DNS可视化

IT
IT
IT
251
文章
1
评论
2020年5月21日13:57:55 评论 592 5991字阅读19分58秒

简介

传统的内网dns一般都得大家手动进服务器配置,我相信认识了博主之后,能可视化或自动化配置的,绝不再手动去做了。

系统

[root@instance-7tgaowaa ~]# cat /etc/redhat-release 
CentOS release 6.8 (Final)

防火墙

selinux和iptables自行关闭不再介绍

安装

[root@instance-7tgaowaa ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.2  dns.centoscn.vip
测试

[root@instance-7tgaowaa ~]# ping dns.centoscn.vip
PING instance-7tgaowaa (192.168.0.2) 56(84) bytes of data.
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from instance-7tgaowaa (192.168.0.2): icmp_seq=3 ttl=64 time=0.035 ms

安装基础环境

[root@instance-7tgaowaa ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml

修改配置

[root@instance-7tgaowaa ~]# vim /etc/httpd/conf/httpd.conf

ServerName dns.centoscn.vip:80

启动

[root@instance-7tgaowaa ~]# service mysqld start

[root@instance-7tgaowaa ~]# service httpd start

[root@instance-7tgaowaa ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port 
LISTEN 0 100 ::1:25 :::* users:(("master",2007,13))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",2007,12))
LISTEN 0 128 :::443 :::* users:(("httpd",22205,6),("httpd",22207,6),("httpd",22208,6),("httpd",22209,6),("httpd",22210,6),("httpd",22211,6),("httpd",22212,6),("httpd",22213,6),("httpd",22214,6))
LISTEN 0 50 *:3306 *:* users:(("mysqld",22173,10))
LISTEN 0 128 :::80 :::* users:(("httpd",22205,4),("httpd",22207,4),("httpd",22208,4),("httpd",22209,4),("httpd",22210,4),("httpd",22211,4),("httpd",22212,4),("httpd",22213,4),("httpd",22214,4))
LISTEN 0 128 :::22 :::* users:(("sshd",1904,4))
LISTEN 0 128 *:22 *:* users:(("sshd",1904,3))

加入开机启动

[root@instance-7tgaowaa ~]# chkconfig mysqld on
[root@instance-7tgaowaa ~]# chkconfig httpd on

设置密码

[root@instance-7tgaowaa ~]# mysqladmin -u root password 123456

上传到rpm包到如下目录

[root@instance-7tgaowaa ~]# cd /usr/local/src/
[root@instance-7tgaowaa src]#

点我获取安装包

解压

[root@instance-7tgaowaa src]# unzip 2018110713484219.zip 
Archive: 2018110713484219.zip
inflating: namedmanager-www-1.8.0-1.el6.noarch.rpm 
inflating: namedmanager-bind-1.8.0-1.el6.noarch.rpm 
[root@instance-7tgaowaa src]# ll
total 2528
-rw-r--r-- 1 root root 1203294 Nov 7 13:48 2018110713484219.zip
-rw-r--r-- 1 root root 109584 Dec 22 2013 namedmanager-bind-1.8.0-1.el6.noarch.rpm
-rw-r--r-- 1 root root 1270108 Dec 22 2013 namedmanager-www-1.8.0-1.el6.noarch.rpm

安装

[root@instance-7tgaowaa src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm

初始化

[root@instance-7tgaowaa src]# cd /usr/share/namedmanager/resources/
[root@instance-7tgaowaa resources]# ./autoinstall.pl
autoinstall.pl

This script setups the NamedManager database components:
* NamedManager MySQL user
* NamedManager database
* NamedManager configuration files

THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON

Please enter MySQL root password (if any): 123456
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
Updating configuration file...
DB installation complete!

You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

安装bind

[root@instance-7tgaowaa resources]# cd /usr/local/src/
[root@instance-7tgaowaa src]# yum install bind php-process

[root@instance-7tgaowaa src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm

修改/etc/named.conf

[root@instance-7tgaowaa src]# cp /etc/named.conf /etc/named.conf.bak
You have mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# > /etc/named.conf
[root@instance-7tgaowaa src]# vim /etc/named.conf


options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; }; //DNS查询的缓存功能。实际上不建议开启此功能,即删除这一行配置。如果打开了,当DNS解析修改后,因为缓存原因,需等待一段时间才能生效。
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";

};

logging { 
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." {
type hint; 
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";

如果要bind可以在chroot的模式下运行

[root@instance-7tgaowaa src]# yum install bind-chroot

[root@instance-7tgaowaa src]# ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf

启动named服务

[root@instance-7tgaowaa src]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
You have new mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# chkconfig named on

修改/etc/namedmanager/config-bind.php

[root@instance-7tgaowaa src]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
You have new mail in /var/spool/mail/root
[root@instance-7tgaowaa src]# vim /etc/namedmanager/config-bind.php

$config["api_url"] = "http://192.168.0.2/namedmanager"; // Application Install Location
$config["api_server_name"] = "dns.centoscn.vip"; // Name of the DNS server (important: part of the authentication process)
$config["api_auth_key"] = "Dns"; // API authentication key

禁用IPV6。添加域名记录(正向解析与反向解析)。设置开机启动服务,并重启服务器。

[root@instance-7tgaowaa src]# vim /etc/modprobe.d/dist.conf  ###末尾添加如下

alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off

加入开机启动并重启系统

[root@instance-7tgaowaa src]# chkconfig httpd on
[root@instance-7tgaowaa src]# chkconfig mysqld on
[root@instance-7tgaowaa src]# chkconfig named on
[root@instance-7tgaowaa src]# reboot

web页面访问

https://180.76.189.187/namedmanager/index.php

默认账号和密码

(setup,setup123)。不要忘记在用户管理中修改用户名和密码。

DNS可视化

接着设置API key(如下图。设置邮箱地址和API key,这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的)

DNS可视化

点击下面的save保存

添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。(如下添加部署机的主机名或者ip地址都可以)

DNS可视化

点击save保存

DNS可视化

添加域名正向解析

DNS可视化

点击save保存

添加反向域名解析(如果有多个ip段的客户机,那么就如下图添加多个反向解析配置)

DNS可视化

点击save保存

查看正反向解析域名添加情况

DNS可视化

上面已经成功添加了正反向解析域名,现在尝试添加一些域名的A记录和PTR记录

先添加A正向解析记录

DNS可视化

DNS可视化

由于上面在添加A正向解析的时候,已经勾选了PTR反向解析(如果没有勾选,则需要手动添加PTR反向解析记录),故这时候已经有了上面那几个域名的反向解析记录了:

DNS可视化

DNS可视化

到此web页面配置成功了

检查server端是不是绿色的

DNS可视化

 

客户端和服务端

不管是Linux还是windos把第一个dns设置成服务端IP即可。

 

提示

从现在起,大家使用过程中有什么问题,请在博文下方留言,博主会回复的,群里人太多回复不过来。

 

 

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年5月21日13:57:55
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
python版WEB页面FTP CentOS

python版WEB页面FTP

下载源码地址   $ sudo git clone https://github.com/cncentoscn/python 启动 $ cd python/ $ ll total 16 -r...
OSS授权每个Bucket单独权限 CentOS

OSS授权每个Bucket单独权限

安全 如果多个Bucket 使用一个AccessKey,这样就暴漏了安全痛点,万一谁手欠来个一键乱搞,那就真的懵逼了。 配置 新建独立子账号保存AccessKey备用 授权Bucket 新建权限策略 ...
SonarQube CentOS

SonarQube

SonarQube代码质量检查工具简介 Sonar (SonarQube)是一个开源平台,用于管理源代码的质量 Sonar 不只是一个质量数据报告工具,更是代码质量管理平台 支持Java, C#, C...