##安裝web_dns(namedmanager+bind)php
###配置安裝bindmysql
- 安裝
yum -y install bind
- 配置bind
#備份原配置
cp /etc/named.conf /etc/named.conf.bak
#替換配置文件 /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
- 檢查配置文件並啓動服務
#檢查配置文件(沒有報錯就是正確的) named-checkconf #啓動配置文件() systemctl enable named systemctl start named
- 修改本機DNS指向
#1.增長或修改網卡配置 /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1="10.10.10.10" #2.增長或修改DNS配置 /etc/resolv.conf nameserver 10.10.10.10
###配置rndc遠程控制管理linux
- 生成rndc-key
rndc-confgen -r /dev/urandom
根據輸入內容將 key 以及 options寫入到對應配置文件。web
- 修改配置文件
#新增配置文件 /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
options {
default-key "rndc-key";
default-server 10.10.10.10;
default-port 953;
};
#增長配置 /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KYyFVJYweqVVVhOSVoO4Bw==";
};
controls {
inet 10.10.10.10 port 953
allow { 10.10.10.10; } keys { "rndc-key"; };
};
根據
rndc-confgen -r /dev/urandom輸出,修改對應配置文件。sql
- 刪除原有key及重啓named
rm -rf /etc/rcdn.key systemctl restart named.service
- 檢查rndc是否可用
rndc status
###安裝配置namedmanagerapache
- 下載程序並安裝程序
wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm wget https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm yum -y install namedmanager-*
- 修改配置bind
#新建文件夾並修改宿主 touch /etc/named.namedmanager.conf chown apache:named /etc/named.namedmanager.conf #增長配置 /etc/named.conf include "/etc/named.namedmanager.conf";
- 配置mysql
#啓動mysql systemctl enable mariadb.service systemctl start mariadb.service #配置root密碼 mysqladmin -uroot password 123456 #導入腳本 /usr/share/namedmanager/resources/autoinstall.pl ###Please enter MySQL root password (if any): ###輸入root密碼
- 配置php及http及hosts文件
#增長配置 /etc/namedmanager/config.php
$_SERVER['HTTPS'] = "TRUE";
#修改配置 /etc/namedmanager/config-bind.php
$config["api_url"] = "http://127.0.0.1:8080/namedmanager";
$config["api_server_name"] = "dns.server";
$config["api_auth_key"] = "dnskey";
$config["log_file"] = "/var/log/namedmanager_bind_configwriter";
#修改配置 /etc/php.ini
max_input_vars = 1000
#添加修改配置 /etc/httpd/conf/httpd.conf
Listen 8080
ServerName dns.server:8080
<Directory />
AllowOverride none
allow from all
#Require all denied
</Directory>
#增長hosts解析 /etc/hosts
127.0.0.1 dns.server
- 啓動httpd
systemctl enable httpd systemctl start httpd #web訪問地址 http://10.10.10.10:8080/namedmanager/
- 配置namedmanager腳本
#添加記錄 /etc/hosts
#修改配置文件 /usr/share/namedmanager/bind/include/application/inc_soap_api.php
preg_match("/^http:\/\/(\S*?)[:0-9]*\//", $GLOBALS["config"]["api_url"], $matches);
#修改 /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
if (flock($fh_lock, LOCK_EX ))
{
log_write("debug", "script", "Obtained filelock");
}
#賦執行權限 /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
chmod +x /usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
- 啓動namedmanager腳本
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit start
- 檢查啓動結果
ps -ef|grep php|egrep -v grep
- 使用supervisor管理namedmanager腳本
namedmanager腳本是namedmanager核心,需持續在後臺工做,建議使用監護軟件對其進行管理。centos
#安裝
yum -y install supervisor
#建立託管配置文件 /etc/supervisord.d/namedmanager_logpush.ini
[program:namedmanager_logpush]
command=php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
numprocs=1
directory=/usr/share/namedmanager/resources
autostart=true
autorestart=true
startsecs=22
startretries=4
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=false
stdout_logfile=/var/log/namedmanager_logpush.out
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=4
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/namedmanager_logpush.err
stderr_logfile_maxbytes=64MB
stderr_logfile_backups=4
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
#結束namedmanager腳本
ps aux |grep 'namedmanager_logpush.php' |awk '{print $2}' |xargs kill -9
#啓動supervisor
systemctl enable supervisord.service
systemctl start supervisord.service
#檢查運行狀態
supervisorctl status
###配置namedmanager頁面,添加bind服務器api
瀏覽器打開 http://10.10.10.10/namedmanager 登陸用戶名/密碼 (setup/setup123)瀏覽器
-
配置Configuration選項卡服務器
- DEFAULT_HOSTMASTER
- DEFAULT_TTL_SOA
86400
- DEFAULT_TTL_NS
120
- DEFAULT_TTL_MX
60
- DEFAULT_TTL_OTHER
60
- ADMIN_API_KEY
dnskey
- DATEFORMAT
yyyy-mm-dd
- TIMEZONE_DEFAULT
Asia/Shanghai
- Save Changes
-
配置New Servers選項卡
- Add New Server
- Name Server FQDN *
dns.server 注意:這裏必定要填config-bind.php裏對應$config["api_server_name"]項配置的值
- Server Type
API
- API Authentication Key *
dnskey
- Nameserver Group *
default -- Default Nameserver Group
- Primary Nameserver *
Make this server the primary one used for DNS SOA records.
- Use as NS Record *
Adds this name server to all domains as a public NS record.
- Save Changes
保存後View Name Servers選項卡下,當
Zonefile Status,Logging Status變綠且成爲status_synced,如一直不變綠,須要進行排錯。
-
增長新的域
Domains/Zones -
View Domains查看新增的域,domain records添加域名解析
坑點1:config-bind.php裏對應$config["api_server_name"] 使用主機名會致使沒法將配置生效至配置文件。