Web management tool for Linux under DNS service (BIND9)-namedmanager deployment Instructions

Namedmanager is a web-based DNS management system that you can use to add, adjust, and remove Zones/records data for DNS. it uses bind as the underlying DNS service, providing a modern Ajax web interface that supports IPV4 and IPV6. The application is stable and does not have any problems using the production environment. Too many introductions here do not explain, the following Namedmanager environment deployment process:

1) Download the Namedmanager RPM installation package

[[email protected] ~]# hostnamedns.kevin.cn[[email protected] named]# cat/etc/hosts127.0.0.1 localhost Localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6. localdomain6192.168.10.206 dns.kevin.cn[[email protected] ~]# ifconfig |grep 192.168 inet addr:192.168.10.20 6 bcast:192.168.10.255 mask:255.255.255.0[[email protected] named]# ping Dns.kevin.cnPING dns.kevin.cn ( 192.168.10.206) bytes of data.64 bytes from dns.kevin.cn (192.168.10.206): icmp_seq=1 ttl=64 time=0.027 ms64 bytes From dns.kevin.cn (192.168.10.206): icmp_seq=2 ttl=64 time=0.043 ms ... [[email protected] ~]# cd/usr/local/src/[[email protected] src]# wget http://repos.jethrocarr.com/pub/ Amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm[[email protected] src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm [[email protected] src]# lltotal 1352-rw-r--r--. 1 root root 109584 Dec namedmanager-bind-1.8.0-1.el6.noarch.rpm-rw-r--r--. 1 root root 1270108 Dec namedmanager-www-1.8.0-1.el6.noarch.rpm

2) install Namedmanager

[[email protected] src]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml Modify/etc/httpd/conf/httpd.conf[[email protected] src]# vim/etc/httpd/conf/httpd.conf ... ServerName dns.kevin.cn:80 [[email protected] src]# service mysqld start[[email protected] src]# service httpd start[[email protected] src]# lsof-i:3306command PID USER FD TYPE DEVICE size/off NODE namemysqld 1658    9 MySQL 10u IPv4 77732 0t0 TCP *:mysql (LISTEN) [[email protected] src]# lsof-i:80command PID USER FD     TYPE DEVICE Size/off NODE namehttpd 16621 Root 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16623 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16624 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) HTTP D 16625 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16626 Apache 4u IPv6 77759 0t0 TCP *:h TTP (LISTEN) httpd 16627 Apache 4u IPv6 77759 0T0 TCP *:http (LISTEN) httpd 16628 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) httpd 16629 Apache 4u IP V6 77759 0t0 TCP *:http (LISTEN) httpd 16630 Apache 4u IPv6 77759 0t0 TCP *:http (LISTEN) [[email  Protected] src]# chkconfig mysqld on[[email protected] src]# chkconfig httpd on [[email protected] src]# Mysqla dmin-u root password 123456 [[email protected] src]# RPM-UVH namedmanager-www-1.8.0-1.el6.noarch.rpm[[email  protected] src]# cd/usr/share/namedmanager/resources/[[email protected] resources]#./ autoinstall.plautoinstall.pl This script setups the Namedmanager Database components: * Namedmanager MySQL User * Namedman Ager database * Namedmanager configuration files This SCRIPT only NEEDS to being RUN for the VERY first INSTALL of Namedmanag ER. Don't RUN for any other REASON please enter the MySQL root password (if any): 123456//Enter the MySQL password searching. /sql/for Latest Install Schema...../sql//version_20131222_instaLl.sql is the latest file and would be used for the install. Importing file: /sql//version_20131222_install.sqlcreating user ... Updating configuration file ... DB installation complete! You can now login with the default Username/password of setup/setup123 at Http://localhost/namedmanager [[Email prot Ected] resources]# cd/usr/local/src/[[email protected] src]# yum install bind php-process[[email protected] src]# RPM-UVH namedmanager-bind-1.8.0-1.el6.noarch.rpm Modify/etc/named.conf[[email protected] src]# cp/etc/ Named.conf/etc/named.conf.bak[[email protected] src]# vim/etc/named.confoptions {listen-on port. {any;}        ;//Listen-on-v6 port 53 {:: 1;};        Directory "/var/named";        Dump-file "/var/named/data/cache_dump.db";        Statistics-file "/var/named/data/named_stats.txt";        Memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query {any;};        Allow-query-cache {any;}; recursion Yes;        Forward first;            Forwarders {223.5.5.5;            223.6.6.6;            8.8.8.8;          8.8.4.4;        };        Dnssec-enable Yes;        Dnssec-validation Yes;        Dnssec-lookaside Auto;        Bindkeys-file "/etc/named.iscdlv.key";        Managed-keys-directory "/var/named/dynamic"; };        Logging {Channel Default_debug {file "Data/named.run";        Severity dynamic; };}; Zone "."               {type hint;         File "named.ca"; }; Include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named.namedmanager.conf";

==========================================================

If bind can be run in chroot mode if bind can run in chroot mode [[email protected] src]# Yum install bind-chroot build "/etc/ named.namedmanager.conf "File hard connect [[email protected] src]# ln/etc/named.namedmanager.conf/var/named/chroot/etc/ named.namedmanager.conf If you do not establish a hard connection named Start, you are prompted to find "/etc/named.namedmanager.conf". This is because: Bind-chroot is a feature of bind that allows bind to run in a chroot mode. That is, the Bind runtime/(root) directory, not the system's real/(root) directory, just a subdirectory in the system. The purpose of this is to improve security. Because in the chroot mode, bind can be accessed only within the scope of this subdirectory and cannot be further promoted into other directories in the system. Chroot can change the root directory (/) location referenced by the program runtime, will be a specific subdirectory as the virtual root directory of the program, and the program can be used to run the system resources, user rights and the directory under strict control, the program only in this virtual root directory has permissions, Once you jump out of the directory, there is no permission. For example, in CentOS,/var/name/chroot is actually the virtual directory of the root directory (/), so the/etc directory in the virtual directory is actually the/VAR/NAMED/CHROOT/ETC directory, and the/var/named directory is actually/var/ Named/chroot/var/named directory. The advantage of the chroot feature is that if a hacker invades the system through bind, it can only be confined to the chroot directory and its subdirectories, and its destructive power is limited to the virtual directory, which will not threaten the security of the whole server.

==========================================================

3) Start named service

[[email protected] src]# service named start[[email protected] src]#   Chkconfig named on[[email protected] src]# lsof-i:53command PID USER FD TYPE DEVICE size/off NODE namenamed 16864 named 20u IPv4 81946 0t0 TCP localhost:domain (LISTEN) named 16864 named 21u IPv4 81948 0t0 TC  P 192.168.10.206:domain (LISTEN) named 16864 named 512u IPv4 81945 0t0 UDP localhost:domain named 16864 named 513u IPv4 81947 0t0 UDP 192.168.10.206:domain Modify/etc/namedmanager/config-bind.php[[email protected] src]# CP /etc/namedmanager/config-bind.php/etc/namedmanager/config-bind.php.bak[[email protected] src]# vim/etc/          namedmanager/config-bind.php. $config ["api_url"] = "Http://192.168.10.206/namedmanager";                            The installation location of the application $config["api_server_name"] = "dns.kevin.cn"; This must be consistent with name server names in the httpd configuration $config["Api_auth_key"] = "Dns"; 

4) set up a firewall

Namedmanager Deploy the machine this machine either shuts down iptables or installs the following settings: [[[email protected] src]# setenforce 0[[email protected] src]# Getenforce[[email protected] src]# vim/etc/sysconfig/selinux .... Selinux=disabled[[email protected] src]# iptables-f[[email protected] src]# iptables-p INPUT DROP[[email& Nbsp;protected] src]# iptables-p FORWARD drop[[email protected] src]# iptables-a input-m State--state ESTABLISHED , Related-j accept[[email protected] src]# iptables-a input-i lo-p all-j accept[[email protected] src]# ipta Bles-a input-p icmp-j accept[[email protected] src]# iptables-a input-p TCP--dport 22-j ACCEPT[[email pro Tected] src]# iptables-a input-p TCP--dport 53-j accept[[email protected] src]# iptables-a input-p UDP--dport 53-j accept[[email protected] src]# iptables-a input-p TCP--dport 80-j accept[[email protected] src]# iptab Les-a input-p TCP--dport 443-j accept disables IPV6. Add a domain name record (forward parsing and reverse parsing). Set the boot start service and restart the server. [[Email protected] src]# vim/etc/modprobe.d/dist.conf//File end add the following: ... alias net-pf-10 offalias IPv6 offchkconfig Ip6tables off[[email protected] src]# chkconfig httpd on[[email protected] src]# chkconfig mysqld on[[email& Nbsp;protected] src]# chkconfig named on[[email protected] src]# init 6//or perform "reboot"

4) Visit Namedmanager
Access Http://192.168.10.206/namedmanager, Default user name and password (setup,setup123). Do not forget to modify the user name and password in user management.

Then set the API key(such as. Set the email address and API Key, which is set in the/etc/namedmanager/config-bind.php file above )

Add a server. Name Server FQDN is the same as ServerName in httpd. (You can add the host name or IP address of the deployment machine as follows)

To add a forward domain name resolution

Add reverse Domain name resolution (if you have multiple IP segment clients, then add multiple reverse resolution configurations)

View forward and Reverse resolution domain name additions

The above has successfully added a positive and negative resolution domain name, now try to add some domain name of a and PTR records

Add a forward parse record first

As the above in the addition of a forward parsing, has checked the PTR reverse resolution (if not checked, you need to manually add PTR reverse parsing records), so this time already have the above several domain names of the reverse parsing records:

As above, several forward parsing records have been added to the Namedmanager deployment machine on this machine to view the relevant forward and backward parsing configurations:

[[email protected] ~]# cd/var/named/[[email protected] named]# lltotal 40-rw-r--r--. 1 root root 490 Apr 7 14:48 10.168.192.in-addr.arpa.zonedrwxr-x---. 7 root named 4096 APR 7 13:37 chrootdrwxrwx---. 2 named named 4096 APR 7 13:39 datadrwxrwx---. 2 named named 4096 APR 7 14:40 dynamic-rw-r--r--. 1 root root 455 Apr 7 14:45 kevin.cn.zone-rw-r-----. 1 root named 3289 Apr named.ca-rw-r-----. 1 root named Dec named.empty-rw-r-----. 1 root named June Named.localhost-rw-r-----. 1 root named 168 Dec named.loopbackdrwxrwx---. 2 named named 4096 the positive resolution configured for the Slavesa record is: [[email protected] named]# cat Kevin.cn.zone $ORIGIN kevin.cn. $TTL 120@ in SOA dns.kevin.cn.  Wangshibo.kevin.com. (2018040703; serial 21600; refresh 3600; Retry 604800 ; Expiry 120; Minimum TTL); nameserverskevin.cn. 86400 in NS dns.kevin.cn.; Mailservers; Reverse DNS ReCords (PTR); CNAME; HOST RECORDSdb01 in a 192.168.10.205db02-in a 192.168.10.209dns-in a 192.168.10.206web01-in a 192. The reverse resolution configuration for the 168.10.202WEB02 in A 192.168.10.203PTR record is: [[email protected] named]# cat 10.168.192.in-addr.arpa.zone $ORIGIN 10.168.192.in-addr.arpa. $TTL 120@ in SOA dns.kevin.cn.  Wangshibo.kevin.com. (2018040704; serial 21600; refresh 3600; Retry 604800 ; Expiry 120; Minimum TTL); Nameservers10.168.192.in-addr.arpa. 86400 in NS dns.kevin.cn.; Mailservers; Reverse DNS Records (PTR) 202-in PTR web01.kevin.cn.203-in ptr web02.kevin.cn.205-in PTR db01.kevin.cn.206 120 In PTR dns.kevin.cn.209-in PTR db02.kevin.cn.; CNAME; HOST RECORDS

5) set the DNS configuration of the client

Set the DNS address of the Namedmanager native and all clients to 192.168.10.206 (that is, the IP address of the Namedmanager deployment machine) [[email protected] ~]# Ifconfig|grep 192 inet addr:192.168.10.202 bcast:192.168.10.255 mask:255.255.255.0[[email protected] ~]# cat/etc/resolv                         . conf domain kevin.cnsearch kevin.cnnameserver 192.168.10.206[[email protected] ~]# Ping www.baidu.com Here goes the parsing of forwarders forwarding in DNS configuration ping www.a.shifen.com (14.215.177.38), bytes of data.64 bytes from 14.215.177  .38:icmp_seq=1 ttl=49 time=37.6 ms64 bytes from 14.215.177.38:icmp_seq=2 ttl=49 time=37.5 ms64 bytes from 14.215.177.38: Icmp_seq=3 ttl=49 time=37.4 ms ..... [[email protected] ~]# ping Web02.kevin.cnPING web02.kevin.cn (192.168.10.203) (+) bytes of data.64 bytes from web 02.kevin.cn (192.168.10.203): icmp_seq=1 ttl=64 time=0.136 ms64 bytes from web02.kevin.cn (192.168.10.203): icmp_seq=2 tt l=64 time=0.212 ms64 bytes from web02.kevin.cn (192.168.10.203): icmp_seq=3 ttl=64 time=0.132 ms ..... Check the success of the forward and backward parsing on the client: [[Email protected] ~]# host 192.168.10.209209.10.168.192.in-addr.arpa domain name pointer db02.kevin.cn. [[email protected] ~]# host db01.kevin.cndb01.kevin.cn has address 192.168.10.205

Note:
1) above is a single-machine deployment of bindmanager services, if it is an online environment, it is recommended to deploy on multiple machines (at least two machines) the same Bindmanger services, such as BindManger01, BindManger02 two machines;
2) in the client's/etc/resolv.conf file, the DNS address is configured to one of the Bindmanager deployment machine IP address, such as configured as BindManger01 address;
3) BindManger01 the forward and backward parsing files in real-time to the BindManger02 machine (direct synchronization/var/named This directory), the Bindmanger related services of both machines are in the boot state.
4) If the BindManger01 server fails, the DNS resolution service cannot be provided properly. At this point, you can quickly modify the IP address of the BINDMANGER02 to BindManger01 IP address. This allows for a quick failover.

Web management tool for Linux under DNS service (BIND9)-namedmanager deployment Instructions