View Domains查看新增的域,domain records添加域名解析
坑点1:config-bind.php里对应$config["api_server_name"] 使用主机名会导致无法将配置生效至配置文件。