DNS系统基本是线上必不可少的应用之一,不仅方便我们理清调用关系(避免使用IP+端口),也可以减少流量(指走内网方式)。常见的几种DNS服务器有bind、coredns等,今天我们说说通过NamedManager搭建线上高可用DNS服务器。

1、NamedManager介绍

NamedManager is an AGPL web-based DNS management system designed to make the adding, adjusting and removal of zones/records easy and reliable.
Rather than attempting to develop a new nameserver as in the case of many DNS management interfaces, NamedManager supports the tried and tested Bind nameserver, by generating Bind compatible configuration files whenever a change needs to be applied.
This also ensures that an outage of the management server web interface or SQL database will not result in any impact to DNS servers.

2、要求

NamedManager’s web interface requires:

  • PHP 5.3+ (php, php-soap, php-mysql, php-intl, php-xml)
  • MySQL Server

The NamedManager Bind integration requires:

  • Bind 9
  • PHP 5.3+ (php-cli, php-soap, php-intl).

3、环境准备:

由于线上和测试环境本博都是使用Centos6.X系列(运行两年),故推荐大家使用,这里需要两台centos6
namedmanager-www-1.9.0-3.el6.noarch.rpm
namedmanager-bind-1.9.0-3.el6.noarch.rpm

软件包下载链接:https://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/x86_64/
关闭SELINUX

1
2
3
#setenforce 0
#sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#service iptables stop

4、正式安装:

4.1 安装 namedmanager-www

1
#yum localinstall namedmanager-www-1.9.0-3.el6.noarch.rpm

1
2
#cd /usr/share/namedmanager/resources/
#[root@bogon resources]# ./autoinstall.pl

4.2授权

1
2
mysql>  grant all privileges on namedmanager.*  to namedmanager@localhost identified by 'namedmanager';
mysql> flush privileges;

4.3 修改配置文件:

1
2
3
4
5
6
7
[root@bogon share]# vim /etc/namedmanager/config.php
<?php
$config["db_host"] = "localhost"; // hostname of the MySQL server
$config["db_name"] = "namedmanager"; // database name
$config["db_user"] = "namedmanager"; // MySQL user
$config["db_pass"] = "namedmanager"; // MySQL password (if any)
$config["AUTH_METHOD"] = "sql";

4.4 配置网页

1
#service httpd restart

登录网页https://IP/namedmanager/index.php 默认用户名和密码: setup 和setup123

  • 设置API key 和邮箱

  • 新增名称服务器

  • 配置域名记录

4.5 安装 Bind integration modules

1
#yum localinstall namedmanager-bind-1.9.0-3.el6.noarch.rpm
1
2
3
4
5
[root@bogon share]# vim /etc/namedmanager/config-bind.php
<?php
$config["api_url"] = "https://192.168.72.130/namedmanager"; // 主服务的IP地址
$config["api_server_name"] = "dns1.linuxunix.local"; // Name of the DNS server (important: part of the authentication process) //此处必须与web配置里的Name Server名称一致
$config["api_auth_key"] = "cd93dcmw23d"; // API authentication key 网页api key
1
2
3
4
5
6
7
8
9
10
11
12
13
# more /etc/cron.d/namedmanager-bind 


#
# NAMEDMANAGER INTEGRATION
# Cron Jobs
#

# check for new configuration every minute
*/1 * * * * root php -q /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php >> /var/log/namedmanager_bind_configwriter

# PHP slowly leaks memory, restart the process weekly to prevent it getting too large over months
01 01 * * 0 root /etc/init.d/namedmanager_logpush restart >> /dev/null 2>&1

bind配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
##cat /etc/named.conf
acl acl-host {
172.16.0.0/16;
192.168.0.0/16;
};
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { none; };
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
#memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { acl-host; }; //允许哪些主机通过本ns服务器解析
allow-query-cache { acl-host; };//允许用户查询服务器缓存
recursion yes;
allow-recursion { acl-host; }; //允许列表里主机查询域里面主机的记录外还允许递归查询
dnssec-enable no; //防止出现error (no valid RRSIG) resolving错误
dnssec-validation no;//防止出现error (no valid RRSIG) resolving错误
forwarders { 223.5.5.5;223.6.6.6;114.114.114.114; };//实现对非权威解析(已缓存的除外)都转发到特定DNS服务器
forward only;//联系不到转发器时不进行多余操作
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
notify no;
allow-transfer { none;};
// disable DDoS mechanisms in BIND
//clients-per-query 0;
//max-clients-per-query 0;
};

logging {

channel general_log {
file "/data/named/logs/general_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

channel default_log {
file "/data/named/logs/default_log" versions 10 size 10m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

channel query_log {
file "/data/named/logs/query_log" versions 5 size 200m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

category default { default_log; };
category general { general_log; };
category queries { query_log; };
};

zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
  • 重新启动 apache
    service httpd restart
  • 重新启动 named
    service named restart

4.6使用dig测试

5、namedmanager 主从(master、slave)

You should (really should!) have at least two name servers, one model that works well is to have a master name server that runs the NamedManager interface and two slave servers that are public facing.
With NamedManager, the usual Bind slave replication isn’t used for zones, instead all the servers run as independents and NamedManager handles the replication of configuration between them.
通常我们线上使用DNS,无论如何都需要避免单点。如使用 NamedManager, 主从复制不是通过 zones 文件(区域传送功能)实现的,而是NamedManager API方式来处理。

Slave 服务器搭建和上面基本一样,但是注意配置文件/etc/namedmanager/config-bind.php

1
2
3
4
5
[root@bogon share]# vim /etc/namedmanager/config-bind.php
<?php
$config["api_url"] = "https://192.168.72.130/namedmanager"; // 主服务的IP地址
$config["api_server_name"] = "dns2.linuxunix.local"; // Name of the DNS server (important: part of the authentication process) 此处必须与web配置里的Name Server名称一致
$config["api_auth_key"] = "cd93dcmw23d"; // API authentication key 网页api key


域名配置也需要加上

如果需要从的web也能显示域名,建议主从mysql配置主从,主从可参考以往我发的文章

6、汉化

有兴趣的小伙伴可以研究下官网提供的初始化sql即可

官方链接:https://github.com/jethrocarr/namedmanager

Comments

2018-05-12