NamedManager:DNS 服务搭建

发表于 更新于 分类于 本文字数: 990 阅读时长 ≈ 4 分钟
1\\\\\\\\. 环境准备与注意事项 1.1 系统要求 ​ ​操作系统​ ​:CentOS 7.6(RHEL 8存在兼容性问题) ​ ​端口要求​ ​...

1. 环境准备与注意事项

1.1 系统要求

  • 操作系统:CentOS 7.6(RHEL 8存在兼容性问题)
  • 端口要求:确保80、443端口未被占用
  • 硬件建议:至少2GB内存,20GB磁盘空间

1.2 常见踩坑点

  1. RHEL 8版本兼容性问题
  2. 端口冲突(特别是k8s和nginx服务)
  3. MySQL版本选择问题

2. 安装前准备

2.1 检查端口占用

1
netstat -tulnp | grep -E ':(80|443)'

2.2 停止冲突服务

1
systemctl stop nginx kubelet

3. 安装NamedManager核心组件

3.1 下载安装包

1
2
3
cd /usr/local/src/
wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm

3.2 安装依赖

1
yum install -y perl httpd mod_ssl php php-intl php-ldap php-mysql php-soap php-xml perl-DBD-MySQL

4. MySQL安装与配置

4.1 配置MySQL源

1
2
3
4
wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
rpm -ivh mysql80-community-release-el7-3.noarch.rpm
yum-config-manager --disable mysql80-community
yum-config-manager --enable mysql56-community

4.2 安装MySQL 5.6

1
2
3
yum install -y mysql-community-server
systemctl start mysqld
systemctl enable mysqld

4.3 设置root密码

1
2
mysql -u root
> SET PASSWORD = PASSWORD('MySQL5.6');

4.4 禁止MySQL更新

1
echo "exclude=mysql-community-client,mysql-community-common,mysql-community-libs,mysql-community-server" >> /etc/yum.conf

5. Apache配置

5.1 修改httpd.conf

1
vim /etc/httpd/conf/httpd.conf

关键修改

1
2
3
4
5
6
ServerName your_server_ip:80

<Directory />
    Options Indexes FollowSymLinks
    AllowOverride None
</Directory>

5.2 启动Apache

1
2
systemctl start httpd
systemctl enable httpd

6. NamedManager初始化

6.1 安装NamedManager

1
rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm

6.2 运行安装脚本

1
2
cd /usr/share/namedmanager/resources/
./autoinstall.pl

安装过程示例

1
2
3
Please enter MySQL root password: [输入密码]
DB installation complete!
Default login: setup/setup123

7. BIND DNS服务配置

7.1 安装BIND

1
2
yum install -y bind php-process
rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm

7.2 配置named.conf

1
vim /etc/named.conf

关键配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
options {
    listen-on port 53 { any; };      // 监听所有IPv4地址的53端口
    directory "/var/named";         // 工作目录

    // 统计文件设置
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";

    // 查询控制
    allow-query { any; };           // 允许所有客户端查询
    allow-query-cache { any; };     // 查询缓存设置(生产环境建议关闭)

    // 递归和转发设置
    recursion yes;                  // 启用递归查询
    forward first;                  // 优先使用转发器
    forwarders {                    // 转发器列表
        223.5.5.5;                 // 阿里云DNS
        8.8.8.8;                   // Google DNS
    };

    // DNSSEC配置
    dnssec-enable yes;              // 启用DNSSEC验证
    dnssec-validation yes;
};

logging {
    channel default_debug {
        file "data/named.run";      // 日志文件路径
        severity dynamic;           // 动态日志级别
    };
};

zone "." {
    type hint;                     // 根区域类型为hint
    file "named.ca";               // 根提示文件
};

// 包含其他配置文件
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";  // NamedManager生成的配置

7.3 配置chroot环境(可选)

1
2
yum install -y bind-chroot
ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf

7.4 启动BIND

1
2
systemctl start named
systemctl enable named

8. NamedManager与BIND集成

8.1 配置集成参数

1
vim /etc/namedmanager/config-bind.php

关键参数

1
2
3
$config["api_url"] = "http://your_server_ip/namedmanager";
$config["api_server_name"] = "your_server_ip:80";
$config["api_auth_key"] = "ultrahighsecretkey";

9. 安全配置

9.1 关闭SELinux

1
2
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

9.2 配置防火墙

1
2
3
4
5
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
service iptables save

10. 服务验证

10.1 检查服务状态

1
2
3
systemctl status httpd mysqld named
lsof -i:53
lsof -i:80

10.2 访问Web界面

  • URL:
  • 默认凭证: setup/setup123

11. 常见问题解决

11.1 服务启动失败

1
2
3
4
# 查看错误日志
journalctl -xe
tail -f /var/log/httpd/error_log
tail -f /var/log/messages

11.2 DNS解析问题

1
2
3
# 测试DNS解析
dig @localhost yourdomain.com
named-checkconf /etc/named.conf

12. 维护与管理

12.1 备份策略

1
2
3
4
5
# 数据库备份
mysqldump -u root -p namedmanager > namedmanager_backup.sql

# 配置文件备份
tar czvf namedmanager_config.tar.gz /etc/namedmanager /etc/named*

12.2 日志监控

1
2
3
4
5
# 实时监控访问日志
tail -f /var/log/httpd/access_log

# DNS查询日志
tail -f /var/log/named/queries.log

13. 关键配置文件详解

13.2 生产环境建议调整

  1. 安全限制

    1
    2
    allow-query { localhost; trusted-nets; };
    allow-recursion { localhost; trusted-nets; };

  2. 关闭查询缓存

    1
    allow-query-cache { none; };

  3. 性能调优

    1
    2
    max-cache-size 256M;
    max-cache-ttl 3600;

14. 配置验证方法

  1. 检查语法:

    1
    named-checkconf /etc/named.conf

  2. 测试加载:

    1
    named -u named -f -g

  3. 验证区域文件:

    1
    named-checkzone example.com /var/named/example.com.zone