安装web_dns(namedmanager+bind)

配置安装bind

• 安装

yum -y install bind

• 配置bind

#备份原配置cp /etc/named.conf /etc/named.conf.bak #替换配置文件 /etc/named.confoptions {        listen-on port 53 { any; };        listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };         recursion yes;         dnssec-enable no;        dnssec-validation no;         bindkeys-file "/etc/named.iscdlv.key";         managed-keys-directory "/var/named/dynamic";         pid-file "/run/named/named.pid";        session-keyfile "/run/named/session.key";}; logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };}; zone "." IN {        type hint;        file "named.ca";}; include "/etc/named.rfc1912.zones";include "/etc/named.root.key";

• 检查配置文件并启动服务

#检查配置文件（没有报错就是正确的）named-checkconf #启动配置文件（）systemctl enable namedsystemctl start named

• 修改本机DNS指向

#1.增加或修改网卡配置 /etc/sysconfig/network-scripts/ifcfg-eth0DNS1="10.10.10.10"#2.增加或修改DNS配置 /etc/resolv.confnameserver 10.10.10.10

---

配置rndc远程控制管理

• 生成rndc-key

rndc-confgen -r /dev/urandom

根据输入内容将 key 以及 options写入到对应配置文件。

• 修改配置文件

#新增配置文件 /etc/rndc.confkey "rndc-key" {        algorithm hmac-md5;        secret "KYyFVJYweqVVVhOSVoO4Bw==";}; options {        default-key "rndc-key";        default-server 10.10.10.10;        default-port 953;}; #增加配置 /etc/named.confkey "rndc-key" {      algorithm hmac-md5;      secret "KYyFVJYweqVVVhOSVoO4Bw==";}; controls {      inet 10.10.10.10 port 953              allow { 10.10.10.10; } keys { "rndc-key"; };};

根据rndc-confgen -r /dev/urandom输出，修改对应配置文件。

• 删除原有key及重启named

rm -rf /etc/rcdn.keysystemctl restart named.service

• 检查rndc是否可用

rndc status

---

安装配置namedmanager

• 下载程序并安装程序

wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpmwget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm yum -y install namedmanager-*

• 修改配置bind

#新建文件夹并修改宿主touch /etc/named.namedmanager.confchown apache:named /etc/named.namedmanager.conf #增加配置 /etc/named.confinclude "/etc/named.namedmanager.conf";

• 配置mysql

#启动mysqlsystemctl enable mariadb.servicesystemctl start mariadb.service #配置root密码mysqladmin -uroot password 123456 #导入脚本/usr/share/namedmanager/resources/autoinstall.pl###Please enter MySQL root password (if any): ###输入root密码

• 配置php及http及hosts文件

#增加配置 /etc/namedmanager/config.php$_SERVER['HTTPS'] = "TRUE"; #修改配置 /etc/namedmanager/config-bind.php$config["api_url"]              = "http://127.0.0.1:8080/namedmanager";$config["api_server_name"]      = "dns.server";$config["api_auth_key"]         = "dnskey";$config["log_file"]             = "/var/log/namedmanager_bind_configwriter"; #修改配置 /etc/php.inimax_input_vars = 1000 #添加修改配置 /etc/httpd/conf/httpd.confListen 8080ServerName dns.server:8080
        AllowOverride none    allow from all    #Require all denied#增加hosts解析 /etc/hosts127.0.0.1 dns.server

• 启动httpd

systemctl enable httpdsystemctl start httpd #web访问地址http://10.10.10.10:8080/namedmanager/

• 配置namedmanager脚本

#添加记录 /etc/hosts #修改配置文件 /usr/share/namedmanager/bind/include/application/inc_soap_api.phppreg_match("/^http:\/\/(\S*?)[:0-9]*\//", $GLOBALS["config"]["api_url"], $matches); #修改 /usr/share/namedmanager/bind/namedmanager_bind_configwriter.phpif (flock($fh_lock, LOCK_EX )){        log_write("debug", "script", "Obtained filelock");} #赋执行权限 /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinitchmod +x /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit

• 启动namedmanager脚本

/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit start

• 检查启动结果

ps -ef|grep php|egrep -v grep

• 使用supervisor管理namedmanager脚本

namedmanager脚本是namedmanager核心，需持续在后台工作，建议使用监护软件对其进行管理。

#安装yum -y install supervisor #创建托管配置文件 /etc/supervisord.d/namedmanager_logpush.ini[program:namedmanager_logpush]command=php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpushnumprocs=1directory=/usr/share/namedmanager/resourcesautostart=trueautorestart=truestartsecs=22startretries=4exitcodes=0,2stopsignal=QUITstopwaitsecs=10user=rootredirect_stderr=falsestdout_logfile=/var/log/namedmanager_logpush.outstdout_logfile_maxbytes=64MBstdout_logfile_backups=4stdout_capture_maxbytes=1MBstdout_events_enabled=falsestderr_logfile=/var/log/namedmanager_logpush.errstderr_logfile_maxbytes=64MBstderr_logfile_backups=4stderr_capture_maxbytes=1MBstderr_events_enabled=false #结束namedmanager脚本ps aux |grep 'namedmanager_logpush.php' |awk '{print $2}' |xargs kill -9 #启动supervisorsystemctl enable supervisord.servicesystemctl start supervisord.service #检查运行状态supervisorctl status

---

配置namedmanager页面，添加bind服务器

浏览器打开 http://10.10.10.10/namedmanager 登录用户名/密码 （setup/setup123）

• 配置Configuration选项卡
  • DEFAULT_HOSTMASTER

    1@2.3

  • DEFAULT_TTL_SOA

    86400

  • DEFAULT_TTL_NS

    120

  • DEFAULT_TTL_MX

    60

  • DEFAULT_TTL_OTHER

    60

  • ADMIN_API_KEY

    dnskey

  • DATEFORMAT

    yyyy-mm-dd

  • TIMEZONE_DEFAULT

    Asia/Shanghai

  • Save Changes
• 配置New Servers选项卡
  • Add New Server

  • Name Server FQDN *

    dns.server

    注意：这里一定要填config-bind.php里对应$config["api_server_name"]项配置的值

  • Server Type

    API

  • API Authentication Key *

    dnskey

  • Nameserver Group *

    default -- Default Nameserver Group

  • Primary Nameserver *

    Make this server the primary one used for DNS SOA records.

  • Use as NS Record *

    Adds this name server to all domains as a public NS record.

  • Save Changes

保存后View Name Servers选项卡下，当Zonefile Status，Logging Status变绿且成为status_synced，如一直不变绿，需要进行排错。

• 增加新的域 Domains/Zones

• View Domains查看新增的域， domain records添加域名解析

坑点1：config-bind.php里对应$config["api_server_name"] 使用主机名会导致无法将配置生效至配置文件。