系统环境
#cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
#uname -a
Linux node 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
安装部署namedmanager
https://repos.jethrocarr.com/pub/jethrocarr/linux/centos/7/jethrocarr-custom/x86_64/
下载最新版
[root@hdss7-11 opt]# yum localinstall namedmanager-* -y
...
Installed:
namedmanager-bind.noarch 0:1.9.0-2.el7.centos namedmanager-www.noarch 0:1.9.0-2.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 bind.x86_64 32:9.9.4-73.el7_6
httpd.x86_64 0:2.4.6-88.el7.centos httpd-tools.x86_64 0:2.4.6-88.el7.centos libzip.x86_64 0:0.10.1-8.el7
mailcap.noarch 0:2.1.41-2.el7 mariadb.x86_64 1:5.5.60-1.el7_5 mariadb-libs.x86_64 1:5.5.60-1.el7_5
mariadb-server.x86_64 1:5.5.60-1.el7_5 mod_ssl.x86_64 1:2.4.6-88.el7.centos perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7 perl-DBI.x86_64 0:1.627-4.el7
perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
php.x86_64 0:5.4.16-46.el7 php-cli.x86_64 0:5.4.16-46.el7 php-common.x86_64 0:5.4.16-46.el7
php-intl.x86_64 0:5.4.16-46.el7 php-ldap.x86_64 0:5.4.16-46.el7 php-mysqlnd.x86_64 0:5.4.16-46.el7
php-pdo.x86_64 0:5.4.16-46.el7 php-process.x86_64 0:5.4.16-46.el7 php-soap.x86_64 0:5.4.16-46.el7
php-xml.x86_64 0:5.4.16-46.el7
Dependency Updated:
bind-libs.x86_64 32:9.9.4-73.el7_6 bind-libs-lite.x86_64 32:9.9.4-73.el7_6 bind-license.noarch 32:9.9.4-73.el7_6 bind-utils.x86_64 32:9.9.4-73.el7_6
Complete!
先配mysql
启动mysql
[root@hdss7-11 mysql]# systemctl start mariadb.service
开机自启动
[root@hdss7-11 ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
配mysql的root密码
[root@hdss7-11 mysql]# mysqladmin -uroot password 123456
导入namedmanager的数据库脚本
/usr/share/namedmanager/resources/autoinstall.pl
[root@hdss7-11 ~]# cd /usr/share/namedmanager/resources/
[root@hdss7-11 resources]# ./autoinstall.pl
autoinstall.pl
This script setups the NamedManager database components:
* NamedManager MySQL user
* NamedManager database
* NamedManager configuration files
THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON
Please enter MySQL root password (if any): 123456
输入123456
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
Updating configuration file...
DB installation complete!
You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
配置namedmanager
config.php,增加一条配置
/etc/namedmanager/config.php
$_SERVER['HTTPS'] = "TRUE";
config-bind.php,修改以下三条配置
/etc/namedmanager/config-bind.php
$config["api_url"] = "http://dns-manager.od.com/namedmanager"; // Application Install Location
$config["api_server_name"] = "dns-manager.od.com"; // Name of the DNS server (important: part of the authentication process)
$config["api_auth_key"] = "verycloud"; // API authentication key
$config["log_file"] = "/var/log/namedmanager_bind_configwriter";
php.ini,修改一条配置
/etc/php.ini
; How many GET/POST/COOKIE input variables may be accepted
max_input_vars = 10000
绑host(临时)
/etc/hosts
10.4.7.11 dns-manager.od.com
配apache
/etc/httpd/conf/httpd.conf
Listen 8080
ServerName dns-manager.od.com
<Directory />
AllowOverride none
allow from all
#Require all denied
</Directory>
配nginx
/etc/nginx/conf.d/dns-manager.od.com.conf
server {
server_name dns-manager.od.com;
location =/ {
rewrite ^/(.*) http://dns-manager.od.com/namedmanager permanent;
}
location / {
proxy_pass http://10.4.7.11:8080;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
启动apache和nginx
启动apache
[root@hdss7-11 ~]# systemctl start httpd
[root@hdss7-11 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
启动nginx
[root@hdss7-11 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@hdss7-11 ~]# nginx
访问http://dns-manager.od.com,看看页面是否正常
继续改namedmanager的配置
改namedmanager_bind_configwriter.php
/usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
if (flock($fh_lock, LOCK_EX ))
{
log_write("debug", "script", "Obtained filelock");
}
启动namedmanager_logpush.rcsysinit
加执行权限
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
[root@hdss7-11 resources]# chmod u+x namedmanager_logpush.rcsysinit
启动该脚本
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
[root@hdss7-11 resources]# sh namedmanager_logpush.rcsysinit start
Starting namedmanager_logpush service:
[root@hdss7-11 resources]# nohup: redirecting stderr to stdout
检查是否启动
[root@hdss7-11 resources]# ps -ef|grep php|egrep -v grep
root 10738 1 0 10:49 pts/1 00:00:00 php -q /usr/share/namedmanager/bind/namedmanager_logpush.php
用supervisor管理起来
这个脚本非常重要,是整个namedmanager软件的核心,所以要保证它一直在后台启动,这里我们用supervisor这个软件把它管理起来
先安装supervisor软件
[root@hdss7-11 resources]# yum install supervisor -y
ependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
supervisor noarch 3.1.4-1.el7 epel 446 k
Installing for dependencies:
python-meld3 x86_64 0.6.10-1.el7 epel 73 k
python-setuptools noarch 0.9.8-7.el7 base 397 k
Transaction Summary
=============================================================================================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 916 k
Installed size: 4.4 M
...
Installed:
supervisor.noarch 0:3.1.4-1.el7
Dependency Installed:
python-meld3.x86_64 0:0.6.10-1.el7 python-setuptools.noarch 0:0.9.8-7.el7
Complete!
创建脚本启动的配置文件
/etc/supervisord.d/namedmanager_logpush.ini
[program:namedmanager_logpush]
command=php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
numprocs=1
directory=/usr/share/namedmanager/resources
autostart=true
autorestart=true
startsecs=22
startretries=4
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=false
stdout_logfile=/var/log/namedmanager_logpush.out
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=4
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/namedmanager_logpush.err
stderr_logfile_maxbytes=64MB
stderr_logfile_backups=4
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
启动supservisord服务
[root@hdss7-11 resources]# systemctl start supervisord
开机自启
[root@hdss7-11 resources]# systemctl enable supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
查看脚本启动情况
[root@hdss7-11 resources]# supervisorctl status
namedmanager_logpush RUNNING pid 9194, uptime 0:01:44
[root@hdss7-11 resources]# ps -ef|grep -v grep|grep php
root 9194 8979 0 11:14 ? 00:00:00 php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
这样脚本就可以保证高可用性了
检查日志
/var/log/namedmanager_logpush
[root@hdss7-11 resources]# tail -fn 200 /var/log/namedmanager_logpush
Error: Unable to authenticate with NamedManager API - check that auth API key and server name are valid
有报错,所以需要继续配置
改inc_soap_api.php
/usr/share/namedmanager/bind/include/application/inc_soap_api.php
preg_match("/^http:\/\/(\S*?)[:0-9]*\//", $GLOBALS["config"]["api_url"], $matches);
重启namedmanager_logpush.rcsysinit
如果已经用supervisor软件管理起来了,只需要kill掉脚本进程即可
[root@hdss7-11 resources]# ps -ef|grep -v grep|grep php|awk '{print $2}'|xargs kill -9
[root@hdss7-11 resources]# ps -ef|grep -v grep|grep php
root 9295 8979 1 11:18 ? 00:00:00 php -q /usr/share/namedmanager/bind/namedmanager_logpush.php 2>&1 > /var/log/namedmanager_logpush
[root@hdss7-11 resources]# supervisorctl
namedmanager_logpush RUNNING pid 9295, uptime 0:00:23
否则需要手动重启脚本
/usr/share/namedmanager/resources/namedmanager_logpush.rcsysinit
[root@hdss7-11 resources]# sh namedmanager_logpush.rcsysinit restart
Stopping namedmanager_logpush services:
Starting namedmanager_logpush service:
nohup: redirecting stderr to stdout
配置BIND9
先配rndc
rndc.key
[root@hdss7-11 ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-sha256;
secret "CD/4vqb9l0WiMy5TXjfeu1cMhyRerQ9kL2jwdBFWwa4=";
};
如果没有,使用如下命令生成rndc.key
[root@hdss7-11 ~]# rndc-confgen -r /dev/urandom
配rndc.conf
/etc/rndc.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "CD/4vqb9l0WiMy5TXjfeu1cMhyRerQ9kL2jwdBFWwa4=";
};
options {
default-key "rndc-key";
default-server 10.4.7.11;
default-port 953;
};
删除rndc.key
[root@hdss7-11 ~]# rm -f /etc/rndc.key
BIND9主配置文件
/etc/named.conf
options {
listen-on port 53 { 10.4.7.11; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { 10.4.7.12; };
also-notify { 10.4.7.12; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
key "rndc-key" {
algorithm hmac-sha256;
secret "CD/4vqb9l0WiMy5TXjfeu1cMhyRerQ9kL2jwdBFWwa4=";
};
controls {
inet 10.4.7.11 port 953
allow { 10.4.7.11; } keys { "rndc-key"; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
改named.namedmanager.conf文件属性
/etc/named.namedmanager.conf
[root@hdss7-11 named]# chown apache.apache /etc/named.namedmanager.conf
[root@hdss7-11 named]# ls -l /etc/named.namedmanager.conf
-rw-r--r-- 1 apache named 112 Dec 16 11:19 /etc/named.namedmanager.conf
检查配置并启动BIND9
检查配置
[root@hdss7-11 ~]# named-checkconf
启动BIND9
[root@hdss7-11 ~]# systemctl start named
开机自启动
[root@hdss7-11 ~]# systemctl enable named
检查启动情况
[root@hdss7-11 ~]# netstat -luntp|grep 53
tcp 0 0 10.4.7.11:53 0.0.0.0:* LISTEN 10922/named
tcp 0 0 10.4.7.11:953 0.0.0.0:* LISTEN 10922/named
udp 0 0 10.4.7.11:53 0.0.0.0:* 10922/named
配置NamedManager页面
浏览器打开http://dns-manager.od.com(提前绑好host),用户名/密码:setup/setup123
配置Configuration选项卡
Zone Configuration Defaults
DEFAULT_HOSTMASTER
54123098@qq.com
DEFAULT_TTL_SOA
86400
DEFAULT_TTL_NS
120
DEFAULT_TTL_MX
60
DEFAULT_TTL_OTHER
60
API Configuration
ADMIN_API_KEY
verycloud
Date and Time Configuration
DATEFORMAT
yyyy-mm-dd
TIMEZONE_DEFAULT
Asia/Shanghai
Save Changes
配置New Servers选项卡
Add NewServer
Server Details
Name Server FQDN *
dns-manager.od.com
注意:这里一定要填config-bind.php里对应$config["api_server_name"]项配置的值
Description
dns server for od.com
Server Type
Server Type
API (supports Bind)
API Authentication Key *
verycloud
必须勾选以下三项
Nameserver Group *
default – Default Nameserver Group
Primary Nameserver *
Make this server the primary one used for DNS SOA records.
Use as NS Record *
Adds this name server to all domains as a public NS record.
Save Changes
保存后View Name Servers选项卡下,Logging Status应变绿且成为status_synced,如一直不变绿,需要进行排错,不要继续往下做了。
两种方式
手动添加域
自动导入域
Domain Details
Domain Type *
Standard Domain
Reverse Domain (IPv4)
Reverse Domain (IPv6)
根据实际情况选择,这里选择Standard Domain(正解域)
Domain Name *
od.com
Description
od.com domain
注意:一定要勾选域服务器组
default – Default Nameserver Group
Email Administrator Address *
Email Administrator Address *
Domain Serial *
2018121601
Refresh Timer *
21600
Refresh Retry Timeout *
3600
Expiry Timer *
604800
Default Record TTL *
60
注意:这里配置SOA记录最后一个参数值没有按套路出牌,配置的并不是否定应答超时时间(NegativeAnswerTTL),而是默认资源记录的过期时间
Import Source
Bind 8/9 Compatible Zonefile
Zone File
选择文件host.com.txt
附1:host.com.txt
host.com.txt
$ORIGIN .
$TTL 600 ; 10 minutes
host.com IN SOA dns-manager.od.com. 541230398.qq.com. (
2019013106 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
$ORIGIN host.com.
$TTL 60 ; 1 minute
HDSS7-11 A 10.4.7.11
HDSS7-12 A 10.4.7.12
注意:这里可以不用给NS记录和对应的A记录了,会默认生成
点保存进入下一个配置页面
这里可以配置域的信息和描述,我们这里先配一个Standard Domain(正解域)
这里注意SOA记录的最后一个选项Default Record TTL *
检查一下和导入文件里的记录是否一致
先点一次保存
检查一遍域信息和描述
注意:这里一定要勾选服务器组(上个页面没有,这里新出来的选项)
检查一遍SOA记录
最后点一下保存,导入成功
附2:7.4.10.in-addr.arpa.txt
7.4.10.in-addr.arpa.txt
$TTL 600 ; 10 minutes
@ IN SOA dns-manager.od.com. 87527941.qq.com. (
2018121603 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
$ORIGIN 7.4.10.in-addr.arpa.
$TTL 60 ; 1 minute
11 PTR HDSS7-11.host.com.
12 PTR HDSS7-12.host.com.
注意:这里可以不用给NS记录和对应的A记录了,会默认生成
点保存进入下一个配置页面
注意:
Domain Type *应为Reverse Domain (IPv4)
IPv4 Network Address *应为10.4.7.0/24
配置SOA记录
检查一下和导入文件里的记录是否一致
先点一次保存
检查一遍域信息和描述
注意:这里一定要勾选服务器组(上个页面没有,这里新出来的选项)
Start of Authority Record
检查一遍SOA记录
最后点一下保存,导入成功
维护domain的基本配置,略
删除domain,略
Domain Details
Domain od.com selected for adjustment
Nameserver Configuration
这里是配置NS记录的配置区,默认会生成一条
Type TTL Name/Origin Content -
NS 120 od.com dns-manager.od.com -
Mailserver Configuration
略,暂不配置MX记录
Host Records Configuration
这里是配置重点,A记录、CNAME记录、TXT记录等都在这个里配置
这里增加两条A记录解析,增加一条CNAME解析
Type TTL Name Content ReversePTR -
A 60 dns-manager 10.4.7.11 no delete
A 60 www 10.4.7.11 no delete
CNAME 60 eshop www.od.com no delete
Save Changes
Domain Details
Domain host.com selected for adjustment
Nameserver Configuration
这里是配置NS记录的配置区,默认会生成一条
Type TTL Name/Origin Content -
NS 120 host.com dns-manager.od.com -
Mailserver Configuration
略,暂不配置MX记录
Host Records Configuration
这里是配置重点,A记录、CNAME记录、TXT记录等都在这个里配置
因为是从文件导入的域,默认会有记录
Type TTL Name Content -
PTR 60 11 HDSS7-11.host.com delete
PTR 60 12 HDSS7-12.host.com delete
Save Changes
Logging Status
status_synced
Zonefile Status
status_synced
全部变绿且为status_synced即为正常
查看服务器上配置文件(都是由namedmanager服务自动生成的)
/etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "od.com" IN {
type master;
file "od.com.zone";
allow-update { none; };
};
zone "host.com" IN {
type master;
file "host.com.zone";
allow-update { none; };
};
zone "7.4.10.in-addr.arpa" IN {
type master;
file "7.4.10.in-addr.arpa.zone";
allow-update { none; };
};
这里生成了三个zone,两个正解域,一个反解域,依次检查三个域的区域数据库文件:
od.com.zone
/var/named/od.com.zone
$ORIGIN od.com.
$TTL 60
@ IN SOA dns-manager.od.com. 87527941.qq.com. (
2018121610 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
60 ; minimum ttl
)
; Nameservers
od.com. 120 IN NS dns-manager.od.com.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
dns-manager 60 IN A 10.4.7.11
www 60 IN A 10.4.7.11
eshop 60 IN CNAME www.od.com.
host.com.zone
/var/named/host.com.zone
$ORIGIN host.com.
$TTL 60
@ IN SOA dns-manager.od.com. 87527941.qq.com. (
2018121604 ; serial
10800 ; refresh
900 ; retry
604800 ; expiry
60 ; minimum ttl
)
; Nameservers
host.com. 120 IN NS dns-manager.od.com.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
HDSS7-11 60 IN A 10.4.7.11
HDSS7-12 60 IN A 10.4.7.12
7.4.10.in-addr.arpa.zone
/var/named/7.4.10.in-addr.arpa.zone
$ORIGIN 7.4.10.in-addr.arpa.
$TTL 60
@ IN SOA dns-manager.od.com. 87527941.qq.com. (
2018121603 ; serial
10800 ; refresh
900 ; retry
604800 ; expiry
60 ; minimum ttl
)
; Nameservers
7.4.10.in-addr.arpa. 120 IN NS dns-manager.od.com.
; Mailservers
; Reverse DNS Records (PTR)
11 60 IN PTR HDSS7-11.host.com.
12 60 IN PTR HDSS7-12.host.com.
; CNAME
; HOST RECORDS
检查资源记录解析是否生效
# dig -t A www.od.com @10.4.7.11 +short
10.4.7.11
#dig -t A HDSS7-12.host.com @10.4.7.11 +short
10.4.7.12
#dig -x 10.4.7.11 @10.4.7.11 +short
HDSS7-11.host.com.
验证页面增、删、改是否均生效
注意:
增、删、改资源记录时,对应域的SOA记录的serial序列号会自动滚动,非常方便
这里在页面上操作资源记录,会先写mysql,再由php脚本定期刷到磁盘文件上,所以大概需要1分钟的时间生效
在维护主机域时,添加正解记录,并勾选后面的reverse选项,将同时生成一条反解记录,简化了操作
由于服务器上的区域数据库文件是由php进程定期更新的(根据mysql数据库里的数据),所以手动在服务器上修改资源记录是无法生效的,应该严格禁止
配置DNS主辅同步
略
配置客户端的DNS服务器
/etc/resolv.conf
# Generated by NetworkManager
search od.com host.com
nameserver 10.4.7.11
nameserver 10.4.7.12
把所有客户端绑定的临时hosts删除
/etc/hosts
#10.4.7.11 dns-manager.od.com
用户系统及操作审计功能
可以创建不同的管理员用户
该页面下可以查看所有的系统用户,并可以进行用户管理
Create a new User Account 增加用户
Username *
wangdao
Real Name *
StanleyWang
Contact Email *
password *
123456
password_confirm *
123456
disabled
勾上,用户不生效
不勾,用户生效
这里不勾
admin(超级管理员)
勾上,可以创建用户管理用户权限
不勾,不可以创建用户管理用户权限
这里不勾
namedadmins(管理员)
勾上,dns管理员,可以管理zone和资源记录
不勾,不可以管理zone和资源记录
这里勾选
删除用户,略
这里可以配置用户的基本信息
超级管理员可以帮助用户修改密码
User Options
option_shrink_tableoptions
Automatically hide the options table when using defaults
默认勾选,高级查询框显示与否
option_debug
Enable debug logging - this will impact performance a bit but will show a full trail of all functions and SQL queries made
默认不勾,勾选上可以在页面显示debug日志,建议部署时使用,投产后关闭
option_concurrent_logins
Permit this user to make multiple simultaneous logins
默认不勾,允许该用户在多点同时登录,应该严格禁止(审计)
可以进行DNS服务管理,但无法管理用户
操作过程略
可以看到所有用户的操作记录,实现审计功能,做到操作可溯
生产上强烈建议新生成一个超级管理员用户并将setup用户删除!
超级管理员用户应只有一个且不要轻易外泄,可以创建多个管理员账户。(一般根据业务而定,每个管理员负责一个子域)
管理员账户创建好后,应由各人自行登录修改密码。
超级管理员用户密码的复杂度要足够高,定期更换超级管理员用户密码。
原文出自:https://blog.stanley.wang/2018/12/16/%E5%AE%9E%E9%AA%8C%E6%96%87%E6%A1%A38%EF%BC%9A%E4%BC%81%E4%B8%9A%E7%BA%A7Web%20DNS%E5%AE%9E%E6%88%98/
