NamedManager安装Web管理bind9的DNS服务器

321re

一、NamedManager 介绍
    NamedManager is an AGPL web-based DNS management system designed to make the adding, adjusting and removal of zones/records easy and reliable.
    This also ensures that an outage of the management server web interface or SQL database will not result in any impact to DNS servers.

Key Features

• Allows addition, adjusting and deletion DNS zones.
  
• Supports Bind 9 and pushes Bind compatible configuration and zone files to configured servers.
  
• Supports Amazon Route53
  
• Ability to import from Bind zonefile support.
  
• Includes a log tailer that runs on the name servers and sends back logs that are rendered in the web interface.
  
• SOAP API to allow other tools to hook into the interface.
  
• Written in PHP and uses a MySQL database backend.
  
• Supports IPv4 and IPv6 users of the management interface.
  
• Supports IPv4 and IPv6 forward and reverse records zones.
  
• Supports internationalized domain names.
  
  

Using NamedManager

NamedManager is split into two parts:

• The web interface and MySQL DB that stores and provides configuration for the DNS zones.
  
• A component for bind which runs frequently and applies any configuration on the Bind name servers, eloads them and sends logs back to the web interface.
  
  

    You should (really should!) have at least two name servers, one model that works well is to have a master name server that runs the NamedManager interface and two slave servers that are public facing.

    With NamedManager, the usual Bind slave replication isn't used for zones, instead all the servers run as independents and NamedManager handles the replication of configuration between them.

更多信息请参考官方wiki: https://github.com/jethrocarr/namedmanager/wiki


二、NamedManager 安装

Installation

NamedManager is split into two key components:

• Management web interface
  
• Bind server integration component
  
  

These packages have a documented installation process, however it presumes a level of understanding and familiarity with Bind name servers and Linux administration.

The easiest way to install is to use RHEL (or a clone such as CentOS, Scientific Linux, Oracle Enterprise Linux, etc) and use the RPM package process as it saves considerable steps.

Requirements

NamedManager's web interface requires:

• PHP 5.3+ (php, php-soap, php-mysql, php-intl, php-xml)
  
• MySQL Server
  
  

The NamedManager Bind integration requires:

• Bind 9
  
• PHP 5.3+ (php-cli, php-soap, php-intl).
  
  

1. Preparation

Before installing NamedManager, make sure you have:

a) A functional Apache server setup with PHP 5 installed and SSL enabled.

b) A MySQL database server for storing the application's settings and cache DB.

c) One or more functional bind name servers (can be same or different hosts to the web interface). It is recommended that you use the "bind-chroot" package on RHEL systems.

d) Check the PHP version shipped with your distribution - RHEL 5 ships with PHP 5.1.x by default, ensure that this is upgraded to 5.3 by using the newer PHP packages from amberdms-upgrades OR by installing php53 packages provided by the distribution.

1 2 3 4 5

# cd /etc/yum.repos.d/ # wget http://repos.amberdms.com/config/centos/6/amberdms-c6-public.repo # yum makecache # yum -y install namedmanager-www

2. Install the MySQL database

When you install the RPM as per the steps above, it will advise you on the command to run to install the database.

This will execute a script that allows you to specific your MySQL root password (if any) and then sets up a new DB and user for NamedManager.

3. Write the configuration file

The configuration file will be automatically generated with all the options needed to get up and running by the installer. Note that the installer only contains the minimal key values, most of the options for configuration are exposed via the web interface.

All configuration is in the /etc/namedmanager/config.php file.

By default internal application authentication is used, optionally it can be switched to use LDAP - refer to Installation-Integration-LDAP for instructions on how to do this.

4. Login and setup the name servers.

Before you can configure any domain names and records, it's necessary to login to the web interface and configure your name servers.

NamedManager requires all the name servers to have an entry in NamedManager - this information is used to generate NS records for all the domains, as well as being where the API keys are set to allow the name servers to connect to NamedManager for pulling configuration.

The default login is username "setup", password "setup123". The application installs default Apache configuration to run at https://localhost/namedmanager.

5. (optional) Install the Bind integration modules

For each Bind nameserver being used, the namedmanager-bind RPM package needs to be installed. This step is optional and only needed if you want to use Bind with NamedManager.

This package provides two components:

• Configuration generation script which connects to the NamedManager web interface via SOAP and downloads the latest configuration and writes to Bind zonefiles and config files.
  
• The log feeder script which installs a bootscript that monitors logs and pushes them back into NamedManager.
  
  

1. 系统初始化关闭SELinux

1 2 3

# setenforce 0 # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2. 安装LAMP环境

1 2 3 4 5 6 7 8 9 10 11 12 13

#安装lamp环境 # yum -y install mysql mysql-server mysql-devel httpd php php-mysql wget make gcc # service httpd start # servicemysqld start # chkconfig httpd on # chkconfig mysqld on # mysqladmin -u root password sjtest123 ##配置系统主机名,httpd的servername名,类似ns1.example.com 修改/etc/httpd/conf/httpd.conf ServerName dns.test.com:80

3. named

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

# yum -y install bind* # chkconfig named on # named配置文件 # cp　-R　/usr/share/doc/bind-9.8.2/sample/*　/var/named/chroot/　 # echo > /var/named/chroot/etc/named.conf # vi /var/named/chroot/etc/named.conf options{     listen-on port 53 { any; };     directory  "/var/named";     dump-file  "/var/named/data/cache_dump.db";     statistics-file "/var/named/data/named_stats.txt";     memstatistics-file "/var/named/data/named_mem_stats.txt";     allow-query { any; };     allow-query-cache     { any; };     recursion  yes;     forward first;     forwarders { 114.114.114.114;8.8.8.8; };     querylog 0;     recursive-clients 50000;     dnssec-enable yes;         dnssec-validation yes;         dnssec-lookaside auto;         bindkeys-file "/etc/named.iscdlv.key";         managed-keys-directory "/var/named/dynamic"; };     logging{     channel default_debug{     file "data/named.run";     severity dynamic;     }; };     zone "." IN {        type hint;        file "named.ca";     }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named.namedmanager.conf"; ## 启动bind服务 # service named start

*******************************************************************************************************************

如果要bind可以在chroot的模式下运行

yum install bind-chroot

建立“/etc/named.namedmanager.conf”文件的硬连接

ln /etc/named.namedmanager.conf  /var/named/chroot/etc/named.namedmanager.conf

如果不建立硬连接named启动时，会提示找不到“/etc/named.namedmanager.conf”。

这是因为：

bind-chroot是bind的一个功能，使bind可以在一个chroot的模式下运行。也就是说,bind运行时的/(根)目录,并不是系统真正的/(根)目录，只是系统中的一个子目录而已。这样做的目的是为了提高安全性。因为在chroot的模式下，bind可以访问的范围仅限于这个子目录的范围里，无法进一步提升,进入到系统的其他目录中。

chroot可以改变程序运行时所参考的根目录(/)位置，即将某个特定的子目录作为程序的虚拟根目录，并且对程序运行时可以使用的系统资源，用户权限和所在目录进行严格控制，程序只在这个虚拟的根目录下具有权限，一旦跳出该目录就无任何权限。例如在centos中，/var/name/chroot实际上是根目录(/)的虚拟目录，所以虚拟目录中的/etc目录实际上是/var/named/chroot/etc目录，而/var/named目录实际上是/var/named/chroot/var/named目录。chroot功能的优点是：如果有黑客通过Bind侵入系统，也只能被限定在chroot目录及其子目录中，其破坏力也仅局限在该虚拟目录中，不会威胁到整个服务器的安全。

************************************************************************************************************

4. 安装namedmanager

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

# cd /etc/yum.repos.d/ # wget http://repos.amberdms.com/config/centos/6/amberdms-c6-public.repo # yum -y install namedmanager-www namedmanager-bind # chkconfig --level 35 namedmanager_logpush on # chown named:root /etc/named.namedmanager.conf ## 初始化数据 # cd /usr/share/namedmanager/resources/ # ./autoinstall.pl                        #输入mysql的passwd [iyunv@localhost resources]# ./autoinstall.pl autoinstall.pl This script setups the NamedManager database components: * NamedManager MySQL user * NamedManager database * NamedManager configuration files THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER. DO NOT RUN FOR ANY OTHER REASON Please enter MySQL root password (if any): 123456 Searching ../sql/ for latest install schema... ../sql//version_20131222_install.sql is the latest file and will be used for the install. Importing file ../sql//version_20131222_install.sql Creating user... Updating configuration file... DB installation complete! You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager ## crontab -e加入: * * * * * /usr/bin/php -q /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php >> /var/log/namedmanager_bind_configwriter

5. 配置namemanager

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

#配置namedmanager # vi/etc/named.conf加入: include "/etc/named.namedmanager.conf"; vi /etc/namedmanager/config-bind.php      # 更改相关项: $config["api_url"] = " ["api_server_name"] = "ns1.example.com";   //此处必须与web配置里的NameServer名称一致 $config["api_auth_key"] = "mykey"; #namedmanager的web管理 https://xx.xx.xx.xx/namedmanager 默认用户名和密码分别为:setup 和 setup123 NewServer里: addnewserver:     Name Server FQDN *  :  ns1.example.com        //这个也写在了apache 的servername里     Primary Nameserver * : 勾上     API Authentication Key * : mykey Domains/Zones里: add new domain:     Domain Type * : Standard Domain     Email Administrator Address * : 你的mail Configuration     DEFAULT_HOSTMASTER : admin@example.com     ADMIN_API_KEY : mykey