The Namedmanager of DNS Web Management

First, download the Namedmanager RPM package

[[email protected] ~]# hostnamedns.test.cn[[email protected] named]# cat/etc/hosts127.0.0.1 localhost Localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.   localdomain6192.168.10.206 dns.test.cn[[email protected] ~]# ifconfig |grep 192.168 inet addr:192.168.10.206 bcast:192.168.10.255 mask:255.255.255.0[[email protected] named]# ping Dns.test.cnPING dns.test.cn ( 192.168.10.206) bytes of data.64 bytes from dns.test.cn (192.168.10.206): icmp_seq=1 ttl=64 time=0.027 ms64 bytes F  Rom dns.test.cn (192.168.10.206): icmp_seq=2 ttl=64 time=0.043 ms ... [[email protected] ~]# cd/usr/local/src/[[email protected] src]# wget http://repos.jethrocarr.com/pub/ Amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm[[email protected] src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/ Namedmanager-www-1.8.0-1.el6. noarch.rpm[[email protected] src]# lltotal 1352-rw-r--r--. 1 root root 109584 Dec namedmanager-bind-1.8.0-1.el6.noarch.rpm-rw-r--r--. 1 root root 1270108 Dec namedmanager-www-1.8.0-1.el6.noarch.rpm

Second, install Namedmanager

[[email protected] src]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml Modify/etc/httpd/conf/httpd.conf[[email protected] src]# vim/etc/httpd/conf/httpd.conf ... ServerName dns.test.cn:80[[email protected] src]# service mysqld start[[email protected] src]# service httpd Start[[email protected] src]# lsof-i:3306command PID USER FD TYPE DEVICE size/off NODE namemysqld 16589 mysq L 10u IPv4 77732 0t0 TCP *:mysql (LISTEN) [[email protected] src]# lsof-i:80command PID USER FD TYP   E DEVICE Size/off NODE namehttpd 16621 Root 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16623 Apache 4u IPV6 77759 0t0 TCP *:http (LISTEN) httpd 16624 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16 625 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16626 Apache 4u IPv6 77759 0t0 TCP *:http (L Isten) httpd 16627 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16628 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16629 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16630 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) [[Email prot Ected] src]# chkconfig mysqld on[[email protected] src]# chkconfig httpd on[[email protected] src]# mysqladmin -u root password 123456[[email protected] src]# RPM-UVH namedmanager-www-1.8.0-1.el6.noarch.rpm[[email  Protected] src]# cd/usr/share/namedmanager/resources/[[email protected] resources]#./ Autoinstall.plautoinstall.plThis script Setups The Namedmanager Database components: * Namedmanager MySQL User * Namedmana GER Database * Namedmanager configuration filesthis SCRIPT only NEEDS to being RUN for the VERY first INSTALL of Namedmanager . Don't RUN for any other reasonplease enter the MySQL root password (if any): 123456//Enter the MySQL password searching. /sql/for Latest Install Schema...../sql//version_20131222_install.sql is The latest file and'll is used for the install. Importing file: /sql//version_20131222_install.sqlcreating user ... Updating configuration file ... DB installation complete! You can now login with the default Username/password of setup/setup123 at Http://localhost/namedmanager[[email prote CTED] resources]# cd/usr/local/src/[[email protected] src]# yum install bind php-process[[email protected] src]# RPM-UVH namedmanager-bind-1.8.0-1.el6.noarch.rpm Modify/etc/named.conf[[email protected] src]# cp/etc/ Named.conf/etc/named.conf.bak[[email protected] src]# vim/etc/named.confoptions {listen-on port. {any;}        ;//Listen-on-v6 port 53 {:: 1;};        Directory "/var/named";        Dump-file "/var/named/data/cache_dump.db";        Statistics-file "/var/named/data/named_stats.txt";        Memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query {any;};         Allow-query-cache {any;}; Caching capabilities for DNS queries. It is not actually recommended to turn on this feature, i.e. deleteIn addition to this line of configuration.        If it is turned on, it will take some time before the DNS resolves the changes, because of the reason for caching.        recursion Yes;        Forward first;            Forwarders {223.5.5.5;            223.6.6.6;            8.8.8.8;          8.8.4.4;        };        Dnssec-enable Yes;        Dnssec-validation Yes;        Dnssec-lookaside Auto;        Bindkeys-file "/etc/named.iscdlv.key";        Managed-keys-directory "/var/named/dynamic";        };logging {Channel Default_debug {file "Data/named.run";        Severity dynamic; };}; Zone "."              {type hint;        File "named.ca"; };include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named.namedmanager.conf";

如果要bind可以在chroot的模式下运行[[email protected] src]# yum install bind-chroot建立“/etc/named.namedmanager.conf”文件的硬连接[[email protected] src]# ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf

If you do not establish a hard connection named startup, you will be prompted not to find "/etc/named.namedmanager.conf".
This is because:
Bind-chroot is a feature of bind that allows bind to run in a chroot mode. That is, the Bind runtime/(root) directory, not the system's real/(root) directory, just a subdirectory in the system.
The purpose of this is to improve security. Because in the chroot mode, bind can be accessed only within the scope of this subdirectory and cannot be further promoted into other directories in the system.

Chroot can change the root directory (/) location referenced by the program runtime, will be a specific subdirectory as the virtual root directory of the program, and the program can be used to run the system resources, user rights and the directory under strict control, the program only in this virtual root directory has permissions, Once you jump out of the directory, there is no permission. For example, in CentOS,/var/name/chroot is actually the virtual directory of the root directory (/), so the/etc directory in the virtual directory is actually the/VAR/NAMED/CHROOT/ETC directory, and the/var/named directory is actually/var/ Named/chroot/var/named directory. The advantage of the chroot feature is that if a hacker invades the system through bind, it can only be confined to the chroot directory and its subdirectories, and its destructive power is limited to the virtual directory, which will not threaten the security of the whole server.

Third, start named service

  [[email protected] src]# service named start[[email protected] src]# chkconfig named On[[email   protected] src]# lsof-i:53command PID USER FD TYPE DEVICE size/off NODE namenamed 16864 named 20u IPv4 81946 0t0 TCP Localhost:domain (LISTEN) named 16864 named 21u IPv4 81948 0t0 TCP 192.168.10.206:domain ( LISTEN) named 16864 named 512u IPv4 81945 0t0 UDP localhost:domainnamed 16864 named 513u IPv4 81947 0t 0 UDP 192.168.10.206:domain Modify/etc/namedmanager/config-bind.php[[email protected] src]# cp/etc/namedmanager/ Config-bind.php/etc/namedmanager/config-bind.php.bak[[email protected] src]# vim/etc/namedmanager/          config-bind.php. $config ["api_url"] = "Http://192.168.10.206/namedmanager";                            The installation location of the application $config["api_server_name"] = "dns.test.cn"; This must be consistent with name server names in the httpd configuration $config["Api_auth_key"] = "Dns";  

Four, set up a firewall

Namedmanager Deploy the machine this machine either shuts down iptables or installs the following settings: [[[email protected] src]# setenforce 0[[email protected] src]# Getenforce[[email protected] src]# vim/etc/sysconfig/selinux .... Selinux=disabled[[email protected] src]# iptables-f[[email protected] src]# iptables-p INPUT DROP[[email& Nbsp;protected] src]# iptables-p FORWARD drop[[email protected] src]# iptables-a input-m State--state ESTABLISHED , Related-j accept[[email protected] src]# iptables-a input-i lo-p all-j accept[[email protected] src]# ipta Bles-a input-p icmp-j accept[[email protected] src]# iptables-a input-p TCP--dport 22-j ACCEPT[[email pro Tected] src]# iptables-a input-p TCP--dport 53-j accept[[email protected] src]# iptables-a input-p UDP--dport 53-j accept[[email protected] src]# iptables-a input-p TCP--dport 80-j accept[[email protected] src]# iptab Les-a input-p TCP--dport 443-j accept disables IPV6. Add a domain name record (forward parsing and reverse parsing). Set the boot start service and restart the server. [[Email protected] src]# vim/etc/modprobe.d/dist.conf//File end add the following: ... alias net-pf-10 offalias IPv6 offchkconfig Ip6tables off[[email protected] src]# chkconfig httpd on[[email protected] src]# chkconfig mysqld on[[email& Nbsp;protected] src]# chkconfig named on[[email protected] src]# init 6//or perform "reboot"

v. Web-side Settings

Access Http://192.168.10.206/namedmanager, Default user name and password (setup,setup123). Do not forget to modify the user name and password in user management. 1. Set API KEY (configuration) 2, add name Servers3, add forward resolution 4, add reverse parse validation: [[email protected] ~]# Cd/var/named/[[email  protected] named]# lltotal 40-rw-r--r--. 1 root root 490 Apr 7 14:48 10.168.192.in-addr.arpa.zonedrwxr-x---. 7 root named 4096 APR 7 13:37 chrootdrwxrwx---. 2 named named 4096 APR 7 13:39 datadrwxrwx---. 2 named named 4096 APR 7 14:40 dynamic-rw-r--r--. 1 root root 455 Apr 7 14:45 test.cn.zone-rw-r-----. 1 root named 3289 Apr named.ca-rw-r-----. 1 root named Dec named.empty-rw-r-----. 1 root named June Named.localhost-rw-r-----. 1 root named 168 Dec named.loopbackdrwxrwx---. 2 named named 4096 the positive resolution configured for the Slavesa record is: [[email protected] named]# cat test.cn.zone$origin test.cn. $TTL 120  @ in SOA dns.test.cn.          Admin.kevin.com. (2018040703; serial 21600; refresh 3600; retry  604800; Expiry 120; Minimum TTL); nameserverstest.cn. 86400 in NS dns.test.cn.; Mailservers; Reverse DNS Records (PTR); CNAME; HOST RECORDSDB01-In a 192.168.10.205db02-in a 192.168.10.209dns 192.168.10.206web01 12 The reverse resolution configuration for the 0 in a 192.168.10.202web02 192.168.10.203PTR record is: [[email protected] named]# cat 10.168.192.IN-ADDR.A Rpa.zone$origin 10.168.192.in-addr.arpa. $TTL 120@ in SOA dns.test.cn. Admin.kevin.com. (2018040704; serial 21600; refresh 3600; retry 604800; E Xpiry 120; Minimum TTL); Nameservers10.168.192.in-addr.arpa. 86400 in NS dns.test.cn.; Mailservers; Reverse DNS Records (PTR) 202-in PTR web01.test.cn.203-in ptr web02.test.cn.205-in PTR db01.test.cn.206-in PTR dns.test.cn.209 in PTR db02.test.cn.; CNAME; HOST RECORDS

VI, client DNS settings

Set the DNS address of the Namedmanager native and all clients to 192.168.10.206 (that is, the IP address of the Namedmanager deployment machine) [[email protected] ~]# Ifconfig|grep 192 inet addr:192.168.10.202 bcast:192.168.10.255 mask:255.255.255.0[[email protected] ~]# cat/etc/resolv                         . Confdomain test.cnsearch test.cnnameserver 192.168.10.206[[email protected] ~]# Ping www.baidu.com Here goes the parsing of forwarders forwarding in DNS configuration ping www.a.shifen.com (14.215.177.38), bytes of data.64 bytes from 14.215.177.38 : icmp_seq=1 ttl=49 time=37.6 ms64 bytes from 14.215.177.38:icmp_seq=2 ttl=49 time=37.5 ms64 bytes from 14.215.177.38:ic Mp_seq=3 ttl=49 time=37.4 ms ..... [[email protected] ~]# ping Web02.test.cnPING web02.test.cn (192.168.10.203) (+) bytes of data.64 bytes from web02  . test.cn (192.168.10.203): icmp_seq=1 ttl=64 time=0.136 ms64 bytes from web02.test.cn (192.168.10.203): icmp_seq=2 ttl=64 time=0.212 ms64 bytes from web02.test.cn (192.168.10.203): icmp_seq=3 ttl=64 time=0.132 ms ..... Check the success of the forward and backward parsing on the client: [[EMAIL&NBSp;protected] ~]# host 192.168.10.209209.10.168.192.in-addr.arpa domain name pointer db02.test.cn. [[email protected] ~]# host db01.test.cndb01.test.cn has address 192.168.10.205

It is recommended to build multiple Namedmanager to achieve high availability.

The Namedmanager of DNS Web Management