201203132130架設網域名稱伺服器 DNS Server - CentOS 5.8, MyDNS 1.1.0, MyDNSConfig 3.0.1 正體中文 安裝筆記

自己架設網域名稱伺服器 DNS Server
 - CentOS 5.8 + MyDNS 1.1.0 + MyDNSConfig 3.0.1 正體中文版 安裝筆記(教學)

為何需要自架設自己的網域名稱務伺服器(DNS Server)?

申請好網域名稱後,域名註冊商那邊通常都會提供 DNS 代管的服務。
既然有人提供了,何必自己架設呢?
最主要的原因,就是這些網路免費或代管服務商可以設定DNS的紀錄筆數通常不多。
如果要增加的話大多必須額外付費,有的甚至無法增加。
而企業基於資訊安全考量,例如私有的雲端主機不便對外使用,像ERP系統;
又或者因內部資訊化而有另行建置子網域(Subdomain),或郵件主機交換記錄(MX Record)需求的企業來說。
在自己企業內部架設 DNS Server 是比較能完整解決問題的方法。
但是許多中小企業礙於預算關係,內部並未設置 Windows Server 主機。
也因此在內部資訊系統管理上,缺乏 DNS Server 進而造成內部控管,甚至無形中衍生出更多資安問題。

硬體需求(一部可穩定運作的"汰換級"電腦或筆電即可)
處理器:Atom 230(1.6 GHz)
記憶體:512MB
網路卡:10/100 MHz
硬碟機:6GB(CF或SD當硬碟亦可)

示範用虛擬機器(VirtulBox)
處理器:Athlon 250 (虛擬單核心)
記憶體:1024MB
網路卡:Intel Corporation 82540EM 10/100 MHz
硬碟機:8GB

教學用的模擬環境設定
主機名稱:dns.osak.org.tw
主機IP:192.168.100.101

參考來源
http://www.howtoforge.com/installing-mydns-mydnsconfig-centos-5.1
http://www.howtoforge.com/installing-mydns-and-mydnsconfig-3-on-fedora-10
http://www.howtoforge.com/installing-mydns-ng-and-mydnsconfig-3-on-debian-lenny
http://www.howtoforge.com/perfect-server-centos-5.7-x86_64-ispconfig-3

===================================================================================================================

安裝教學(若用32位元者請自行將 x86_64 改為 i386)

● 第一章 修改系統設定

1-1.修改主機IP

vi /etc/hosts
-----------------------------------------------------------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.100.101  dns.osak.org.tw dns
::1             localhost6.localdomain6 localhost6
-----------------------------------------------------------

1-2.修改網卡設定(設定之數值須以實際運作環境為準)

vi /etc/sysconfig/network-scripts/ifcfg-eth0
----------------------------------------------------------------
# Intel Corporation 82540EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.100.255
HWADDR=00:00:00:99:99:99
IPADDR=192.168.100.101
NETMASK=255.255.255.0
NETWORK=192.168.100.0
GATEWAY=192.168.100.254
ONBOOT=yes
----------------------------------------------------------------

1-3.重新啟動網路

/etc/init.d/network restart

1-4.匯入軟體套件GPG密鑰

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

1-5.修改套件庫升級更新為本地來源(以下兩者皆可)
  http://ftp.twaren.net/Linux/CentOS/ <- 國家高速網路與計算中心 FTP
  http://mirror01.idc.hinet.net/CentOS/ <- 中華電信IDC中心 FTP

vi /etc/yum.repos.d/CentOS-Base.repo
---------------------------------------------------------------------------------------------
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://ftp.twaren.net/Linux/CentOS/?release=$releasever&arch=$basearch&repo=os
baseurl=http://ftp.twaren.net/Linux/CentOS/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://ftp.twaren.net/Linux/CentOS/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://ftp.twaren.net/Linux/CentOS/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://ftp.twaren.net/Linux/CentOS/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://ftp.twaren.net/Linux/CentOS/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirror.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
---------------------------------------------------------------------------------------------

1-6.重新開機以載入設定

reboot

1-7.軟體套件更新

yum update

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

 

● 第二章 安裝 Apache, MySQL, PHP, phpMyAdmin套件

2-1.安裝相關套件

wget http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm --import RPM-GPG-KEY.dag.txt

cd /tmp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

yum install httpd mysql-server php php-mysql php-mbstring php php-devel php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 php-cli phpMyAdmin

2-2.建立 MySQL 系統啟動連結,並啟動它:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

2-3.更改 Apache 配置檔讓非本機從外部連線 phpMyAdmin(註釋掉<Directory"/usr/share/phpmyadmin">段落)

vi /etc/httpd/conf.d/phpmyadmin.conf
------------------------------------------
#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>
------------------------------------------

2-4.變更 phpMyAdmin 為使用 HTTP 驗證方式:

vi /usr/share/phpmyadmin/config.inc.php
------------------------------------------
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]
------------------------------------------

2-5 設置 MySQL 資料庫與密碼

mysqladmin -u root password mydnspassword <-"mydnspassword"自行設定的密碼
mysqladmin -h dns.osak.org.tw -u root password mydnspassword

mysql -u root -p

mysql> CREATE DATABASE mydns;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON mydns.* TO 'mydns'@'localhost' IDENTIFIED BY 'mydnspassword';
mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON mydns.* TO 'mydns'@'localhost.localdomain' IDENTIFIED BY 'mydnspassword';
mysql> FLUSH PRIVILEGES;
mysql> quit;

2-6.建立 Apache 系統啟動連結,並啟動它:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

2-7.安裝日誌寫入工具

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

● 第三章 安裝 MyDNS

3-1.安裝 MyDNS

cd /tmp
wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

3-2.修改 MyDNS 配置(allow-axfr = yes, allow-tcp = yes, recursive = 168.95.1.1)

vi /etc/mydns.conf
------------------------------------------------------------------------------------
##
##  /etc/mydns.conf
##  Sun Jan 1 00:00:00 2012
##  For more information, see mydns.conf(5).
##


                                # DATABASE INFORMATION

db-host = localhost             # SQL server hostname
db-user = mydns                 # SQL server username
db-password = mydnspassword # SQL server password
database = mydns                # MyDNS database name


                                # GENERAL OPTIONS

user = nobody                   # Run with the permissions of this user
group = nobody                  # Run with the permissions of this group
listen = *                      # Listen on these addresses ('*' for all)
no-listen =                     # Do not listen on these addresses


                                # CACHE OPTIONS

zone-cache-size = 1024          # Maximum number of elements stored in the zone cache
zone-cache-expire = 60          # Number of seconds after which cached zones expires
reply-cache-size = 1024         # Maximum number of elements stored in the reply cache
reply-cache-expire = 30         # Number of seconds after which cached replies expire


                                # ESOTERICA

log = LOG_DAEMON                # Facility to use for program output (LOG_*/stdout/stderr)
pidfile = /var/run/mydns.pid    # Path to PID file
timeout = 120                   # Number of seconds after which queries time out
multicpu = 1                    # Number of CPUs installed on your system
recursive = 168.95.1.1                       # Location of recursive resolver
allow-axfr = yes                # Should AXFR be enabled?
allow-tcp = yes                 # Should TCP be enabled?
allow-update = no               # Should DNS UPDATE be enabled?
ignore-minimum = no             # Ignore minimum TTL for zone?
soa-table = soa                 # Name of table containing SOA records
rr-table = rr                   # Name of table containing RR data
soa-where =                     # Extra WHERE clause for SOA queries
rr-where =                      # Extra WHERE clause for RR queries
------------------------------------------------------------------------------------

3-3.建立 MyDNS 系統啟動序,並啟動它

chkconfig --levels 235 mydns on
/etc/init.d/mydns start

3-4.安裝防火牆防護與木馬&後門偵測

yum install fail2ban

vi /etc/fail2ban/fail2ban.conf
--------------------------------------------------------------------------------
[...]
# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#
#logtarget = SYSLOG <- 註釋此列
logtarget = /var/log/fail2ban.log <- 新增此列
[...]
--------------------------------------------------------------------------------

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

yum install rkhunter

 

● 第四章 安裝 MyDNSConfig

4-1.取得 MyDNSConfig 套件(正體中文:http://osak.tw/ftp/MyDNSConfig-3.0.1.zip)

cd /tmp
wget http://downloads.sourceforge.net/mydnsconfig/MyDNSConfig-3.0.1.tar.gz
tar xvfz MyDNSConfig-3.0.1.tar.gz
cd mydnsconfig/install/

4-2.修改 MyDNSConfig 安裝檔

vi /tmp/mydnsconfig/install/lib/install.lib.php
------------------------------------------------------------------------------------
[...]
  if(stristr($content,'CentOS release 5.8 (Final)')) {
   $distname = 'CentOS';
   $distver = '5.8'; <- 改成現行安裝的版本號
   $distid = 'centos52';
   $distbaseid = 'fedora';
   swriteln("Operating System: CentOS 5.8 or compatiblen");
[...]
------------------------------------------------------------------------------------

4-3.開始安裝 MyDNSConfig 3.0.1

php -q install.php
--------------------------------------------------------------------------------
 __  __       _____  _   _  _____  _____             __ _
|  /  |     |  __ | | |/ ____|/ ____|           / _(_)
|   / |_   _| |  | |  | | (___ | |     ___  _ __ | |_ _  __ _
| |/| | | | | |  | | . ` |___ | |    / _ | '_ |  _| |/ _` |
| |  | | |_| | |__| | |  |____) | |___| (_) | | | | | | | (_| |
|_|  |_|__, |_____/|_| _|_____/ ________/|_| |_|_| |_|__, |
         __/ |                                             __/ |
        |___/                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian Lenny/Sid or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de,tw) [tw]: <-- 按 ENTER
Installation mode (standard,expert) [standard]: <-- 按 ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- 按 ENTER
MySQL server hostname [localhost]: <-- 按 ENTER
MySQL root username [root]: <-- 按 ENTER
MySQL root password []: <-- 輸入 MySQL 的 root 帳戶密碼
MySQL database to create [dbmydnsconfig]: <-- 按 ENTER
MySQL charset [utf8]: <-- 按 ENTER

Configuring MyDNS
Configuring Apache
Configuring Firewall
Installing MyDNSConfig
MyDNSConfig Port [8080]: <-- 輸入使用瀏覽器登入系統的 Port (若不變更直接按 ENTER 即可)

4-4.更改開機啟動順序

cd /etc/rc.d/rc2.d
mv S52mydns S65mydns
cd /etc/rc.d/rc3.d
mv S52mydns S65mydns
cd /etc/rc.d/rc5.d
mv S52mydns S65mydns

4-5.變更系統密碼

用瀏覽器開啟 http://192.168.100.101:8080

MyDNSConfig 預設的用戶名稱和密碼皆是:admin
登入系統後請記得更改密碼。








 

回應
    沒有新回應!
關鍵字





Powered by Xuite
[此功能已終止服務]