BIND da Active Directory® - Sadarwar SME

Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa

Barka dai abokai !. Babban maƙasudin wannan labarin shine don nuna yadda zamu iya haɗa sabis ɗin DNS bisa ga BIND9 a cikin hanyar sadarwar Microsoft, sananne a yawancin SMEs.

Ya samo asali ne daga buƙatun hukuma na aboki wanda ke zaune a La Tierra del Fuego -Fuegian- ƙwararre ne a cikin Microsoft® Networks -Sertifates sun haɗa- don jagorantarka a wannan ɓangare na ƙaurawar sabar ku zuwa Linux. Kudin da Jagora Mai fasaha wanda ya biya Microsoft® sun rigaya Ba za a iya jurewa ba ga Kamfanin da yake aiki wanda kuma shine Babban Mai Raba hannun jarin sa.

Aboki na Fuegian yana da tsananin barkwanci, kuma tunda ya ga jerin fina-finai uku «Ubangijin zobba»Yawancin halayen halayensa masu duhu sun kama shi. Don haka, Aboki mai karatu, kar kayi mamakin sunayen yankin ka da kuma sabobin ka.

Ga sababbin shiga batun, kuma kafin ci gaba da karatu, muna ba da shawarar ku karanta da nazarin labarai uku da suka gabata akan Sadarwar SME:

• DNS da DHCP a buɗeSUSE 13.2 "Harlequin"
• DNS da DHCP akan CentOS 7
• DNS da DHCP a cikin Debian 8 "Jessie"

Yana kama da kallon uku daga cikin sassa huɗu na «Worarƙashin ƙasa»An buga har zuwa yau, kuma wannan shine na huɗu.

Janar sigogi

Bayan musayar da yawa ta hanyar email, a ƙarshe na kasance a sarari game da manyan sifofin cibiyar sadarwar ku ta yanzu, waɗanda sune:

Sunan yanki mordor.fan LAN Hanyar sadarwa 10.10.10.0/24 ================================== ========================================== Manufar IP Adireshin Sabis ne (Masu aiki tare da OS Windows) ================================================== == ================================ sauron.mordor.fan. 10.10.10.3 Littafin Adireshin aiki® 2008 SR2 mamba.mordor.fan. 10.10.10.4 Windows fayil uwar garken darklord.mordor.fan. 10.10.10.6 Wakili, ƙofa da bangon waya akan Kerios troll.mordor.fan. 10.10.10.7 Blog dangane da ... ba zai iya tuna shadowftp.mordor.fan ba. 10.10.10.8 FTP uwar garken blackelf.mordor.fan. 10.10.10.9 Cikakken sabis na imel blackspider.mordor.fan. 10.10.10.10 WWW sabis palantir.mordor.fan. 10.10.10.11 Tattaunawa akan Openfire don Windows

Na nemi izinin Fuegian don sanya sunayen Ali ba yadda ya kamata don kawar da hankalina kuma ya ba ni izininsa:

Real CNAME ============================== sauron ad-dc mamba fileserver darklord proxyweb troll blog shadowftp ftpserver blackelf mail blackspider www palantir openfire

Na bayyana duk mahimman bayanai na DNS a girka na na Active Directory na Windows 2008 wanda aka tilasta ni aiwatarwa don jagorantar ni wajen yin wannan post.

Game da rikodin SRV na DNS na Littafin aiki

Rijistar SRV o Mazaunan Gidaje - waɗanda aka yi amfani da su a cikin Directory Aiki na Microsoft - an bayyana su a cikin Neman Sharhi RFC 2782. Suna ba da izinin wurin sabis bisa dogaro da yarjejeniyar TCP / IP ta hanyar tambayar DNS. Misali, abokin ciniki a kan hanyar sadarwar Microsoft na iya gano wurin da Masu Gudanarwar Yanki suke - Masu Gudanar da Yanki wanda ke ba da sabis na LDAP akan yarjejeniyar TCP akan tashar 389 ta hanyar tambaya guda DNS.

Yana da kyau cewa a cikin Dazuzzuka - gandun daji, da Bishiyoyi - Bishiyoyi na babban hanyar sadarwar Microsoft akwai Masu Gudanar da Yanki da yawa. Ta hanyar amfani da bayanan SRV a cikin Yankuna daban-daban waɗanda suka ƙunshi sararin Sunan Yanki na wannan hanyar sadarwar, za mu iya kula da Jerin Sabis waɗanda ke ba da sanannun sanannen sabis, waɗanda aka ba da umarnin bisa ga ƙa'idar jigilar kaya da tashar jiragen ruwa na kowane ɗaya daga cikin sabobin.

A cikin Neman Sharhi RFC 1700 Bayyana Sunayen Alamar Duniya don Sanannun Ayyuka - Sanannen Hidima, da sunaye kamar su_netnet«,«_smtp»Don ayyuka telnet y SMTP. Idan ba a bayyana sunan alama don Sabis sananne ba, ana iya amfani da suna ko wani suna bisa fifikon mai amfani.

Dalilin kowane filin «musamman»Anyi amfani dashi a cikin sanarwar SRV Resource Record shine mai zuwa:

• domain: "Pdc._msdcs.mordor.fan.«. Sunan DNS na sabis ɗin wanda rikodin SRV yake nufi. Sunan DNS a cikin misalin yana nufin-ƙari ko -asa- Mai Kula da Yankin Farko na yankin _msdcs.mordor.fan.
• Service: "_Ldap". Alamar sunan sabis ɗin da aka bayar da ma'anarta gwargwadon Neman Sharhi RFC 1700.
• layinhantsaki: "_Tcp". Yana nuna nau'in yarjejeniya ta safara. Yawanci yana iya ɗaukar ƙimomin _tcp o _duk, kodayake -kuma a zahiri- kowane irin yarjejeniya ta safara da aka nuna a cikin Neman Sharhi RFC 1700. Misali, don sabis hira yarjejeniya XMPP, wannan filin zai sami darajar _xmpp.
• Fifiko"0«. Bayyana fifiko ko fifiko ga Mai watsa shiri yana ba da wannan sabis ɗin cewa zamu gani anjima. Tambayoyin DNS na abokan ciniki game da sabis ɗin da aka bayyana ta wannan rikodin na SRV, a kan karɓar amsa mai dacewa, za su yi ƙoƙari su tuntuɓi mai karɓar baƙi na farko tare da mafi ƙarancin lambar da aka jera a cikin filin. Fifiko. Matsakaicin ƙimomin da wannan filin zai iya ɗauka shine 0 a 65535.
• Weight"100«. Za a iya amfani dashi a hade tare da Fifiko don samar da kayan aikin ɗaukar nauyi lokacin da akwai sabobin da yawa waɗanda ke ba da sabis iri ɗaya. Ya kamata a sami irin wannan rikodin na SRV ga kowane sabar a cikin fayil ɗin Yanki, tare da bayyana sunansa a cikin filin Mai watsa shiri yana ba da wannan sabis ɗin. Kafin sabobin tare da daidaitattun dabi'u a cikin filin Fifiko, darajar filin Weight ana iya amfani dashi azaman ƙarin matakin fifiko don samun madaidaicin zaɓi na saba don daidaita nauyi. Matsakaicin ƙimomin da wannan filin zai iya ɗauka shine 0 a 65535. Idan ba a buƙatar daidaita nauyin kaya, misali kamar yadda yake a cikin batun sabar ɗaya, ana bada shawarar sanya darajar 0 don sanya rikodin SRV a sauƙaƙe don karantawa.
• Lambar tashar jiragen ruwa - Port"389«. Lambar tashar shiga Mai watsa shiri yana ba da wannan sabis ɗin wanda ke ba da sabis ɗin da aka nuna a filin Service. Lambar tashar tashar jiragen ruwa da aka ba da shawarar kowane nau'in Sabis ɗin Sananne ana nuna akan Neman Sharhi RFC 1700, kodayake yana iya ɗaukar ƙima tsakanin 0 y 65535.
• Mai ba da sabis ɗin wannan sabis - Target"sauron.mordor.fan.«. Yana ƙayyade da FQDN wanda babu shakka yana gano rundunar wannan yana ba da sabis ɗin da rikodin SRV ya nuna. Nau'in rikodi «A»A cikin yankin suna na kowane FQDN daga saba ko rundunar wanda ke ba da sabis ɗin. Mafi sauki, rikodin iri A a cikin yankin kai tsaye (s).
  • Note:
    Don nuna izini da nuna cewa ba a bayar da sabis ɗin ta rikodin SRV akan wannan rukunin ba, guda ɗaya (.) aya.

Muna so mu maimaita cewa aikin daidai na cibiyar sadarwa ko Active Directory® ya dogara ne akan aikin daidai na Sabis ɗin Sunan Yanki..

Littafin Adireshin DNS mai aiki

Don yin Yankuna na sabon Server na DNS dangane da ɗaure, dole ne mu sami duk bayanan DNS daga Active Directory®. Don sauƙaƙa rayuwa, muna zuwa ƙungiyar sauron.mordor.fan - Littafin Adireshi ® 2008 SR2- kuma a cikin Console na Gudanarwa na DNS mun kunna Canja wurin Yankin - kai tsaye da juyawa - ga manyan yankuna da aka ayyana a cikin irin wannan sabis ɗin, waɗanda sune:

• _msdcs.mordor.fan
• mordor.fan
• 10.10.10.in-adr.arpa

Da zarar an aiwatar da matakin da ya gabata kuma zai fi dacewa daga kwamfutar Linux wacce adireshin IP nata yana cikin kewayon ƙaramin tsarin da Windows Network ke amfani da shi, muna aiwatar da su:

buzz @ sysadmin: ~ $ dig @ @ 10.10.10.3 _msdcs.mordor.fan axfr> dan lokaci /rrs._msdcs.mordor.fan
buzz @ sysadmin: ~ $ dig @ @ 10.10.10.3 mordor.fan axfr> dan lokaci / rrs.mordor.fan
buzz @ sysadmin: ~ $ dig @ @ 10.10.10.3 10.10.10.in-addr.arpa axfr> tsawa / rrs.10.10.10.in-addr.arpa

• Ka tuna daga abubuwan da suka gabata cewa adireshin IP na na'urar sysadmin.desdelinux.fan shine 10.10.10.1 ko 192.168.10.1.

A cikin umarnin guda uku da suka gabata zamu iya kawar da zaɓi @10.10.10.3 -tambayi sabar DNS tare da wannan adireshin- idan muka bayyana a cikin fayil din /etc/resolv.conf zuwa uwar garken IP sauron.mordor.fan:

buzz@sysadmin: ~$ cat /etc/resolv.conf # Neman NetworkManager ne ya ƙirƙira desdelinux.fan nameserver 192.168.10.5 mai suna 10.10.10.3

Bayan gyara tare da tsananin kulawa, kamar yadda ya dace da kowane fayil na yanki a cikin BIND, za mu sami waɗannan bayanan masu zuwa:

RRs ya yi rikodin daga asalin yankin _msdcs.mordor.fan

buzz @ sysadmin: ~ $ cat temp / rrs._msdcs.mordor.fan 
; Dangane da SOA da NS _msdcs.mordor.fan. 3600 A cikin SOA sauron.mordor.fan. masaukin bakin.mordor.fan. 12 900 600 86400 3600 _msdcs.mordor.fan. 3600 A cikin NS sauron.mordor.fan. ; ; GASKIYA CATALOG gc._msdcs.mordor.fan. 600 A CIKIN 10.10.10.3; ; Sunayen suna - a cikin ingantaccen kuma bayanan sirri na LDAP na Littafin Aiki na SAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 A CNAME sauron.mordor.fan. ; ; LDAP da aka gyara da masu zaman kansu na Littafin Adireshin _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS an gyara ta kuma mai zaman kanta daga Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan.

RRs rikodin daga asalin yankin mordor.fan

buzz @ sysadmin: ~ $ cat temp / rrs.mordor.fan 
; Dangane da SOA, NS, MX da A rikodin da yake taswira; Sunan Yanki zuwa IP na SAURON; Abubuwa daga Littafin Adireshin mordor.fan. 3600 A cikin SOA sauron.mordor.fan. masaukin bakin.mordor.fan. 48 900 600 86400 3600 mordor.fan. 600 A Cikin 10.10.10.3 mordor.fan. 3600 A cikin NS sauron.mordor.fan. mordor.fan. 3600 A cikin MX 10 blackelf.mordor.fan. _msdcs.mordor.fan. 3600 A cikin NS sauron.mordor.fan. ; ; Har ila yau mahimmanci A rikodin DomainDnsZones.mordor.fan. 600 A CIKIN 10.10.10.3 ForestDnsZones.mordor.fan. 600 A CIKIN 10.10.10.3; ; GASKIYA CATALOG _gc._tcp.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. ; ; LDAP da aka gyara da masu zaman kansu na Littafin Aiki mai aiki _ldap._tcp.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS da aka gyara da masu zaman kansu daga Littafin aiki _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _karkashin__tcp.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kamarwa._tcp.mordor.fan. 600 IN SRV 0 100 464 sauron.mordor.fan. _kabarin._udp.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. 600 IN SRV 0 100 464 sauron.mordor.fan. ; ; Rikodi tare da kafaffen IPs -> sabobin Blackelf.mordor.fan. 3600 A Cikin 10.10.10.9 blackspider.mordor.fan. 3600 A Cikin 10.10.10.10 mai duhu.mordor.fan. 3600 A CIKIN 10.10.10.6 mamba.mordor.fan. 3600 A Cikin 10.10.10.4 palantir.mordor.fan. 3600 A Cikin 10.10.10.11 sauron.mordor.fan. 3600 A Cikin 10.10.10.3 shadowftp.mordor.fan. 3600 A Cikin 10.10.10.8 troll.mordor.fan. 3600 A CIKIN 10.10.10.7; ; CNAME yayi ad -dc.mordor.fan. 3600 A CNAME sauron.mordor.fan. blog.mordor.fan. 3600 A CNAME troll.mordor.fan. fileverver.mordor.fan. 3600 A CNAME mamba.mordor.fan. sabarina.mordor.fan. 3600 A CNAME shadowftp.mordor.fan. wasiku.mordor.fan. 3600 IN CNAME balckelf.mordor.fan. budewa.mordor.fan. 3600 A CNAME palantir.mordor.fan. wakili.mordor.fan. 3600 A CNAME darklord.mordor.fan. www.mordor.fan. 3600 A CNAME blackspider.mordor.fan.

RRs ya yi rikodin daga asalin yankin 10.10.10.in-addr.arpa

buzz @ sysadmin: ~ $ cat temp / rrs.10.10.10.in-addr.arpa 
; Dangane da SOA da NS 10.10.10.in-addr.arpa. 3600 A cikin SOA sauron.mordor.fan. masaukin bakin.mordor.fan. 21 900 600 86400 3600 10.10.10.in-addr.arpa. 3600 A cikin NS sauron.mordor.fan. ; ; PTR ya yi rikodin 10.10.10.10.in-addr.arpa. 3600 A cikin PTR blackspider.mordor.fan. 11.10.10.10.in-addr.arpa. 3600 A cikin PTR palantir.mordor.fan. 3.10.10.10.in-addr.arpa. 3600 A cikin PTR sauron.mordor.fan. 4.10.10.10.in-addr.arpa. 3600 IN PTR mamba.mordor.fan. 5.10.10.10.in-addr.arpa. 3600 A cikin PTR dnslinux.mordor.fan. 6.10.10.10.in-addr.arpa. 3600 A cikin PTR mai duhun dare.mordor.fan. 7.10.10.10.in-addr.arpa. 3600 A cikin PTR troll.mordor.fan. 8.10.10.10.in-addr.arpa. 3600 A cikin PTR shadowftp.mordor.fan. 9.10.10.10.in-addr.arpa. 3600 A cikin PTR blackelf.mordor.fan.

Har zuwa wannan lokacin zamu iya tunanin cewa muna da bayanan da suka dace don ci gaba a cikin kasada, ba tare da fara lura da Farashin TTL da sauran bayanan da ke taƙaitacciyar hanyar fitarwa da lura kai tsaye na DNS na Microsft® Active Directory® 2008 SR2 64 ragowa suna ba mu.

Hotunan Manajan DNS a cikin SAURON

Nsungiyar Dnslinux.mordor.fan.

Idan muka duba sosai, zuwa ga adireshin IP 10.10.10.5 babu wani suna da aka sanya masa daidai yadda za a shagaltar dashi da sunan sabon DNS dnslinux.mordor.fan. Don shigar da DNS da DHCP biyu za mu iya jagorantar abubuwan DNS da DHCP a cikin Debian 8 "Jessie" y DNS da DHCP akan CentOS 7.

Tsarin aiki na tushe

Aboki na FuegianBaya ga kasancewa ƙwararren masani na gaske a Microsoft® Windows - yana da wasu Takaddun shaida da waccan kamfanin suka bayar - ya karanta kuma ya aiwatar da wasu labaran kan tebur ɗin da aka buga a DesdeLinux., Kuma ya gaya mani cewa yana son mafita daga tushen Debian. 😉

Don faranta maka rai, zamu fara da sabo, tsabtace shigarwar sabar bisa Debian 8 "Jessie". Koyaya, abin da zamu rubuta na gaba yana da inganci ga CentOS da OpenSUSE rarrabawa waɗanda muka ambata labarinsu a baya. INulla da DHCP iri ɗaya ne a kan duk wani ɓoye. Areananan bambance-bambancen ana gabatar da su ta hanyar masu riƙe da kunshin a cikin kowane rarrabawa.

Zamuyi shigarwar kamar yadda aka nuna a ciki DNS da DHCP a cikin Debian 8 "Jessie", kulawa don amfani da IP 10.10.10.5 da kuma hanyar sadarwa 10.10.10.0/24., Tun kafin a daidaita BIND.

Mun saita BIND a cikin salon Debian

/etc/bind/named.conf

Fayil /etc/bind/named.conf mun barshi kamar yadda aka girka shi.

/etc/bind/named.conf.options

Fayil /etc/bind/named.conf.options ya kamata a bar shi tare da abun ciki mai zuwa:

tushen @ dnslinux: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

tushen @ dnslinux: ~ # nano /etc/bind/named.conf.options
za optionsu {{ukan {directory "/ var / cache / bind"; // Idan akwai Tacewar zaɓi tsakanin ku da sunayen masu son da kuke so // kuyi magana da su, kuna iya buƙatar gyaran katangar don ba da dama // mashigai suyi magana. Duba http://www.kb.cert.org/vuls/id/800113 // Idan ISP naka ya ba da adireshin IP ɗaya ko fiye don masu karko // masu amfani da suna, mai yiwuwa kana son amfani da su azaman masu turawa. // Ba da bayani game da toshe mai zuwa, sa'annan shigar da adiresoshin maye gurbin // mai wurin-0 duka. // masu gabatarwa {// 0.0.0.0; //}; // ============================================== = ===================== $ // Idan BIND ya sanya kuskuren sakonni game da tushen mabudin da ya kare, // zaka bukaci sabunta makullinka Duba https://www.isc.org/bind-keys // ================================== ================================= $ $

    // Ba mu son DNSSEC
        dnssec-ba damar;
        //dnssec-validation auto;

        auth-nxdomain babu; # yi dace da RFC1035

 // Ba mu buƙatar sauraron adiresoshin IPv6
        // saurara-on-v6 {kowane; };
    saurare-kan-v6 {babu; };

 // Don dubawa daga localhost da sysadmin
    // ta // tono mordor.fan axfr // ton 10.10.10.in-addr.arpa axfr // dig _msdcs.mordor.fan axfr // Ba mu da Bawan DNS ... har zuwa yanzu
 Bada damar-canja wurin {localhost; 10.10.10.1; };
};

// Shiga cikin AURE
shiga {

        tambayoyin tashar {
        fayil "/var/log/named/queries.log" iri 3 girman 1m;
        tsananin bayani;
        Buga-lokaci a;
        bugu-mai tsananin Ee;
        Buga-rukuni a;
        };

        kuskuren tambaya -
        fayil "/var/log/named/query-error.log" iri 3 girman 1m;
        tsananin bayani;
        Buga-lokaci a;
        bugu-mai tsananin Ee;
        Buga-rukuni a;
        };

                                
Tambayoyin rukuni {
         tambayoyi;
         };

Matakan tambaya-aji {
         kuskuren tambaya;
         };

};

• Mun gabatar da kama na BIND rajistan ayyukan a matsayin TARIHI bayyana a cikin jerin labaran kan batun. Muna kirkiro lbabban fayil da fayilolin da ake buƙata don shiga na BIND:

tushen @ dnslinux: ~ # mkdir / var / log / mai suna
tushen @ dnslinux: ~ # touch /var/log/named/queries.log
tushen @ dnslinux: ~ # touch /var/log/named/query-error.log
root @ dnslinux: ~ # chown -R daura: daura / var / log / mai suna

Muna bincika tsarin aiwatar da fayilolin da aka tsara

tushen @ dnslinux: ~ # mai suna-checkconf 
tushen @ dnslinux: ~ #

/etc/bind/named.conf.local

Mun ƙirƙiri fayil ɗin /etc/bind/zones.rfcFreeBSD tare da abun ciki kamar yadda aka nuna a ciki DNS da DHCP a cikin Debian 8 "Jessie".

tushen @ dnslinux: ~ # nano /etc/bind/zones.rfcFreeBSD

Fayil /etc/bind/named.conf.local ya kamata a bar shi tare da abun ciki mai zuwa:

// // Yi kowane tsari na gida a nan // // Yi la'akari da ƙara yankunan 1918 a nan, idan ba a amfani da su a cikin ƙungiyar ku //
hada da "/etc/bind/zones.rfc1918"; hada da "/etc/bind/zones.rfcFreeBSD";

yankin "mordor.fan" {type master; fayil "/var/lib/bind/db.mordor.fan"; }; yankin "10.10.10.in-addr.arpa" {type master; fayil "/var/lib/bind/db.10.10.10.in-addr.arpa"; };

yankin "_msdcs.mordor.fan" {type master;
 rajista-sunaye watsi; fayil "/etc/bind/db._msdcs.mordor.fan"; }; tushen @ dnslinux: ~ # mai suna-checkconf
tushen @ dnslinux: ~ #

Shiyyar fayil mordor.fan

tushen @ dnslinux: ~ # nano /var/lib/bind/db.mordor.fan
$ TTL 3H @ A SOA dnslinux.mordor.fan. root.dnslinux.mordor.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa;
; KU KIYAYE TARE DA WADANNAN RIKodin
@ IN NS dnslinux.mordor.fan.
@ A CIKIN 10.10.10.5
@ IN MX 10 bakano.mordor.fan. @ IN TXT "Wellcome to The Dark Lan of Mordor";
_msdcs.mordor.fan. A cikin NS dnslinux.mordor.fan.
;
dnslinux.mordor.fan. A CIKIN 10.10.10.5
; KA KARSHE SOSAI SOSAI TARE DA BAYANAN bayanan;
DomainDnsZones.mordor.fan. A CIKIN 10.10.10.3 ForestDnsZones.mordor.fan. A CIKIN 10.10.10.3; ; LABARAN GASKIYA _gc._tcp.mordor.fan. 600 IN SRV 0 0 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 3268 sauron.mordor.fan. ; ; LDAP da aka gyara da kuma keɓaɓɓun LDAP na Littafin Aiki mai aiki _ldap._tcp.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. ; ; KERBEROS da aka gyara da kuma masu zaman kansu na Kundin Adireshin aiki _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _karkashin__tcp.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _kamarda._tcp.mordor.fan. 600 IN SRV 0 0 464 sauron.mordor.fan. _kerberos._udp.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. 600 IN SRV 0 0 464 sauron.mordor.fan. ; ; Rikodi na A tare da tsayayyen IP -> Servers blackelf.mordor.fan. A CIKIN 10.10.10.9 blackspider.mordor.fan. A CIKIN 10.10.10.10 mai duhu.mordor.fan. A CIKIN 10.10.10.6 mamba.mordor.fan. A CIKIN 10.10.10.4 palantir.mordor.fan. A CIKIN 10.10.10.11
sauron.mordor.fan. A CIKIN 10.10.10.3
shadowftp.mordor.fan. A CIKIN 10.10.10.8 troll.mordor.fan. A CIKIN 10.10.10.7; ; CNAME yayi ad-dc.mordor.fan. A CNAME sauron.mordor.fan. blog.mordor.fan. A CNAME troll.mordor.fan. fayelsajan.mordor.fan. A CNAME mamba.mordor.fan. sabarina.mordor.fan. A CNAME shadowftp.mordor.fan. wasiku.mordor.fan. CIKIN CNAME balckelf.mordor.fan. budewa.mordor.fan. A CNAME palantir.mordor.fan. wakili.mordor.fan. A CNAME darklord.mordor.fan. www.mordor.fan. A CNAME blackspider.mordor.fan.

tushen @ dnslinux: ~ # mai suna-dubazone mordor.fan /var/lib/bind/db.mordor.fan 
zone mordor.fan/IN: wanda aka loda a cikin salo 1 Yayi

Lokutan Bayani na TTL600 na duk rijistar SRV zamu kiyaye su idan muka sanya BIND BAYA a cikin lokaci mai zuwa. Waɗannan bayanan suna wakiltar ayyukan Directory® waɗanda galibi suna karanta bayanai daga bayanan LDAP ɗinka. Kamar yadda wannan rumbun adana bayanan ke canzawa akai-akai, dole ne a sanya lokutan daidaitawa gajere, a cikin tsarin Jagora - Slave DNS. Dangane da falsafar Microsoft da aka lura daga Littafin Mai Aiki 2000 zuwa 2008, ana kiyaye darajar 600 don waɗannan nau'ikan bayanan SRV.

da Farashin TTL na sabobin tare da tsayayyen IP, suna ƙarƙashin lokacin ayyanawa a cikin SOA na awanni 3.

Fayil na Yanki 10.10.10.in-addr.arpa

tushen @ dnslinux: ~ # nano /var/lib/bind/db.10.10.10.in-addr.arpa
$ TTL 3H @ A SOA dnslinux.mordor.fan. root.dnslinux.mordor.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa; @ IN NS dnslinux.mordor.fan. ; 10 A cikin PTR blackspider.mordor.fan. 11 A PTR palantir.mordor.fan. 3 IN PTR sauron.mordor.fan. 4 IN PTR mamba.mordor.fan. 5 A PTR dnslinux.mordor.fan. 6 IN PTR mai duhu.mordor.fan. 7 A cikin PTR troll.mordor.fan. 8 A cikin PTR shadowftp.mordor.fan. 9 CIKIN PTR bakayi.mordor.fan.

tushen @ dnslinux: ~ # mai suna-bincika yankin 10.10.10.in-addr.arpa /var/lib/bind/db.10.10.10.in-addr.arpa 
yankin 10.10.10.in-addr.arpa/IN: adana serial 1 Yayi

Fayil na Yanki _msdcs.mordor.fan

Bari muyi la'akari da abin da aka bada shawara a cikin fayil ɗin /usr/share/doc/bind9/README.Debian.gz Game da wurin fayel na Babbar Jagoran Yankuna waɗanda ba a ƙaddamar da sabuntawa ta DHCP ba.

tushen @ dnslinux: ~ # nano /etc/bind/db._msdcs.mordor.fan
$ TTL 3H @ A SOA dnslinux.mordor.fan. root.dnslinux.mordor.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa; @ IN NS dnslinux.mordor.fan. ; ; ; GASKIYA CATALOG gc._msdcs.mordor.fan. 600 A CIKIN 10.10.10.3; ; Sunaye - a cikin ingantaccen kuma bayanan sirri na LDAP na Littafin Aiki na SAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 A CNAME sauron.mordor.fan. ; ; LDAP da aka gyara da kuma masu zaman kansu LDAP na Littafin aiki _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS an gyara ta kuma mai zaman kanta daga Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan.

Muna bincika tsarin aiwatarwa kuma zamu iya watsi da kuskuren da ya dawo, tunda a cikin daidaitawar wannan Yankin a cikin fayil ɗin /etc/bind/named.conf.local mun hada da bayani rajista-sunaye watsi;. Yankin za'a daura shi daidai ta BIND.

root @ dnslinux: ~ # mai suna-cakakkun jerin suna _msdcs.mordor.fan /etc/bind/db._msdcs.mordor.fan 
/etc/bind/db._msdcs.mordor.fan:14: gc._msdcs.mordor.fan: sunan mai kyau mara kyau (rajistan-sunaye) yankin _msdcs.mordor.fan/IN: wanda aka loda a cikin 1 Ok

root @ dnslinux: ~ # systemctl sake farawa bind9.service 
tushen @ dnslinux: ~ # systemctl status bind9.service 
Bind9.service - BIND Domain Name Server Loaded: ɗora Kwatancen (/lib/systemd/system/bind9.service; kunna) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ mai suna.conf Aiki: aiki (gudu) tun Rana 2017-02-12 08:48:38 EST; 2s da suka gabata Docs: mutum: mai suna (8) Tsarin aiki: 859 ExecStop = / usr / sbin / rndc tasha (lambar = fita, hali = 0 / SUCCESS) Babban PID: 864 (mai suna) CGroup: /system.slice/bind9.service └─864 / usr / sbin / mai suna -f -u ɗaura Feb 12 08:48:38 dnslinux mai suna [864]: zone 3.efip6.arpa/IN: serial load 1 Feb 12 08:48:38 dnslinux mai suna [864 ]: zone befip6.arpa/IN: serial load 1 Feb 12 08:48:38 dnslinux mai suna [864]: zone 0.efip6.arpa/IN: serial dalla 1 Feb 12 08:48:38 dnslinux mai suna [864]: shiyyar 7.efip6.arpa/IN: wanda aka loda a cikin 1 Feb 12 08:48:38 dnslinux mai suna [864]: zone mordor.fan/IN: wanda aka sanyawa 1 Feb 12 08:48:38 dnslinux mai suna [864]: misalin yanki .org / IN: wanda aka loda serial 1 Feb 12 08:48:38 dnslinux mai suna [864]: zone _msdcs.mordor.fan/IN: adreshin da aka loda 1 Feb 12 08:48:38 dnslinux mai suna [864]: yankin mara inganci / IN : load serial 1 Feb 12 08:48:38 dnslinux mai suna [864]: duk yankuna an loda
Feb 12 08:48:38 dnslinux mai suna [864]: Gudun

Muna tuntuɓar BIND

Kafin Bayan mun girka DHCP, dole ne mu gudanar da jerin cak wanda ya haɗa har da haɗo da abokin cinikin Windows 7 zuwa yankin mordor.fan wakiltar Active Directory da aka sanya akan kwamfutar sauron.mordor.fan.

Abu na farko da yakamata muyi shine dakatar da sabis ɗin DNS akan kwamfutar sauron.mordor.fan, kuma ku bayyana a cikin hanyar sadarwar ku cewa daga yanzu sabar DNS ɗinku zata kasance 10.10.10.5 dnslinux.mordor.fan.

A cikin wasan bidiyo na sabar kanta sauron.mordor.fan muna aiwatarwa:

Microsoft Windows [Shafin 6.1.7600]
Hakkin mallaka (c) Kamfanin Microsoft na 2009. Duk haƙƙoƙi.

C: \ Masu amfani \ Administrator> nslookup
Tsoffin Uwar Garke: dnslinux.mordor.fan Adireshin: 10.10.10.5

> gc._msdcs
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 Sunan: gc._msdcs.mordor.fan Adireshin: 10.10.10.3

> mordor.fan
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 Sunan: mordor.fan Adireshin: 10.10.10.3

> 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 Suna: sauron.mordor.fan Adireshin: 10.10.10.3 Sunaye: 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan

> saitin nau'in = SRV
> _kerberos._tcp.Default-Na farko-Site-Sunan._sites.dc._msdcs
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan SRV sabis kankara wuri: fifiko = 0 nauyi = tashar 100 = 88 svr sunan mai masauki = sauron.mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan adireshin intanet = 10.10.10.3 dnslinux.mordor.fan adireshin intanet = 10.10.10.5
> _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan SRV wurin sabis: fifiko = 0 nauyi = tashar 100 = 389 svr sunan mai masauki = sauron .mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan adireshin intanet = 10.10.10.3 dnslinux.mordor.fan adireshin intanet = 10.10.10.5
> fita

C: \ Masu amfani \ Administrator>

Tambayoyin DNS da aka yi daga sauron.mordor.fan suna gamsarwa.

Mataki na gaba zai kasance don ƙirƙirar wani inji mai kama da Windows 7 da aka girka. Kamar yadda har yanzu ba mu sanya sabis na DHCP ba, za mu ba kwamfutar da sunan «win7»Adireshin IP 10.10.10.251. Mun kuma bayyana cewa sabar DNS ɗinka za ta kasance 10.10.10.5 dnslinux.mordor.fan, da kuma cewa yankin bincike zai kasance mordor.fan. Ba za mu yi rajistar wannan kwamfutar a cikin DNS ba saboda za mu kuma yi amfani da ita don gwada sabis ɗin DHCP bayan mun girka ta.

Nan gaba zamu bude kayan wasan bidiyo CMD kuma a ciki muke aiwatarwa:

Microsoft Windows [Shafin 6.1.7601]
Hakkin mallaka (c) Kamfanin Microsoft na 2009. Duk haƙƙoƙi.

C: \ Masu amfani \ buzz> nslookup
Tsoffin Uwar Garke: dnslinux.mordor.fan Adireshin: 10.10.10.5

> mordor.fan
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 Sunan: mordor.fan Adireshin: 10.10.10.3

> saitin nau'in = SRV
> _ldap._tcp.DomainDnsZones
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 _ldap._tcp.DomainDnsZones.mordor.fan SRV wurin sabis: fifiko = 0 nauyi = 0 tashar jiragen ruwa = 389 svr sunan mai masauki = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor .fan sauron.mordor.fan adireshin intanet = 10.10.10.3 dnslinux.mordor.fan adireshin intanet = 10.10.10.5
> _kpasswd._pire
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 _kpasswd._udp.mordor.fan Wurin sabis na SRV: fifiko = 0 nauyi = 0 tashar jiragen ruwa = 464 svr sunan mai masauki = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan adreshin intanet = 10.10.10.3 dnslinux.mordor.fan adreshin intanet = 10.10.10.5
> _ldap._tcp.Default-Na farko-Site-Sunan._sites.ForestDnsZones
Adireshin: dnslinux.mordor.fan Adireshin: 10.10.10.5 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan SRV sabis kankara wuri: fifiko = 0 nauyi = 0 tashar jiragen ruwa = 389 svr sunan mai masauki = sauron. mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan adireshin intanet = 10.10.10.3 dnslinux.mordor.fan adireshin intanet = 10.10.10.5
> fita

C: \ Masu amfani \ buzz>

Tambayoyin DNS da aka yi daga abokin ciniki «win7»Sun kasance masu gamsarwa.

A cikin Littafin Adireshi mun ƙirƙiri mai amfani «saruman«, Tare da manufar amfani da shi lokacin shiga abokin ciniki win7 zuwa yankin mordor.fan,, ta amfani da hanyar «ID na hanyar sadarwa«, Amfani da sunayen masu amfani saruman@mordor.fan y mai gudanarwa@mordor.fan. Haɗin ya kasance cikin nasara kuma an tabbatar dashi ta hanyar hotunan mai zuwa:

Game da Dynamic Updates a cikin Microsoft® DNS da kuma a BIND

Kamar yadda muke da sabis ɗin DNS ya tsaya a cikin Littafin Adireshin® ba zai yiwu ga abokin ciniki ba «win7»Yi rijistar sunanka da adireshin IP a cikin wannan DNS ɗin. Mafi yawa a ciki dnslinux.mordor.fan tunda bamuyi wani bayani ba ba da izini ga kowane yanki.

Kuma anan ne aka sami kyakkyawar faɗa tare da abokina Fuegian. A cikin imel na farko game da wannan yanayin na yi sharhi:

• Labaran Microsoft kan amfani da BIND da Active Directory® sun ba da shawarar cewa, musamman Direct Zone, ana ba da izinin sabuntawa -shiga ciki- kai tsaye ta abokan cinikin Windows waɗanda suka riga sun shiga yankin yankin Littafin Aiki.
• Wannan shine dalilin da ya sa, ta hanyar tsoho, a cikin yankuna na DNS na Adireshin Ayyuka ® Amintaccen ynamaukaka Updaukakawa. ta abokan cinikin Windows sun riga sun shiga yankin yankin Littafin Aiki. Idan basu kasance masu hadin kai ba, to suna kaucewa sakamakon.
• DNS na Littafin Adireshin Mai aiki yana tallafawa ingantattun bayanai "Amintacce ne kawai", "Ba a amsa ba kuma amintacce ne", ko "Babu" wanda yake daidai da faɗin BA Sabuntawa ko Babu.
• Ee, da gaske Falsafar Microsoft ba ta yarda cewa kwastomomin ta ba za su sabunta bayanan su a cikin DNS (s) ɗin su ba, ba zai bar buɗe hanyar yiwuwar dakatar da sabunta abubuwa a cikin DNS (s) ɗin su ba, sai dai idan wannan zaɓi za'a bar shi don ƙarin ɓoyayyun dalilai.
• Microsoft yana ba da "Tsaro" don musayar Duhu, kamar yadda abokin aiki kuma aboki wanda ya wuce kwasa-kwasan Takaddun shaida na Microsft® ya fada min. Gaskiya. Bugu da kari, El Fueguino ya tabbatar min da shi.
• Abokin ciniki wanda ya samo adireshin IP ta hanyar DHCP wanda aka sanya a kan UNIX® / Linux misali, ba zai iya warware adireshin IP ɗin sunansa ba har sai an haɗa ku zuwa yankin Littafin Aiki, in dai Microsoft® ko BIND ana amfani dasu azaman DNS ba tare da DHCP sun sabunta abubuwa ba.
• Idan na girka DHCP a cikin Active Directory® da kanta, to dole ne in bayyana cewa Microsoft updated DHCP ne ya sabunta Zones ɗin.
• Idan za mu yi amfani da BIND a matsayin DNS don hanyar sadarwar Windows, yana da ma'ana kuma an ba da shawarar mu girka BIND-DHCP duo, tare da ƙarshen sabunta BIND kuma batun ya ƙare.
• A cikin duniyar cibiyoyin sadarwar LAN akan UNIX® / Linux, tunda tun da aka ƙirƙiri ɗaukakawa akan DADI, Mista DHCP ne kawai aka yarda «shiga»Zuwa ga Uwargida BIND tare da abubuwanda ta sabunta. Hutun da yake tare da tsari, don Allah.
• Lokacin da na bayyana a yankin mordor.fan misali: ba da izini-sabunta {10.10.10.0/24; };, Daure kansa yana sanar da ni lokacin farawa ko sake farawa da shi cewa:

  • zone 'mordor.fan' yana ba da damar sabuntawa ta adireshin IP, wanda ba shi da tsaro

• A cikin duniyar UNIX® / Linux mai mahimmanci, irin wannan wayewar tare da DNS ba za a yarda da shi ba.

Kuna iya tunanin sauran musayar tare da abokina Fuegian mediante e-wasiku, Sakon Telegram, kiran tarho da ya biya (tabbas mutum, bani da kilo saboda hakan), har ma da sakonni ta hanyar tattabarai masu daukar kaya a cikin karni na XXI!

Har ma ya yi barazanar ba zai aiko min da wani dabba daga gidansa ba, Iguana nasa «Petra»Cewa yayi min alƙawari a matsayin ɓangare na biya. Can na ji tsoro sosai. Don haka na sake farawa, amma daga wata kusurwa.

• "Kusan" Littafin Adireshin da za'a iya cimmawa tare da Samba 4, ya warware wannan yanayin ta hanyar da ta dace, duka lokacin da muke amfani da DNS dinta, ko kuma BIND da aka tattara don tallafawa yankuna DLZ - Yankunan Dinamyc da Aka Yi lodi, ko Yankunan da Aka ynamora Kwatancen.
• Yana ci gaba da wahala daga wannan: lokacin da abokin ciniki ya sami adireshin IP ta hanyar DHCP da aka sanya a ciki wasu UNIX® / Linux inji, ba za ku iya warware adireshin IP na sunanku ba har sai an haɗa shi zuwa yankin Samba 4 AD-DC.
• Haɗa BIND-DLZ da DHCP duo akan injin ɗaya inda AD-DC Samba 4 aiki ne don ƙwararren masani.

Fuegian Ya kira ni zuwa babi kuma ya daka mini tsawa: BAMU magana game da shi AD-DC Samba 4, amma Microsoft® Active Directory®!. Kuma cikin tawali'u na amsa cewa na yi farin ciki da ɓangare na waɗannan labaran da zan rubuta.

Wannan shine lokacin da na gaya masa cewa yanke shawara na ƙarshe game da sabuntawa mai sauƙi ga kwamfutocin kwastomomi a kan hanyar sadarwar sa an bar shi ga zaɓinsa na kyauta. Cewa zan ba shi kawai tip rubuta kafin game ba da izini-sabunta {10.10.10.0/24; };, kuma babu komai. Cewa ban da alhakin abin da ya haifar da wannan lalata da kowane Windows abokin ciniki - ko Linux- a cikin hanyar sadarwa «zai ratsa»Tare da hukunta BIND.

Idan ka sani, abokina, Mai karatu cewa wannan shine ƙarshen fadan, ba za ka yarda da shi ba. Aboki na Fuegian ya yarda da mafita - kuma zai turo min iguana «petrika«- cewa yanzu na raba tare da ku.

Mun girka kuma mun saita DHCP

Don ƙarin bayani karanta DNS da DHCP a cikin Debian 8 "Jessie".

root @ dnslinux: ~ # ƙwarewar shigar da isc-dhcp-uwar garke

root @ dnslinux: ~ # nano / etc / default / isc-dhcp-server .... # A waɗanne wurare ne yakamata ya kamata uwar garken DHCP (dhcpd) su yi aiki da buƙatun DHCP? # Raba maɓalloli da yawa tare da sarari, misali "eth0 eth1". INTERFACES = "eth0" tushen @ dnslinux: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n MAI AMFANI dhcp-key
Kdhcp-key. + 157 + 29836

tushen @ dnslinux: ~ # cat Kdhcp-key. +157 + 29836. keɓaɓɓu
Tsarin maɓallin keɓaɓɓe: v1.3 Algorithm: 157 (HMAC_MD5) Maɓalli: 3HT / bg / 6YwezUShKYofj5g == Bits: AAA = edirƙira: 20170212205030 Buga: 20170212205030 Kunna: 20170212205030

tushen @ dnslinux: ~ # nano dhcp.key
maballin dhcp-key {algorithm hmac-md5; sirrin "3HT / bg / 6YwezUShKYofj5g =="; };

tushen @ dnslinux: ~ # kafa -o tushen -g daura -m 0640 dhcp.key /etc/bind/dhcp.key
tushen @ dnslinux: ~ # kafa -o tushen -g tushen -m 0640 dhcp.key /etc/dhcp/dhcp.key

tushen @ dnslinux: ~ # nano /etc/bind/named.conf.local
// // Yi kowane tsarin gida a nan // // Yi la'akari da ƙara yankunan 1918 a nan, idan ba a amfani da su a cikin ƙungiyar ku ta // sun haɗa da "/etc/bind/zones.rfc1918"; hada da "/etc/bind/zones.rfcFreeBSD";
// Kar ku manta ... Na manta kuma na biya da kuskure. ;-)
hada da "/etc/bind/dhcp.key";


yankin "mordor.fan" {type master;
        ba da izini-sabunta {10.10.10.3; madannin dhcp-key; };
        fayil "/var/lib/bind/db.mordor.fan"; }; yankin "10.10.10.in-addr.arpa" {type master;
        ba da izini-sabunta {10.10.10.3; madannin dhcp-key; };
        fayil "/var/lib/bind/db.10.10.10.in-addr.arpa"; }; yankin "_msdcs.mordor.fan" {type master; rajista-sunaye watsi; fayil "/etc/bind/db._msdcs.mordor.fan"; };

tushen @ dnslinux: ~ # mai suna-checkconf 
tushen @ dnslinux: ~ #

tushen @ dnslinux: ~ # nano /etc/dhcp/dhcpd.conf
ddns-sabunta-salo na wucin gadi; ddns-sabuntawa kan; ddns-sunan yankin "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; watsi da sabuntawar abokin ciniki; iko; zabin ip-isar da kashe; zabin sunan yankin "mordor.fan"; hada da "/etc/dhcp/dhcp.key"; yankin mordor.fan. {firamare 127.0.0.1; madannin dhcp-key; } yankin 10.10.10.in-addr.arpa. {firamare 127.0.0.1; madannin dhcp-key; } raba-hanyar sadarwar redlocal {subnet 10.10.10.0 netmask 255.255.255.0 {zaɓi magudanar 10.10.10.1; Zaɓin subnet-mask 255.255.255.0; zaɓi watsa-adireshin 10.10.10.255; zaɓi yankin-suna-sabobin 10.10.10.5; zaɓi netbios-sunan-sabobin 10.10.10.5; zangon 10.10.10.30 10.10.10.250; }} # KARSHEN dhcpd.conf

tushen @ dnslinux: ~ # dhcpd -t
Kamfanin Intanet na Kamfanin Intanet DHCP Server 4.3.1 Hakkin mallaka 2004-2014 Consortium na Tsarin Intanet. Duk haƙƙoƙi. Don bayani, da fatan za a ziyarci https://www.isc.org/software/dhcp/ Sanya fayil: /etc/dhcp/dhcpd.conf Fayil Database: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

root @ dnslinux: ~ # systemctl sake farawa bind9.service 
tushen @ dnslinux: ~ # systemctl status bind9.service 

tushen @ dnslinux: ~ # systemctl farawa isc-dhcp-server.service
tushen @ dnslinux: ~ # systemctl status isc-dhcp-server.service

Abin da yake da alaƙa da Duba tare da abokan cinikida Gyaran hannu na fayilolin Zone, Mun bar shi a gare ka, mai karatu aboki, don karanta shi kai tsaye daga DNS da DHCP a cikin Debian 8 "Jessie", da kuma amfani da shi zuwa ainihin yanayinku. Mun gudanar da dukkannin binciken da ake bukata kuma mun samu gamsassun sakamako. Tabbas mun aika kwafin su duka zuwa Fuegian. Ba za a ƙara ba!

Tips

Janar

• Samun kyakkyawan haƙuri kafin farawa.
  
• Da farko shigar da saita BIND. Bincika komai ku ga duk bayanan da kuka bayyana a cikin kowane fayil na uku -or more- yankuna, duka daga Active Directory da kuma daga sabar DNS kanta akan Linux. Idan za ta yiwu, daga injin Linux wanda ba a haɗa shi zuwa yankin ba, yi tambayoyin DNS ɗin da ake buƙata zuwa BIND.
  
• Shiga abokin cinikin Windows tare da kafaffen adireshin IP zuwa yankin da yake, kuma sake bincika duk saitunan BIND daga abokin Windows ɗin.
• Bayan kun tabbatar tabbas tsarin sabon BIND ɗinsa daidai yake, kuskura don girka, saitawa, da fara sabis ɗin DHCP.
• Idan akwai kuskure, maimaita dukkan aikin daga sifilin 0.
• Yi hankali da kwafin & liƙa! da sauran wuraren da suka rage a kowane layi na fayilolin suna.conf.xxxx
  
• Bayan haka, bai yi gunaguni ba - ya rage wa abokina Fuegian - cewa ba a ba shi shawara yadda ya kamata.

Sauran tukwici

• Raba kuma ku ci nasara.
• A cikin hanyar sadarwar SME ya fi aminci da fa'ida don girka BIND mai izini don Yankunan LAN na Cikin gida waɗanda ba sa komawa ga kowane sabar tushen: sake komawa baya ba;.
• A cikin hanyar sadarwar SME wanda ke ƙarƙashin Mai ba da Intanet - ISP, wataƙila ayyukan Proxy y SMTP suna buƙatar warware sunayen yanki akan Intanet. Ya squid kuna da zaɓi na bayyana DNS ɗinku na waje ko a'a, yayin kan sabar wasiku bisa Postfix o Rariya Hakanan zamu iya bayyana saitunan DNS ɗin da za mu yi amfani da su a cikin wannan sabis ɗin. A lamuran irin wannan, ma'ana, shari'o'in da basa ba da sabis na Intanet kuma waɗanda ke ƙarƙashin a Mai ba da sabis na Intanet, zaka iya shigar da BIND da Masu turawa yana nuni zuwa ga DNS na ISP, kuma bayyana shi azaman DNS na biyu a cikin sabobin da ke buƙatar warware tambayoyin waje zuwa LAN, in ba haka ba yana yiwuwa a bayyana su ta hanyar fayilolin sanyi nasu.
• Idan kana da Yankin da aka Saka a ƙarƙashin dukkan nauyinkaSai wani zakara yayi cara:
  • Shigar da sabar DNS bisa N.S.D., wanda shine sabar DNS mai amfani ta hanyar ma'ana, wanda ke amsa tambayoyin daga kwakwalwa akan Intanet. Don wasu bayanai nuna gwaninta nsd. Da fatan za a kiyaye shi sosai da ganuwar wuta kamar yadda ya cancanta. Dukansu kayan aiki da software. Zai zama DNS don Intanet, kuma wannan «fuska»Dole ne mu ba shi da ƙananan wando. 😉
  • Kamar yadda ban taɓa ganin kaina a cikin irin wannan shari'ar ba, ma'ana, ke da cikakken alhakin Yankin da aka ,aukata, Dole ne in yi tunani sosai game da abin da zan ba da shawara don warware sunayen yanki na waje zuwa LAN ɗinmu don ayyukan da suke buƙata. Abokan Sadarwar SME ba sa buƙatarsa ​​da gaske. Tuntuɓi littattafan adabi na musamman, ko gwani a cikin waɗannan fannoni, saboda ban yi nisa da kasancewa ɗayansu ba. Da gaske.
  • Babu sake dawowa a kan sabar masu izini. Lafiya? Idan har wani ya faru da shi tare da AURE.
• Kodayake mun bayyana takamaiman fayil ɗin /etc/dhcp/dhcpd.conf sanarwar watsi da sabuntawar abokin ciniki;, idan muna gudu a kan na'ura mai kwakwalwa dnslinux.mordor.fan da oda mujallar -f, Za mu ga cewa lokacin fara abokin ciniki nasara7.morrfan.fan muna samun sakonnin kuskure masu zuwa:

  • Feb 12 16:55:41 dnslinux mai suna [900]: abokin ciniki 10.10.10.30 # 58762: sabunta 'mordor.fan/IN' ya musanta
    Feb 12 16:55:42 dnslinux mai suna [900]: abokin ciniki 10.10.10.30 # 49763: sabunta 'mordor.fan/IN' ya musanta
    Feb 12 16:56:23 dnslinux mai suna [900]: abokin ciniki 10.10.10.30 # 63161: sabunta 'mordor.fan/IN' ya musanta
    

  • Don kawar da waɗannan saƙonnin, dole ne mu je zuwa zaɓuɓɓukan ci gaba na ƙirar katin sadarwar kuma cire alamar zaɓi «Yi rijistar adiresoshin wannan haɗin a cikin DNS«. Wannan zai hana abokin ciniki yin ƙoƙarin yin rajistar kansa a cikin Linux DNS har abada kuma matsalar ta ƙare. Yi haƙuri, amma bani da kwafin Windows 7 a cikin Spanish. 😉
• Don bincika duk tambayoyi masu mahimmanci - da mahaukaci - tambayoyin da abokin ciniki na Windows 7 yayi, bincika log tambayoyi.log cewa don wani abu mun bayyana shi a cikin saitin BIND. Umurnin zai kasance:

  • tushen @ dnslinux: ~ # tail -f /var/log/named/queries.log

• Idan baku bari kwamfutocin kwastomomin ku su hada kai tsaye da Intanet ba, to me yasa kuke bukatar Tushen DNS Servers? Wannan zai rage fitowar umarnin mujallar -f kuma daga na baya, idan uwar garken DNS mai ikonku don Yankunan Ciki baya haɗuwa kai tsaye zuwa Intanit, wanda aka ba da shawarar sosai daga mahangar tsaro.

  tushen @ dnslinux: ~ # cp /etc/bind/db.root /etc/bind/db.root.original
  tushen @ dnslinux: ~ # cp / dev / null /etc/bind/db.root

• Idan baku buƙatar furucin sabar tushen, to me yasa kuke buƙatar Maimaitawa - Recursion?

  tushen @ dnslinux: ~ # nano /etc/bind/named.conf.options
  Zaɓuɓɓuka {
   ....
   sake komawa baya ba;
   ....
  };

Takamaiman shawara wanda har yanzu ban bayyana karara ba

El mutum dhcpd.conf ya gaya mana abubuwa masu zuwa tsakanin yawancin-wasu abubuwa:

        Bayanin sabuntawa

            tutar sabuntawa;

            Idan ma'aunin sabunta-kwaskwarima karya ne ga abokin ciniki da aka bawa, uwar garken zai yi kokarin sabuntawa na DNS ga wancan abokin huldar duk lokacin da abokin huldar ya sabunta kwangilar sa, maimakon kawai kokarin sabunta lokacin da ya zama dole. Wannan zai bawa DNS damar warkarwa daga rashin daidaiton bayanai cikin sauki, amma tsadar shine dole ne uwar garken DHCP ya kara sabunta DNS da yawa. Muna ba da shawarar karanta wannan zaɓin da aka kunna, wanda shine tsoho. Wannan zaɓin kawai yana shafar halayen ƙirar makircin sabuntawar DNS, kuma bashi da tasiri akan makircin sabunta ad-hoc DNS ɗin. Idan ba a bayyana wannan ma'auni ba, ko gaskiya ne, uwar garken DHCP za ta sabunta ne kawai lokacin da bayanin abokin ciniki ya canza, abokin ciniki ya sami wata yarjejeniyar daban, ko kuma kwangilar abokin ciniki ta kare.

Translationarin daidai ko interpretationasa daidai fassara ko fassarar an bar muku, masoyi mai karatu.

Da kaina, hakan ta faru da ni - kuma ya faru a lokacin yin wannan labarin - cewa lokacin da na haɗa BIND zuwa Active Directory®, daga Microsft® ne ko Samba 4, idan na canza sunan kwamfutar abokin ciniki da aka yi rajista a cikin Active Directory® yankin ko na AD-DC na Samba 4, yana riƙe da tsohon suna da adireshin IP a cikin Direct Direct, kuma ba wata hanyar ba, wanda ke sabuntawa daidai da sabon sunan. A takaice dai, an tsara tsoffin da sabbin sunaye zuwa adireshin IP ɗin iri ɗaya a cikin Direct Direct, yayin da a cikin akasi, kawai sabon suna ya bayyana. Don fahimtar da ni sosai, dole ne ku gwada shi da kanku.

Ina tsammanin irin fansa ce Fuegian -ba a wurina ba, don Allah- don ƙoƙarin ƙaura ayyukanku zuwa Linux.

Tabbas tsohon suna zai ɓace lokacin da Bayani na TTL3600, ko lokacin da muka ayyana a cikin daidaitawar DHCP. Amma muna son ya ɓace nan take kamar yadda yake faruwa a BIND + DHCP ba tare da Littafin Adireshin aiki ba.

Maganin wannan halin na same shi ta hanyar shigar da bayanin sabunta-ingantawa karya; a karshen saman fayil din /etc/dhcp/dhcpd.conf:

ddns-sabunta-salo na wucin gadi; ddns-sabuntawa kan; ddns-sunan yankin "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; watsi da sabuntawar abokin ciniki;
sabunta-ingantawa karya;

Idan wani Mai karatu ya san game da shi, don Allah ya haskaka ni. Zan yi godiya sosai.

Tsaya

Mun sha raha da yawa tare da batun, dama? Babu wahala saboda muna da BIND da ke aiki azaman uwar garken DNS a cikin hanyar sadarwa ta Microsoft®, suna ba da duk bayanan SRV da amsa yadda ya dace ga tambayoyin DNS ɗin da aka yi musu. A gefe guda kuma muna da sabar DHCP da ke ba da adiresoshin IP da haɓaka sabunta ZONE Zones daidai.

Amma ba za mu iya tambaya ... na wannan lokacin ba.

Ina fatan abokina Fuegian yi farin ciki da gamsuwa da mataki na farko a ƙaura zuwa Linux don yin iya biyan kuɗin Microsft® Fasahar Fasaha mara nauyi.

Bayani mai mahimmanci

Yan wasaFuegian»Labarin kirkirarre ne gaba daya kuma sam sam ne daga cikin tunanina. Duk wani kamanceceniya ko haduwa da mutane na ainihi abu ɗaya ne: Tsarkakakkiyar Tsinkaya a kaina. Na ƙirƙiri shi ne kawai don sanya rubutu da karanta wannan labarin ɗan ɗan daɗi. Yanzu idan zaku iya gaya mani cewa batun DNS yayi duhu. '????