DNS可视化

DevOps

161
文章

0
评论

2023年2月22日 14:28:31CentOS评论1,221字数 5991阅读19分58秒阅读模式

简介

传统的内网dns一般都得大家手动进服务器配置，我相信认识了博主之后，能可视化或自动化配置的，绝不再手动去做了。

系统

[root@instance-7tgaowaa ~]# cat /etc/redhat-release 
CentOS release 6.8 (Final)

防火墙

selinux和iptables自行关闭不再介绍

安装

[root@instance-7tgaowaa ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.2  dns.centoscn.vip

测试

[root@instance-7tgaowaa ~]# ping dns.centoscn.vip
PING instance-7tgaowaa (192.168.0.2) 56(84) bytes of data.
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=3 ttl=64 time=0.035 ms

安装基础环境

[root@instance-7tgaowaa ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml

修改配置

[root@instance-7tgaowaa ~]# vim /etc/httpd/conf/httpd.conf

ServerName dns.centoscn.vip:80

启动

[root@instance-7tgaowaa ~]# service mysqld start

[root@instance-7tgaowaa ~]# service httpd start

[root@instance-7tgaowaa ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port 
LISTEN 0 100 ::1:25 :::* users:(("master",2007,13))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",2007,12))
LISTEN 0 128 :::443 :::* users:(("httpd",22205,6),("httpd",22207,6),("httpd",22208,6),("httpd",22209,6),("httpd",22210,6),("httpd",22211,6),("httpd",22212,6),("httpd",22213,6),("httpd",22214,6))
LISTEN 0 50 *:3306 *:* users:(("mysqld",22173,10))
LISTEN 0 128 :::80 :::* users:(("httpd",22205,4),("httpd",22207,4),("httpd",22208,4),("httpd",22209,4),("httpd",22210,4),("httpd",22211,4),("httpd",22212,4),("httpd",22213,4),("httpd",22214,4))
LISTEN 0 128 :::22 :::* users:(("sshd",1904,4))
LISTEN 0 128 *:22 *:* users:(("sshd",1904,3))

加入开机启动

[root@instance-7tgaowaa ~]# chkconfig mysqld on
[root@instance-7tgaowaa ~]# chkconfig httpd on

设置密码

[root@instance-7tgaowaa ~]# mysqladmin -u root password 123456

上传到rpm包到如下目录

[root@instance-7tgaowaa ~]# cd /usr/local/src/
[root@instance-7tgaowaa src]#

点我获取安装包

解压

[root@instance-7tgaowaa src]# unzip 2018110713484219.zip 
Archive: 2018110713484219.zip
inflating: namedmanager-www-1.8.0-1.el6.noarch.rpm 
inflating: namedmanager-bind-1.8.0-1.el6.noarch.rpm 
[root@instance-7tgaowaa src]# ll
total 2528
-rw-r--r-- 1 root root 1203294 Nov 7 13:48 2018110713484219.zip
-rw-r--r-- 1 root root 109584 Dec 22 2013 namedmanager-bind-1.8.0-1.el6.noarch.rpm
-rw-r--r-- 1 root root 1270108 Dec 22 2013 namedmanager-www-1.8.0-1.el6.noarch.rpm

安装

[root@instance-7tgaowaa src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm

初始化

[root@instance-7tgaowaa src]# cd /usr/share/namedmanager/resources/
[root@instance-7tgaowaa resources]# ./autoinstall.pl
autoinstall.pl

This script setups the NamedManager database components:
* NamedManager MySQL user
* NamedManager database
* NamedManager configuration files

THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON

Please enter MySQL root password (if any): 123456
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
Updating configuration file...
DB installation complete!

You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

安装bind

[root@instance-7tgaowaa resources]# cd /usr/local/src/
[root@instance-7tgaowaa src]# yum install bind php-process

[root@instance-7tgaowaa src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm

修改/etc/named.conf

[root@instance-7tgaowaa src]# cp /etc/named.conf /etc/named.conf.bak
You have mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# > /etc/named.conf
[root@instance-7tgaowaa src]# vim /etc/named.conf


options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; }; //DNS查询的缓存功能。实际上不建议开启此功能，即删除这一行配置。如果打开了，当DNS解析修改后，因为缓存原因，需等待一段时间才能生效。
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";

};

logging { 
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." {
type hint; 
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";

如果要bind可以在chroot的模式下运行

[root@instance-7tgaowaa src]# yum install bind-chroot

[root@instance-7tgaowaa src]# ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf

启动named服务

[root@instance-7tgaowaa src]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
You have new mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# chkconfig named on

修改/etc/namedmanager/config-bind.php

[root@instance-7tgaowaa src]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
You have new mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# vim /etc/namedmanager/config-bind.php

$config["api_url"] = "http://192.168.0.2/namedmanager"; // Application Install Location
$config["api_server_name"] = "dns.centoscn.vip"; // Name of the DNS server (important: part of the authentication process)
$config["api_auth_key"] = "Dns"; // API authentication key

禁用IPV6。添加域名记录（正向解析与反向解析）。设置开机启动服务，并重启服务器。

[root@instance-7tgaowaa src]# vim /etc/modprobe.d/dist.conf  ###末尾添加如下

alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off

加入开机启动并重启系统

[root@instance-7tgaowaa src]# chkconfig httpd on
[root@instance-7tgaowaa src]# chkconfig mysqld on
[root@instance-7tgaowaa src]# chkconfig named on
[root@instance-7tgaowaa src]# reboot