DNS da DHCP a cikin CentOS 7 - SMB Networks

Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa

Barka dai abokai !. Za mu ga a cikin wannan labarin yadda za mu iya aiwatar da mahimman ayyuka biyu na hanyoyin sadarwar da DNS da DHCP akan CentOS - Linux, musamman a cikin sigar 7.2.

  • Wasu labarai game da DNS suna nuni zuwa ga gaskiyar cewa aiwatar da wannan sabis ɗin yana ɗan ɓoyewa da wahala. Ban yarda da wannan bayanin ba. Na fi so in ce abu ne mai ma'ana kuma yawancin fayilolin saitin suna da tsarin haɗi. Sa'ar al'amarin shine, muna da kayan aikin da zamu bincika, mataki zuwa mataki, tsarin gabatarwar kowane fayil wanda muke gyarawa. Saboda haka, zamuyi ƙoƙari don sanya karanta wannan sakon a matsayin mai daɗi da jin daɗi yadda ya kamata..

Ga waɗanda suke neman abubuwan yau da kullun, muna ba da shawarar da a fara bincikenku akan Wikipedia, duka a cikin sifofinsa na Spain da Ingilishi. Ba ƙaramin gaskiya ba ne cewa labarai a cikin Turanci kusan koyaushe suna cikakke kuma masu daidaito. Duk da haka, Wikipedia kyakkyawan tushe ne mai kyau.

Ga wadanda daga cikin ku suke son koya game da DNS da BIND, muna bada shawarar karanta littafin «OReilly - DNS da kuma BIND 4ed"rubuta ta Paul albitz y Kriket Liu, ko kuma wani bugu wanda zai wanzu.

Mun riga mun buga labarin a kan batun mai taken «DNS da DHCP a cikin budeSUSE 13.2 Hanyoyin Sadarwar - SME»Ga masoya yanayin zane. Koyaya, daga yanzu zasu fuskanci labarai akan wannan batun -ba akan wasu ba- an rubuta su da yawan amfani da emulator na tashar mota ko na'ura mai kwakwalwa. Kai, a cikin salon da UNIX® / Linux System Administrators ke amfani da shi.

Idan kanaso samun karin bayani game da sunan karshe na taken wannan labarin «Sadarwar SME»Zaku iya ziyartar shafin a cikin wannan rukunin yanar gizon«Cibiyoyin sadarwar SME: yankewar kamala ta farko«. A ciki zaku sami hanyoyin haɗi zuwa wasu labaran da yawa da aka buga.

  • Bayan an gama shigar da Tsarin Aiki na CentOS 7 tare da fakitin da muke bada shawara, el shugabanci /usr/share/doc/bind-9.9.4/ Ya ƙunshi adadi mai yawa na takardu waɗanda muke ba da shawara ka shawarta kafin ka shiga binciken Intanet ba tare da ka fara sanin cewa, a yatsanka da cikin gidanka ba, za ka iya samun abin da kake nema.

Tsarin tsarin shigarwa

Janar bayanai na yankin da uwar garken DNS

Sunan yanki: dagalinux.fan
Sunan saba na DNS: dns.fromlinux.fan
Adireshin IP: 192.168.10.5
Maɓallin Subnet: 255.255.255.0

Shigarwa

Mun fara da sabon ko tsabtace shigarwa na tsarin aiki na CentOS 7 kamar yadda aka nuna a labarin da ya gabata «CentOS 7 Hypervisor I - Sadarwar SMB«. Muna buƙatar kawai yin canje-canje masu zuwa:

  • A cikin 22 image «Zabin SOFTWARE«, Muna ba da shawarar zaɓar a cikin shafi na hagu«Tushen Muhalli»Zaɓin da ya dace da«Sabis na kayan aiki«, Duk da yake a hannun dama«Ugarin abubuwa don zaɓin Muhalli»Zaɓi akwatin bincike«Adireshin suna na DNS«. Za mu shigar da sabar DHCP daga baya.
  • Bari mu tuna da sanarwar ƙarin wuraren ajiya kamar yadda aka nuna a cikin 23 image, bayan saita «NETWORK & TEAM SUNAN".
  • Hotunan da suke magana kan bangare wanda zamu kirkira akan rumbun kwamfutar mu ana basu ne kawai a matsayin jagora. Kuna jin kyauta don zaɓar bangarorin a hankali, aiki, da ƙwarewar hankali.
  • A ƙarshe, a cikin Hoton 13 «NETWORK & SUNAN KUNGIYA», dole ne mu canza dabi'un gwargwadon sigogi gaba ɗaya na yankin da aka ayyana da kuma uwar garken DNS, ba tare da mantawa da saka sunan mai masaukin ba -a wannan yanayin «dns«- bayan an gama daidaitawar cibiyar sadarwa. Yana da kyau a yi ping -daga wani mai masaukin baki- zuwa adireshin IP ɗin da aka ambata bayan cibiyar sadarwar tana aiki:

DNS da DHCP akan CentOS

Da gaske akwai 'yan canje-canje da bayyane wadanda dole ne muyi su dangane da labarin da ya gabata.

Binciken farko da gyare-gyare

Bayan mun shigar da tsarin aiki dole ne muyi nazarin fayilolin masu zuwa aƙalla, kuma don wannan zamu fara zama ta hanyar SSH daga kwamfutarmu sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ ssh 192.168.10.5
buzz@192.168.10.5 ta kalmar wucewa: Shiga ƙarshe: Ranar Asabar 28 09:48:05 2017 daga 192.168.10.1
[buzz @ dns ~] $

Aikin da ke sama na iya ɗaukar tsawon lokaci fiye da yadda aka saba, kuma hakan ya samo asali ne saboda gaskiyar cewa har yanzu ba mu da DNS a kan LAN. Duba kuma daga baya cewa DNS na aiki.

[buzz @ dns ~] $ cat / sauransu / masu masaukin baki
127.0.0.1 daikasi localhost.kadaiji daidataid tuddnda dafda da :: :: daidnda daudda daikindawoke tuddrin dauddnda

[buzz @ dns ~] $ cat / sauransu / sunan mai masauki
dns

[buzz @ dns ~] $ cat / sauransu / sysconfig / rubutun-hanyar sadarwa / ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=946f5ac9-238a-4a94-9acb-9e3458c680fe
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.10.5
PREFIX=24
GATEWAY=192.168.10.1
DNS1=127.0.0.1
DOMAIN=desdelinux.fan

[buzz @ dns ~] $ cat /etc/resolv.conf 
# Geneirƙira ta hanyar binciken NetworkManager daga linux.fan mai saka suna 127.0.0.1

Babban abubuwan daidaitawa suna amsa abubuwan da muka zaba. Lura cewa har ma a kan sabar Red Hat 7 - CentOS 7, an saita shi ta tsohuwa lokacin HanyarKara don haka wannan shine wanda ke kula da hanyoyin sadarwar, idan suna da waya ko mara waya (WiFi), haɗin VPN, haɗin PPPoE, da duk wani haɗin hanyar sadarwa.

[buzz @ dns ~] $ sudo systemctl status networkmanager
[sudo] kalmar wucewa don buzz: ● networkmanager.service An ɗora Kwatancen: ba a samo ba (Dalili: Babu irin wannan fayil ɗin ko kundin adireshin) Mai aiki: m (matacce)

[buzz @ dns ~] $ sudo systemctl matsayin NetworkManager
● NetworkManager.service - Gudanar da Manajan Yanar Gizo: an ɗora (/usr/lib/systemd/system/NetworkManager.service; an kunna; saitaccen saiti: an kunna) Mai aiki: aiki (gudana) tun Sat 2017-01-28 12:23:59 EST; 12min ago Babban PID: 705 (NetworkManager) CGroup: /system.slice/NetworkManager.service └─705 / usr / sbin / NetworkManager --no-daemon

Red Hat - CentOS kuma yana ba ka damar haɗawa da cire haɗin hanyoyin sadarwa ta amfani da ƙa'idodi na gargajiya ifup e idan kasa. Bari muyi aiki a kan na’urar saba:

[tushen @ dns ~] # ifdown eth0
Na'urar 'eth0' ta cire haɗin kanta.

[tushen @ dns ~] # ifup eth0
An kunna haɗin kai cikin nasara (D-Bus aiki hanya: / org / freedesktop / NetworkManager / ActiveConnection / 1)
  • Muna ba da shawara kar a canza tsoffin saitunan da CentOS 7 ke bayarwa dangane da HanyarKara.

Muna bayyana ainihin wuraren da za mu yi amfani da su kuma sabunta tsarin aiki idan ya cancanta:

[buzz @ dns ~] $ su Kalmar wucewa: [tushen @ dns buzz] # cd /etc/yum.repos.d/
[tushen @ dns yum.repos.d] # ls -l
jimlar 28 -rw-r - r--. 1 tushen tushen 1664 Dec 9 2015 CentOS-Base.repo -rw-r - r--. 1 tushen tushen 1309 Dec 9 2015 CentOS-CR.repo -rw-r - r--. 1 tushen tushen 649 Dec 9 2015 CentOS-Debuginfo.repo -rw-r - r--. 1 tushen tushen 290 Dec 9 2015 CentOS-fasttrack.repo -rw-r - r--. 1 tushen tushen 630 Dec 9 2015 CentOS-Media.repo -rw-r - r--. 1 tushen tushen 1331 Dec 9 2015 CentOS-Sources.repo -rw-r - r--. 1 tushen tushen 1952 Dec 9 2015 CentOS-Vault.repo

Yana da kyau a karanta abubuwan da ke cikin fayilolin sanarwa na asali daga ɗakunan ajiya na CentOS da aka ba da shawarar. Canje-canjen da muke yi anan saboda rashin samun damar yanar gizo, kuma muna aiki tare da wuraren ajiya na cikin gida da aka sauko daga Kauyen WWW, daga abokan aiki wadanda suka dan sauƙaƙa rayuwarmu. 😉

[tushen @ dns yum.repos.d] # mkdir na asali
[tushen @ dns yum.repos.d] # mv CentOS- * asali /

[tushen @ dns yum.repos.d] # nano centos-repos.repo
[centos-base]
name=CentOS-$releasever
baseurl=http://10.10.10.1/repos/centos/7/base/
gpgcheck=0
enabled=1

[centos-updates]
name=CentOS-$releasever
baseurl=http://10.10.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[tushen @ dns yum.repos.d] # yum tsaftace duka
Plugarin plugins da aka ɗora: fastestmirror, langpacks Manyan wuraren ajiya: centos-base centos-updates Ana tsaftace komai

[tushen @ dns yum.repos.d] # yum sabuntawa
Abubuwan haɗin da aka ɗora: fastestmirror, centos-base langpacks | 3.4 kB 00:00 kwaskwarima-sabuntawa | 3.4 kB 00:00 (1/2): tsakiya-tushe / primary_db | 5.3 MB 00:00 (2/2): cibiyoyin-sabuntawa / primary_db | 9.1 MB 00:00 Tabbatar da madubi mafi sauri Babu kunshin da aka yiwa alama don ɗaukakawa

Saƙon «A'a (akwai) fakitoci da aka yiwa alama don sabuntawa» - -Babu kunshin da aka yiwa alama don sabuntawa»Ya nuna cewa, ta hanyar sanar da wuraren adana kayan aiki na zamani da muke da su yayin girkawa, daidai an shigar da fakiti na yanzu.

Game da mahallin SELinux da bangon waya

Za mu mai da hankali ga wannan labarin - a asali - kan aiwatar da ayyukan DNS da DHCP, wanda shine Babban Manufa.

Idan kowane mai karatu ya zaɓi Dokar Tsaro yayin aiwatarwar shigarwa, kamar yadda aka nuna a cikin 06 image na labarin tunani «CentOS 7 Hypervisor I - Sadarwar SMB»Anyi amfani dashi don shigar da wannan sabar ta DNS - DHCP, kuma sai kaga cewa baka san yadda ake tsara SELinux da Firewall na CentOS ba, muna ba da shawarar kayi aiki kamar haka:

Gyara fayil / sauransu / sysconfig / selinux kuma canza SELINUX = tilasta de SELINUX = a kashe

[tushen @ dns ~] # nano / sauransu / sysconfig / selinux
# Wannan fayil din yana sarrafa yanayin SELinux akan tsarin. # SELINUX = na iya ɗaukar ɗayan waɗannan ƙimomin guda uku: # tilastawa - ana aiwatar da manufofin tsaro na SELinux. # halatta - SELinux ya buga gargaɗi maimakon tilastawa. # naƙasasshe - Babu tsarin siyasa na SELinux da aka sanya.
SELINUX = marasa lafiya
# SELINUXTYPE = na iya ɗaukar ɗaya daga cikin ƙimomi biyu: # niyya - ana kiyaye matakan da aka ƙaddara, # mafi ƙaranci - Gyara manufofin da aka yi niyya. Matakan da aka zaɓa kawai sune pr $ # mls - Kariyar Matakan Tsaro. SELINUXTYPE = niyya

To, gudanar da waɗannan umarnin

[tushen @ dns ~] # saita 0
[tushen @ dns ~] # sabis na tashar wuta
Canza hanya zuwa / bin / systemctl dakatar da firewalld.service

[tushen @ dns ~] # systemctl musaki firewalld
Cire symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Cire symlink /etc/systemd/system/basic.target.wants/firewalld.service.

Idan kuna aiwatar da sabar DNS da ke fuskantar yanar gizo, BAZ ku yi abin da ke sama ba, amma saita yanayin SELinux da Firewall daidai. Duba "Haɓakar Server tare da GNU / Linux, daga marubucin Joel Barrios Dueñas" ko takardun CentOS kanta - Red Hat

Mun saita BIND - mai suna

  • El shugabanci /usr/share/doc/bind-9.9.4/ yana dauke da adadi mai yawa wanda muke ba da shawarar ka nemi shawara kafin ka shiga binciken Intanet ba tare da ka fara sanin cewa, a yatsan ka da gidan ka ba, zaka iya samun abin da kake nema

A yawancin rarraba ayyukan DNS da aka girka ta hanyar kunshin BIND ana kiransa mai suna (Sunan Daemon). A cikin CentOS 7 an girka shi nakasasshe ta hanyar tsoho, gwargwadon fitowar umarnin mai zuwa, inda take cewa matsayinta shine «an kashe su«, Kuma cewa wannan jihar an ƙaddara ta ta« mai sayarwa »- saiti saiti. Ga rikodin, BIND Software ne na Kyauta.

Ba da sabis ɗin mai suna

[tushen @ dns ~] # systemctl mai suna
Mai suna.service - Berkeley Sunan Yanar Gizo (DNS) An ɗora: ɗora Kwatancen (/usr/lib/systemd/system/named.service; an kashe su; saiti saiti: naƙasasshe) Mai aiki: mara aiki (matacce)

[tushen @ dns ~] # systemctl kunna mai suna
Symirƙirar haɗin kai daga /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[tushen @ dns ~] # systemctl fara mai suna

[tushen @ dns ~] # systemctl mai suna
Mai suna.service - Berkeley Sunan Yanar Gizo (DNS) An ɗora: ɗora Kwatancen (/usr/lib/systemd/system/named.service; kunna; saiti saiti: naƙasasshe)
   Aiki: aiki (a guje) tun Sat 2017-01-28 13:22:38 EST; 5min da suka gabata Tsarin aiki: 1990 ExecStart = / usr / sbin / mai suna -u mai suna $ ZABI (lambar = fita, hali = 0 / SUCCESS) Tsarin aiki: 1988 ExecStartPre = / bin / bash -c idan [! "$ DISABLE_ZONE_CHECKING" == "eh"]; sannan / usr / sbin / mai suna-checkconf -z /etc/named.conf; sake amsa kuwwa "Ba a kashe duba fayilolin shiyya ba"; fi (lamba = an fita, status = 0 / SUCCESS) Babban PID: 1993 (mai suna) CGroup: /system.slice/named.service └─1993 / usr / sbin / mai suna -u mai suna Jan 28 13:22:45 dns mai suna [1993]: kuskure (hanyar da ba a samu hanyar sadarwa ba) warware './NS/IN': 2001: 500: 2f :: f # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (ba a samun hanyar sadarwa) warware './ DNSKEY / IN ': 2001: 500: 3 :: 42 # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (hanyar sadarwa da ba za a iya riskarta ba) warware' ./NS/IN ': 2001: 500: 3 :: 42 # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (cibiyar sadarwar ba ta isa ba) warware './DNSKEY/IN': 2001: 500: 2d :: d # 53 Jan 28 13:22:47 dns mai suna [1993] ]: kuskure (hanyar sadarwa da ba za a iya riskarta ba) warware './NS/IN': 2001: 500: 2d :: d # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (ba a samun hanyar sadarwa) warware './DNSKEY/ IN ': 2001: dc3 :: 35 # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (hanyar da ba a samu hanyar sadarwa ba) warware' ./NS/IN ': 2001: dc3 :: 35 # 53 Jan 28 13: 22:47 dns mai suna [1993]: kuskure (hanyar da ba a samu hanyar sadarwa ba) warware './DNSKEY/IN': 2001: 7fe :: 53 # 53 Jan 28 13:22:47 dns mai suna [1993]: kuskure (ba a samun hanyar sadarwa) res olving './NS/IN': 2001: 7fe :: 53 # 53 Jan 28 13:22:48 dns mai suna [1993]: management-keys-zone: Ba za a iya ɗora DNSKEY ba '.': an ƙare

[tushen @ dns ~] # systemctl sake farawa sunan

[tushen @ dns ~] # systemctl mai suna
Mai suna.service - Berkeley Sunan Yanar Gizo (DNS) An ɗora Kwatancen: ɗora Kwatancen (/usr/lib/systemd/system/named.service; an kunna; saiti mai saiti: naƙasasshe)
   Aiki: aiki (a guje) tun Sat 2017-01-28 13:29:41 EST; Tsarin 1s da suka gabata: 1449 ExecStop = / bin / sh -c / usr / sbin / rndc stop> / dev / null 2> & 1 || / bin / kashe -TERM $ MAINPID (lambar = fita, hali = 0 / SUCCESS) Tsarin aiki: 1460 ExecStart = / usr / sbin / mai suna -u mai suna $ ZABI = / bin / bash -c idan [! "$ DISABLE_ZONE_CHECKING" == "eh"]; sannan / usr / sbin / mai suna-checkconf -z /etc/named.conf; sake amsa kuwwa "Ba a kashe duba fayilolin yanki ba"; fi (lamba = an fita, status = 0 / SUCCESS) Babban PID: 1457 (mai suna) CGroup: /system.slice/named.service └─0 / usr / sbin / mai suna -u mai suna Jan 1463 1463:28:13 dns mai suna [29]: zone-management-keys-file: file file yayi kwanan wata: cire file din janairu 41 1463:28:13 dns mai suna [29]: key-keys-zone: serial Jan 41 1463 2:28:13 dns mai suna [29]: shiyya 41.in-addr.arpa/IN: adon da aka ɗora 1463 Jan 0 0:28:13 dns mai suna [29]: zone localhost.localdomain / IN: sanya serial 41 Janairu 1463 0:28:13 dns mai suna [29]: shiyya 41.in-addr.arpa/IN: adon da aka ɗora 1463 Jan 1.0.0.127 0:28:13 dns mai suna [29]: yankin 41 .1463.ip1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.arpa / IN: adana serial 6 Janairu 0 28:13:29 dns mai suna [41]: zone localhost / IN: serial sanya 1463 Jan 0 28 : 13: 29 dns mai suna [41]: dukkan shiyyoyin da aka loda Jan 1463 28:13:29 dns mai suna [41]: suna gudana Jan 1463 28:13:29 dns systemd [41]: An Fara Berkeley Internet Name Domain (DNS).

Bayan mun kunna sabis mai suna kuma mun fara shi a karon farko, fitowar umarnin systemctl status mai suna yana nuna kurakurai. Lokacin da muka sake kunna sabis ɗin da ke ƙasa, da mai suna ya kirkiro duk fayilolin sanyi wanda, ta hanyar tsoho, ya zama dole don aikin sa daidai. Saboda haka, lokacin da muka sake aiwatar da umarnin systemctl status mai suna babu sauran kurakurai da aka nuna.

  • Masoyi, mai tsada, kuma mai bukatar Karatu: idan kanaso ka gano -akalla- wacce hanya ce zata kaika karshen ramin kurege, don Allah, ka natsu ka karanta dalla-dalla hanyoyin kowane umarni. 😉 Tabbas labarin zaiyi tsayi kadan, amma kar musan cewa ya samu nasara a bayani da bayyananniya.

Mun gyara fayil /etc/named.conf

Yawancin maganganun mai karatu sun bayyana -Ban fada ba- mania wanda masu kula da rarraba Linux daban-daban ke da shi, na sanya fayilolin sanyi a cikin manyan fayiloli tare da sunaye daban-daban dangane da distro. Suna da gaskiya. Amma menene zamu iya, masu sauƙin amfani waɗanda suke amfani da waɗannan rarraba, yi? Daidaita! 😉

Af, a cikin FreeBSD, UNIX® clone «Asalin», fayil ɗin yana ciki /usr/local/etc/namedb/named.conf; yayin cikin Debian, ban da tsagawa zuwa fayiloli huɗu mai suna.conf, mai suna.conf.options, mai suna.conf.default-zones, kuma mai suna.conf.local, yana cikin jaka / sauransu / ɗaure /. Waɗanda suke son sanin inda buɗeSUSE ya sanya shi, karanta «DNS da DHCP a cikin budeSUSE 13.2 Hanyoyin Sadarwar - SME«. Masu karatu sunyi gaskiya! 😉

Kuma kamar yadda muke yi koyaushe: kafin gyaggyara wani abu, muna adana ainihin fayil ɗin sanyi a ƙarƙashin wani suna.

[tushen @ dns ~] # cp /etc/named.conf /etc/named.conf.original

Don sauƙaƙa rayuwa, maimakon samar da maɓallin TSIG don sabunta abubuwan DNS ta DHCP, mun kwafa makullin iri ɗaya rdc.key kamar yadda dhcp.kirki.

[tushen @ dns ~] # cp /etc/rndc.key /etc/dhcp.key

[tushen @ dns ~] # nano /etc/dhcp.key
mabuɗi "dhcp-key" {algorithm hmac-md5; sirrin "OI7Vs + TO83L7ghUm2xNVKg =="; };

Saboda haka, mai suna iya karanta fayil ɗin da aka kwafa kawai, muna gyara rukunin mai shi:

[tushen @ dns ~] # tushen da aka zaba: mai suna /etc/dhcp.key [tushen @ dns ~] # ls -l /etc/rndc.key /etc/dhcp.key -rw-r -----. Tushen 1 mai suna 77 Jan 28 16:36 PM /etc/dhcp.key -rw-r -----. Tushen 1 mai suna 77 Jan 28 13:22 /etc/rndc.key

Detailsananan bayanai kamar na baya shine menene zai iya haukatar damu yayin ƙoƙarin ganowa, yanzu ... ina matsalar take ...? tare da wasu karin siffofin, wadanda bamu rubuta su ba saboda girmamawa ga masu mutunci.

Yanzu idan - a ƙarshe! - mun gyara fayil ɗin / da sauransu / suna.conf. Canje-canje ko ƙari da muka yi, game da asali, suna ciki m. Kalli yadda kalilan suke.

[tushen @ dns ~] # nano /etc/named.conf
// // mai suna.conf // // An bayar da kunshin Red Hat bind don daidaita ISC BIND mai suna (8) DNS // uwar garken azaman mai ɓoye kawai sunan mai ba da izini (azaman mai gyara DNS na gida kawai). // // Duba / usr / share / doc / daura * / samfurin / misali fayilolin sanyi masu suna. //

// Lissafin Lissafin Samun damar bayyana wacce cibiyoyin sadarwa zasu iya tuntuba
// uwar garke mai suna
acl aciki {
 127.0.0.0 / 8;
 192.168.10.0 / 24;
};

Zaɓuɓɓuka {
 // Na ayyana cewa daemon mai suna kuma saurara don aikin
 // eth0 wanda ke da IP: 192.168.10.5
    sauraren tashar jiragen ruwa 53 {127.0.0.1; 192.168.10.5; };
    saurara-on-v6 tashar jiragen ruwa 53 {:: 1; }; kundin adireshi "/ var / mai suna"; juji-fayil "/var/named/data/cache_dump.db"; kididdiga-fayil "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";

 // Bayanin masu gabatarwa
 // masu hana {
 // 0.0.0.0;
 // 1.1.1.1;
 //};
    // gaba gaba;

    // Ina ba da izinin tambayoyi ne kawai ga ACL tawa
    damar-tambaya {mired; }; // Don bincika tare da umarnin tono desdelinux.fan axfr // daga tashar SysAdmin da localhost kawai // Ba mu da sabobin DNS bayi. Ba ma bukatar sa ... sai yanzu.
 Bada damar-canja wurin {localhost; 192.168.10.1; };

    / * - Idan kana gina uwar garken DNS mai izini, KADA ka kunna komawa. - Idan kana gina uwar garken DNS mai kyau (caching), kana buƙatar kunna komowa. - Idan sabun DNS ɗinku na sake dawowa yana da adireshin IP na jama'a, dole ne ku kunna ikon sarrafawa don iyakance tambayoyi ga masu amfani da ku. Rashin yin hakan zai sa sabarka ta zama wani ɓangare na manyan hare-haren haɓaka DNS. Aiwatar da BCP38 a cikin hanyar sadarwar ku zai rage irin wannan harin kai tsaye * /
    // Muna son sabar HU AUAI don LAN - SME
    sake komawa baya ba;

    dnssec-kunna i; dnssec-Ingancin eh; / * Hanya zuwa maɓallin ISC DLV * / bindkeys-fayil "/etc/named.iscdlv.key"; sarrafa-makullin-shugabanci "/ var / mai suna / tsauri"; fayil-fayil "/run/named/named.pid"; zaman-keyfile "/run/named/session.key"; }; shiga {tashar tsoho_debug {fayil "data / named.run"; tsanani tsauri; }; }; yankin "." IN {rubuta ambato; fayil "named.ca"; }; hada da "/etc/named.rfc1912.zones"; hada da "/etc/named.root.key";

// Mun haɗa da maɓallin TSIG don sabuntawar DNS mai ƙarfi // ta DHCP
hada da "/etc/dhcp.key";

// Bayanin suna, nau'in, wurin, da sabunta izini
// na Yankunan Rikodi na DNS // Duk Yankunan sune MASTERS
yankin "desdelinux.fan" {
 Nau'in mashigin;
 fayil "tsauri / db.fromlinux.fan";
 ba da izini-sabuntawa {key dhcp-key; };
};

yankin "10.168.192.in-addr.arpa" {
 Nau'in mashigin;
 fayil "tsauri / db.10.168.192.in-addr.arpa";
 ba da izini-sabuntawa {key dhcp-key; };
};

Muna duba bayanin aiwatarwa

[tushen @ dns ~] # mai suna-rajistan dubawa 
[tushen @ dns ~] #

Tunda umarnin da ke sama bai dawo da komai ba, haɗin ginin ya yi kyau. Koyaya, idan muka aiwatar da umarni ɗaya, amma tare da zaɓi -z, fitarwa zai kasance:

[tushen @ dns ~] # mai suna-checkconf -z
zone localhost.localdomain / IN: yankin da aka sanya 0 yankin localhost / IN: yankin 0 wanda aka ɗora Kwatancen 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .ip6.arpa / IN: yankin 0 wanda aka loda 1.0.0.127.in-addr.arpa/IN: 0 wanda aka loda cikin 0 0.in-addr.arpa/IN: 10.168.192 wanda aka sanya shi daga linux.fan/IN: ɗorawa daga maigida fayil mai tsauri / db. daga linux.fan ya kasa: ba a samo yankin daga linux.fan/IN ba: an ɗora shi saboda kurakurai. _default / desdelinux.fan / IN: ba a samo yankin ba 10.168.192.in-addr.arpa/IN: lodawa daga babban fayil mai tsauri / db.10.168.192.in-addr.arpa bai yi nasara ba: ba a sami yankin ba 10.168.192 .in-addr.arpa / IN: ba a ɗora ba saboda kurakurai. _default / XNUMX.in-addr.arpa / IN: ba a samo fayil ba

Tabbas kuskure ne da suke faruwa saboda har yanzu bamu kirkiro Yankin Rajista na DNS ba don yankinmu.

  • Don ƙarin bayani akan umarnin mai suna-checkconf, gudu mutum mai suna-checkconf, kafin neman duk wani bayani akan Intanet. Ina baku tabbacin zai adana lokaci mai kyau.

Mun ƙirƙiri fayil ɗin Direct Zone daga linux.fan

... ba tare da bit na ka'idar farko ba. 😉

A matsayin samfuri don ƙirƙirar fayil ɗin bayanan yanki, zamu iya ɗaukar /var / suna / suna / fanko, ko /usr/share/doc/bind-9.9.4/sample/var/mai suna/named.empty. Dukansu iri ɗaya ne.

[tushen @ dns ~] # cat /var/named/named.empty 
$ TTL 3H @ A SOA @ rname.invalid. (0; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin lokacin ɓoyewa ko kuma mara kyau don rayuwa NS @ A 127.0.0.1 AAAA :: 1

Lokaci na rayuwa - Lokaci don rayuwa TTL Rikodin SOA

Bari mu ɗauki kwatancen don bayyana TTL - Lokaci don rayuwa daga rajista SOA - Fara Mulki na Babbar Jagora. Yana da ban sha'awa mu san ma'anar su don lokacin da muke son gyara kowane ƙimar su.

$ TTL: Lokacin rayuwa - Lokacin rayuwa ga duk bayanan da ke cikin fayil ɗin da suka biyo bayan sanarwa (amma sun gabaci kowane sanarwar $ TTL) kuma ba su da bayyananniyar sanarwar TTL.

serial: Adadin adadin bayanan Zone. Duk lokacin da muke gyara rikodin DNS da hannu a cikin wani yanki, dole ne mu ƙara wannan lambar ta 1, musamman idan muna da bayi ko sakandare na biyu. Duk lokacin da wata sakandare ko kuma uwar garken DNS ta tuntubi sabar uwargidan nata, tana neman lambar serial na bayanan maigidan. Idan lambar serial din bawan tayi kasa, to bayanan wannan yankin akan sabar bawa sun tsufa, kuma bawan yayi aikin canja wuri domin sabunta kansa.

kore gajiya: Ya gaya wa sabar bawa tazarar lokacin da ya kamata ta bincika idan bayanan ta na zamani ne game da maigidan.

sake gwadawa: Idan uwar garken uwar garken bai samu ba - saboda ya kamu da rashin lafiya, sai a ce - ga bawa bayan tazarar lokaci kore gajiya, sake gwadawa Ya gaya wa bawa tsawon lokacin da zai jira kafin ya sake neman mai gidansa.

Ya ƙare: Idan bawa bazai iya tuntubar maigidansa ba na wani lokaci Ya ƙareSannan idan an ɓata dangantakar yankin-bawa-bawa, kuma sabar bawa ba ta da zaɓi sai dai ta ƙare yankin da ake magana. Arewar wani yanki ta hanyar sabar DNS bawa yana nufin zai daina ba da amsa ga tambayoyin DNS da suka shafi yankin, saboda bayanan da ke akwai sun tsufa da yawa don amfani.

  • Abubuwan da ke sama suna koya mana kai tsaye kuma ana ɗoramu da babbar ma'ana - mafi ƙarancin sanannun hankula - cewa idan ba mu buƙatar sabobin DNS na bawa don aikin SME ɗinmu, ba mu aiwatar da shi, sai dai idan sun kasance masu tsananin buƙata. Bari koyaushe muyi ƙoƙari mu tafi daga sauki zuwa hadadden.

m: A cikin sigar kafin Ulla 8.2, rikodin karshe Soa Hakanan yana nuna Tsoffin Rayuwa - Tsohuwar lokacin rayuwa, da Rayuwar Cache Rayuwa - Kuskuren lokacin ɓoyewa don rayuwa domin Yankin. Wannan lokacin yana nufin duk martani mara kyau wanda uwar garken izini ya bayar na Yankin.

Yankin yanki /var/named/dynamic/db.fromlinux.fan

[tushen @ dns ~] # nano /var/named/dynamic/db.fromlinux.fan
$ TTL 3H @ A SOA dns.fromlinux.fan. root.dns.fromlinux.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa; @ IN NS dns.fromlinux.fan. @ IN MX 10 mail.fromlinux.fan. @ A TXT "DagaLinux, Blog ɗinku ya keɓe ne ga Software na Kyauta"; sysadmin IN A 192.168.10.1 ad-dc IN A 192.168.10.3 fileerver IN A 192.168.10.4 dns IN A 192.168.10.5 proxyweb IN A 192.168.10.6 blog IN A 192.168.10.7 ftpserver IN A 192.168.10.8 mail IN A 192.168.10.9

Muna bincika /var/named/dynamic/db.fromlinux.fan

[tushen @ dns ~] # mai suna-cakulan daga linux.fan / var / mai suna / tsauri / db. daga Linux.fan
Yankin daga linux.fan/IN: sanya serial 1 Yayi

Mun ƙirƙiri fayil ɗin Reverse Zone 10.168.192.in-addr.arpa

  • Rikodin SOA na wannan Yankin daidai yake da na Direct Direct ba tare da yin la'akari da rikodin MX ba..
[tushen @ dns ~] # nano /var/named/dynamic/db.10.168.192.in-addr.arpa
$ TTL 3H @ A SOA dns.fromlinux.fan. root.dns.fromlinux.fan. (1; serial 1D; shayar da 1H; sake gwadawa 1W; ya ƙare 3H); mafi ƙarancin ko; Kuskuren lokacin ɓoyewa don rayuwa; @ IN NS dns.fromlinux.fan. ; 1 IN PTR sysadmin.fromlinux.fan. 3 A cikin PTR ad-dc.fromlinux.fan. 4 IN PTR fayilerver.fromlinux.fan. 5 A PTR dns.fromlinux.fan. 6 IN Pxy wakili.desdelinux.fan. 7 A cikin PTR blog.desdelinux.fan. 8 A cikin PTR ftpserver.fromlinux.fan. 9 IN PTR mail.fromlinux.fan.

[tushen @ dns ~] # mai suna-bincika yankin 10.168.192.in-addr.arpa /var/named/dynamic/db.10.168.192.in-addr.arpa 
yankin 10.168.192.in-addr.arpa/IN: adana serial 1 Yayi

Kafin sake farawa mai suna muna duba tsarin sa

  • Har sai mun tabbata cewa fayilolin sanyi mai suna, mai suna.conf, da fayilolin shiyyar ba a daidaita su daidai ba, muna ba da shawarar kada a sake farawa daemon mai suna. Idan muka yi haka kuma daga baya muka canza fayil ɗin yanki, dole ne mu ƙara yawan adadin lambar yankin da aka gyaru da 1.
  • Bari mu kalli "." a karshen domain da rundunar sunayen.
[tushen @ dns ~] # mai suna-rajistan dubawa 
[tushen @ dns ~] # mai suna-checkconf -z
zone localhost.localdomain / IN: yankin da aka sanya 0 yankin localhost / IN: yankin 0 wanda aka ɗora Kwatancen 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .ip6.arpa / IN: 0 serial 1.0.0.127 zone 0.in-addr.arpa/IN: 0 zone serial da aka ɗora 0.in-addr.arpa/IN: Yankin 1 wanda aka ɗora daga linux.fan/IN: serial 10.168.192 da aka ɗora yankin 1.in-addr.arpa/IN: adreshin XNUMX

Duk halin yanzu mai suna sanyi

Don samun haske, kuma kodayake labarin ya zama mai tsayi, muna ba da cikakken umarnin umarnin mai suna-checkconf -zp:

[tushen @ dns ~] # mai suna-checkconf -zp
zone localhost.localdomain / IN: yankin da aka sanya 0 yankin localhost / IN: yankin 0 wanda aka ɗora Kwatancen 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .ip6.arpa / IN: yankin 0 wanda aka loda 1.0.0.127.in-addr.arpa/IN: 0 yankin da aka ɗora a ciki 0.in-addr.arpa/IN: Yankin 0 wanda aka ɗora daga linux.fan/IN: wanda aka ɗora a cikin 1 yankin 10.168.192.in-addr.arpa/IN: ɗora Kwatancen jerin zaɓuɓɓuka 1 masu kama da fayil {bindkeys-file "/etc/named.iscdlv.key"; zaman-keyfile "/run/named/session.key"; kundin adireshi "/ var / mai suna"; juji-fayil "/var/named/data/cache_dump.db"; sauraren tashar jiragen ruwa 53 {127.0.0.1/32; 192.168.10.5/32; }; saurara-on-v6 tashar jiragen ruwa 53 {:: 1/128; }; sarrafa-makullin-shugabanci "/ var / mai suna / tsauri"; memstatistics-file "/var/named/data/named_mem_stats.txt"; fayil-fayil "/run/named/named.pid"; kididdiga-fayil "/var/named/data/named_stats.txt"; dnssec-kunna i; dnssec-Ingancin eh; sake komawa baya ba; damar-tambaya {"mired"; }; ba da damar-canja wuri {192.168.10.1/32; }; }; acl "mired" {127.0.0.0/8; 192.168.10.0/24; }; shiga {channel 'default_debug "{file" data / named.run "; tsanani tsauri; }; }; mabuɗin "dhcp-key" {algorithm "hmac-md5"; sirrin "OI7Vs + TO83L7ghUm2xNVKg =="; }; yankin "." IN {rubuta ambato; fayil "named.ca"; }; yankin "localhost.localdomain" IN {nau'in mai gida; fayil "mai suna.localhost"; ba da damar sabuntawa "" babu "; }; }; yankin "localhost" IN {nau'in mai gida; fayil "mai suna.localhost"; ba da damar sabuntawa "" babu "; }; }; sashi "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0igborsem fayil "mai suna.loopback"; ba da damar sabuntawa "" babu "; }; }; yankin "6.in-addr.arpa" IN {nau'in mai gida; fayil "mai suna.loopback"; ba da damar sabuntawa "" babu "; }; }; yankin "1.0.0.127.in-addr.arpa" IN {nau'in mai gida; fayil "mai suna. fanko"; ba da damar sabuntawa "" babu "; }; }; yankin "desdelinux.fan" {type master; fayil "tsauri / db.fromlinux.fan"; ba da izini-sabuntawa {maballin "dhcp-key"; }; }; yankin "0.in-addr.arpa" {type master; fayil "tsauri / db.10.168.192.in-addr.arpa"; ba da izini-sabuntawa {maballin "dhcp-key"; }; }; maɓallan sarrafawa "". " key na farko-10.168.192 257 ga watan Agusta "AwEAAagAIKlVZrpC3Ia8gEzahOR + 6W7euxhJhVVLOyQbSEW9O29gcCjF FVQUTf0v8fLjwBd6YI58EzrAcQqBGCzh / RStIoO0g0NfnfL8MTJRkxoX bfDaUeVPQuYEhg0NZWAJQ2VnMVDxP / VHL37M / QZxkjf9 / Efucp496gaD X5RS2CXpoY6LsvPVjR6ZSwzz68apAzvN0dlzEheX1ICJBBtuA9G7LQpz W6hOA3hzCTMjJPJ5LbqF2dsV8DoBQzgul6sGIcGOYl6OyQdXfZ0relS Qageu + ipAdTTJ7AsRTAoub57ONGcLmqrAmRLKBP25dfwhYB8N1knNnulq QXA + Uk4ihz7 =". };
  • Bin hanyoyin gyaran mai suna.conf Dangane da bukatunmu da dubawa, kuma ƙirƙirar kowane fayil na yanki kuma bincika shi, muna shakkar cewa zamu fuskanci manyan matsalolin daidaitawa. A ƙarshe mun gane cewa wasan yara ne, tare da ra'ayoyi da yawa da kuma maganganun haɗi. '????

Binciken ya dawo da sakamako mai gamsarwa, saboda haka zamu iya sake farawa da BIND - mai suna.

Mun sake farawa mai suna kuma duba matsayinsa

[tushen @ dns ~] # systemctl sake farawa mai suna.service
[tushen @ dns ~] # tsarin systemctl mai suna.service

Idan muka sami kowane irin kuskure a cikin fitowar umarnin ƙarshe, dole ne mu sake kunna shi mai suna. sabis kuma sake duba naka status. Idan kuskuren ya ɓace, sabis ɗin ya fara cikin nasara. In ba haka ba, dole ne mu gudanar da cikakken bincike game da duk fayilolin da aka gyara da ƙirƙirar su, kuma mu maimaita aikin.

Matsayi daidai na matsayin ya zama:

[tushen @ dns ~] # tsarin systemctl mai suna.service
Mai suna.service - Berkeley Sunan Yanar Gizo (DNS) An ɗora Kwatancen: An ɗora (/usr/lib/systemd/system/named.service; an kunna; saiti mai saiti: naƙasasshe) Mai aiki: aiki (gudu) tun Rana 2017-01-29 10:05:32 EST; 2min 57s da suka gabata Tsari: 1777 ExecStop = / bin / sh -c / usr / sbin / rndc tasha> / dev / null 2> & 1 || / bin / kashe -TERM $ MAINPID (lambar = fita, hali = 0 / SUCCESS) Tsarin aiki: 1788 ExecStart = / usr / sbin / mai suna -u mai suna $ ZABI = / bin / bash -c idan [! "$ DISABLE_ZONE_CHECKING" == "eh"]; sannan / usr / sbin / mai suna-checkconf -z /etc/named.conf; sake amsa kuwwa "Ba a kashe duba fayilolin shiyya ba"; fi (lamba = an fita, status = 0 / SUCCESS) Babban PID: 1786 (mai suna) CGroup: /system.slice/named.service └─0 / usr / sbin / mai suna -u mai suna Jan 1791 1791:29:10 dns mai suna . 05 32:1791:1.0.0.127 dns mai suna [0]: yanki 29.ip10.arpa/IN : load serial 05 Jan 32 1791:10.168.192:1 dns mai suna [29]: zone desdelinux.fan/IN: adreshin da aka sanya 10 Jan 05 32:1791:1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 dns mai suna [6]: zone localhost.localdomain / IN: saka serial 0 Jan 29 10:05:32 dns mai suna [1791]: zone localhost / IN: adon da aka saka 1 Jan 29 10:05:32 dns mai suna [1791]: duk yankuna an loda
Jan 29 10:05:32 dns mai suna [1791]: Gudun
Jan 29 10:05:32 dns systemd [1]: An Fara Berkeley Sunan Yanar Gizo (DNS). Jan 29 10:05:32 dns mai suna [1791]: zone 10.168.192.in-addr.arpa/IN: aikawa da sanarwa (serial 1)

Dubawa

Ana iya gudanar da binciken a kan sabar ɗaya ko a kan injin da aka haɗa da LAN. Mun fi so mu yi su daga ƙungiyar sysadmin.fromlinux.fan wanda muka bashi izini izini don ya sami damar Canja wurin Yankin. Fayil din /etc/resolv.conf na wannan ƙungiyar sune masu zuwa:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Geneirƙira ta hanyar binciken NetworkManager daga linux.fan mai saka suna 192.168.10.5

buzz @ sysadmin: ~ $ tono daga linux.fan axfr
; << >> DiG 9.9.5-9 + deb8u1-Debian << >> daga linux.fan axfr ;; zaɓuɓɓukan duniya: + cmd daga linux.fan. 10800 A cikin SOA dns.fromlinux.fan. root.dns.fromlinux.fan. 1 86400 3600 604800 10800 daga linux.fan. 10800 A cikin NS dns.fromlinux.fan. daga linux.fan. 10800 A cikin MX 10 mail.fromlinux.fan. daga linux.fan. 10800 A TXT "FromLinux, Blog ɗin ku an sadaukar dashi don Software kyauta" ad-dc.desdelinux.fan 10800 A Cikin 192.168.10.3 blog.desdelinux.fan. 10800 A Cikin 192.168.10.7 dns.fromlinux.fan. 10800 A Cikin 192.168.10.5 fayilolierver.fromlinux.fan. 10800 A Cikin 192.168.10.4 ftpserver.fromlinux.fan. 10800 A CIKIN 192.168.10.8 mail.fromlinux.fan. 10800 A cikin 192.168.10.9 proxyweb.fromlinux.fan. 10800 A Cikin 192.168.10.6 sysadmin.fromlinux.fan. 10800 IN Zuwa 192.168.10.1 daga linux.fan. 10800 A cikin SOA dns.fromlinux.fan. root.dns.fromlinux.fan. 1 86400 3600 604800 10800 ;; Lokacin tambaya: 0 msec ;; SERVER: 192.168.10.5 # 53 (192.168.10.5) ;; LOKACI: Rana Jan 29 11:44:18 EST 2017 ;; Girman XFR: bayanai 13 (saƙonni 1, bytes 385)

buzz @ sysadmin: ~ $ digo 10.168.192.in-addr.arpa axfr
; << >> DiG 9.9.5-9 + deb8u1-Debian << >> 10.168.192.in-addr.arpa axfr ;; zaɓuɓɓukan duniya: + cmd 10.168.192.in-addr.arpa. 10800 A cikin SOA dns.fromlinux.fan.10.168.192.in-addr.arpa. root.dns.fromlinux.fan.10.168.192.in-addr.arpa. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 A cikin NS dns.fromlinux.fan. 1.10.168.192.in-addr.arpa. 10800 A cikin PTR sysadmin.fromlinux.fan. 3.10.168.192.in-addr.arpa. 10800 A cikin PTR ad-dc.fromlinux.fan. 4.10.168.192.in-addr.arpa. 10800 IN PTR fayilerver.fromlinux.fan. 5.10.168.192.in-addr.arpa. 10800 A cikin PTR dns.fromlinux.fan. 6.10.168.192.in-addr.arpa. 10800 IN PTR wakili .fromlinux.fan. 7.10.168.192.in-addr.arpa. 10800 A cikin PTR blog.desdelinux.fan. 8.10.168.192.in-addr.arpa. 10800 A cikin PTR ftpserver.fromlinux.fan. 9.10.168.192.in-addr.arpa. 10800 A cikin PTR mail.fromlinux.fan. 10.168.192.in-addr.arpa. 10800 A cikin SOA dns.fromlinux.fan.10.168.192.in-addr.arpa. root.dns.fromlinux.fan.10.168.192.in-addr.arpa. 1 86400 3600 604800 10800 ;; Lokacin tambaya: 0 msec ;; SERVER: 192.168.10.5 # 53 (192.168.10.5) ;; LOKACI: Rana Jan 29 11:44:57 EST 2017 ;; Girman XFR: bayanan 11 (saƙonni 1, bytes 352)

buzz @ sysadmin: ~ $ tona CIKIN SOA daga linux.fan
buzz @ sysadmin: ~ $ digo IN MX daga linux.fan buzz @ sysadmin: ~ $ tona IN SAMU daga linux.fan
buzz @ sysadmin: ~ $ host dns
dns.fromlinux.fan yana da adireshi 192.168.10.5
buzz @ sysadmin: ~ $ rundunar sysadmin
sysadmin.desdelinux.fan yana da adireshi 192.168.10.1 ... Da duk wani bincike da muke bukata
  • Ya zuwa yanzu, muna da tushe don sabar DNS a cikin hanyar sadarwarmu ta SME. Muna fatan kun ji daɗin dukkan aikin, wanda ya kasance da sauƙi, dama? 😉

Mun girka kuma mun saita DHCP

[tushen @ dns ~] # yum shigar dhcp
Abubuwan haɗin da aka ɗora: fastestmirror, centos-base langpacks | 3.4 kB 00:00:00 na zamani-sabuntawa | 3.4 kB 00:00:00 Dubi saurin madubi daga maƙallan maɓallin adana achedaddamarwa masu dogaro -> Gudun gwajin ma'amala ---> Kunshin dhcp.x86_64 12: 4.2.5-42.el7.centos dole ne a girka -> Yanayin shawo kan dogaro Depare Dogarawar da Aka warware ============================================== ========================================================== = ==================================== Tsarin Gine-ginen Gine-ginen Kunshin Girman Ma'ajiya =========== ============================================== = ========================================================== = ====================== Girkawa: dhcp x86_64 12: 4.2.5-42.el7.centos centos-base 511 k Takaitawar ma'amala ==== ============================================== = ========================================================== = ============================ Shigar da Kunshi 1 Girman girman zazzage: 511k Girman da aka sanya: 1.4 M Shin wannan daidai ne [y / d / N]: y Sauke fakitoci: dhcp-4.2.5-42.el7.centos.x86_64.rpm | 511 kB 00:00:00 Binciki binciken ciniki Gudun gwajin ma'amala Gudun ma'amala ya ci nasarar Gudun ciniki Sanyawa: 12: dhcp-4.2.5-42.el7.centos.x86_64 1/1 Dubawa: 12: dhcp-4.2.5-42. el7.centos.x86_64 1/1 An Shiga: dhcp.x86_64 12: 4.2.5-42.el7.centos Anyi!

[tushen @ dns ~] # nano /etc/dhcp/dhcpd.conf
# # DHCP Fayil na Kan Sanyawa Server. # duba /usr/share/doc/dhcp*/dhcpd.conf.example # duba dhcpd.conf (5) shafin mutum # ddns-sabunta-salon tsaka-tsayi; ddns-sabuntawa kan; ddns-domainname "desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; watsi da sabuntawar abokin ciniki; iko; zabin ip-isar da kashe; zaɓi sunan yankin "desdelinux.fan"; # zaɓi ntp-sabobin 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org; hada da "/etc/dhcp.key"; Yanki daga Linux.fan. {firamare 127.0.0.1; madannin dhcp-key; } yankin 10.168.192.in-addr.arpa. {firamare 127.0.0.1; madannin dhcp-key; } raba-hanyar sadarwa redlocal {subnet 192.168.10.0 netmask 255.255.255.0 {zaɓi magudanar 192.168.10.1; Zaɓin subnet-mask 255.255.255.0; zaɓi watsa-adireshin 192.168.10.255; zaɓi yankin-suna-sabobin 192.168.10.5; zaɓi netbios-sunan-sabobin 192.168.10.5; zangon 192.168.10.30 192.168.10.250; }} # KARSHEN dhcpd.conf

[tushen @ dns ~] # dhcpd -t
Kamfanin Intanet na Kamfanin Intanet DHCP Server 4.2.5 Hakkin mallaka 2004-2013 Consortium Tsarin Intanet. Duk haƙƙoƙi. Don bayani, da fatan za a ziyarci https://www.isc.org/software/dhcp/ Ba bincika LDAP ba tunda ldap-uwar garken, ldap-port da ldap-base-dn ba a bayyana su a cikin fayil ɗin daidaitawa ba

[tushen @ dns ~] # systemctl kunna dhcpd
Symirƙirar haɗin kai daga /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.

[tushen @ dns ~] # systemctl fara dhcpd

[tushen @ dns ~] # tsarin systemctl dhcpd
● dhcpd.service - DHCPv4 Server Daemon Loaded: ɗora Kwatancen (/usr/lib/systemd/system/dhcpd.service; kunna; saiti mai saiti: nakasassu) Mai aiki: yana aiki (yana gudana) tun dom TA T; 2017s da suka gabata Docs: mutum: dhcpd (01) mutum: dhcpd.conf (29) Babban PID: 12 (dhcpd) Matsayi: "Bayar da fakiti ..." CGroup: /system.slice/dhcpd.service └─04 / usr / sbin / dhcpd -f -cf /etc/dhcp/dhcpd.conf -user DHcpd -group dhcpd - ba-pid Jan 59 23:8:5 dns dhcpd [2381]: Kamfanin Intanit na Consortium DHCP Server 2381 Janairu 29 12 : 04: 59 dns dhcpd [2381]: Haƙƙin mallaka Tsarin Tsarin Intanet na 4.2.5-29. Jan 12 04:59:2381 dns dhcpd [2004]: An kiyaye duk haƙƙoƙi. Jan 2013 29:12:04 dns dhcpd [59]: Don neman bayani, da fatan za a ziyarci https://www.isc.org/software/dhcp/ Jan 2381 29:12:04 dns dhcpd [59]: Ba neman LDAP ba tun ldap -server, ldap-port da ldap-base-dn ba a fayyace su a cikin fayil din jarin ba Jan 2381 29:12:04 dns dhcpd [59]: Wrote 2381 leases to leases file. Jan 29 12:04:59 dns dhcpd [2381]: Saurara akan LPF / eth0 / 29: 12: 04: 59: 2381: 0 / redlocal Jan 52 54:00:12 dns dhcpd [17]: Aika akan LPF / eth04 / 29: 12: 04: 59: 2381: 0 / redlocal Jan 52 54:00:12 dns dhcpd [17]: Aikawa a kan Socket / fallback / fallback-net Jan 04 29:12:04 dns systemd [59]: An fara DHCPv2381 Server Daemon.

Me ya rage a yi?

Mai sauki. Fara Windows 7 ko wani abokin ciniki tare da Software na Kyauta kuma fara gwaji da dubawa. Mun yi shi tare da abokan ciniki biyu: bakwai.dagareshin.fan y suse-desktop.fromlinux.fan. Binciken ya kasance kamar haka:

buzz @ sysadmin: ~ $ bako bakwai
bakwai.fromlinux.fan yana da adireshi 192.168.10.30

buzz @ sysadmin: ~ $ mai masaukin baki bakwai.fromlinux.fan
bakwai.fromlinux.fan yana da adireshi 192.168.10.30

buzz @ sysadmin: ~ $ tona Ciki TAMBAYA bakwai.fromlinux.fan
.... ;; SASHE NA TAMBAYA :; bakwai.fromlinux.fan. A TAKAICE ;; SASAN AMSA: bakwai.fromlinux.fan. 3600 A TSAWI "31b7228ddd3a3b73be2fda9e09e601f3e9"....

Mun sake sunan kungiyar "bakwai" zuwa "LAGER" kuma mun sake yi. Bayan sake kunna sabon LAGER, sai mu duba:

buzz @ sysadmin: ~ $ bako bakwai
Ba a samo mai watsa shiri bakwai ba: 5 (AKA RASA)

buzz @ sysadmin: ~ $ mai masaukin baki bakwai.fromlinux.fan
Mai watsa shiri bakwai.desdelinux.fan ba'a samu ba: 3 (NXDOMAIN)

Buzz@sysadmin: ~ $ host lager
lager.desdelinux.fan yana da adireshi 192.168.10.30

Buzz@sysadmin: ~ $ host lager.fromlinux.fan
lager.desdelinux.fan yana da adireshi 192.168.10.30

buzz @ sysadmin: ~ $ dig IN IN TXT lager.fromlinux.fan
.... ;; SASHE NA TAMBAYA:; lager.fromlinux.fan. A CIKIN LITTAFI ;; RASHIN AMSA: lager.fromlinux.fan. 3600 A TSAWI "31b7228ddd3a3b73be2fda9e09e601f3e9"....

Game da abokin aikin suse-desktop:

buzz @ sysadmin: ~ $ host suse-dektop
Ba a samo suse-dektop mai watsa shiri ba: 5 (AKA RAYA)

buzz @ sysadmin: ~ $ host suse-tebur
suse-desktop.desdelinux.fan yana da adireshi 192.168.10.33

buzz @ sysadmin: ~ $ host suse-desktop.fromlinux.fan
suse-desktop.desdelinux.fan yana da adireshi 192.168.10.33

buzz @ sysadmin: ~ $ host 192.168.10.33
33.10.168.192.in-addr.arpa sunan yankin nuna suse-desktop.desdelinux.fan.

buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa sunan yankin nuna LAGER.desdelinux.fan.
buzz @ sysadmin: ~ $ dig -x 192.168.10.33
.... ;; SASHE NA TAMBAYA :; 33.10.168.192.in-addr.arpa. A CIKIN PTR ;; SASHE NA AMSA: 33.10.168.192.in-addr.arpa. 3600 A cikin PTR suse-desktop.fromlinux.fan. ;; SASHE NA HANKALI: 10.168.192.in-addr.arpa. 10800 A cikin NS dns.fromlinux.fan. ;; SARIN SASHE: dns.fromlinux.fan. 10800 A CIKIN 192.168.10.5 ....

buzz @ sysadmin: ~ $ dig IN TXT suse-desktop.fromlinux.fan ....
; suse-desktop.desdelinux.fan. A CIKIN LITTAFI ;; SASHE NA AMSA: suse-desktop.desdelinux.fan. 3600 A CIKI "31b78d287769160c93e6dca472e9b46d73"

;; SASHE NA HUKUNTA: desdelinux.fan. 10800 A cikin NS dns.fromlinux.fan. ;; SARIN SASHE: dns.fromlinux.fan. 10800 A Cikin 192.168.10.5
....

Har ila yau, bari mu gudanar da waɗannan umarnin masu zuwa

[tushen @ dns ~] # tono daga linux.fan axfr
; << >> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 << >> desdelinux.fan axfr ;; zaɓuɓɓukan duniya: + cmd daga linux.fan. 10800 A cikin SOA dns.fromlinux.fan. root.dns.fromlinux.fan. 6 86400 3600 604800 10800 daga linux.fan. 10800 A cikin NS dns.fromlinux.fan. daga linux.fan. 10800 A cikin MX 10 mail.fromlinux.fan. daga linux.fan. 10800 A TXT "FromLinux, Blog ɗin ku an sadaukar dashi don Software kyauta" ad-dc.desdelinux.fan. 10800 A Cikin 192.168.10.3 blog.desdelinux.fan. 10800 A Cikin 192.168.10.7 dns.fromlinux.fan. 10800 A Cikin 192.168.10.5 fayilolierver.fromlinux.fan. 10800 A Cikin 192.168.10.4 ftpserver.fromlinux.fan. 10800 A CIKIN 192.168.10.8 LAGER.fromlinux.fan. 3600 A TSAWI "31b7228ddd3a3b73be2fda9e09e601f3e9"LAGER.fromlinux.fan.   3600 A CIKIN 192.168.10.30 mail.fromlinux.fan. 10800 A cikin 192.168.10.9 proxyweb.fromlinux.fan. 10800 A Cikin 192.168.10.6 suse-desktop.fromlinux.fan. 3600 A TSAWI "31b78d287769160c93e6dca472e9b46d73"suse-desktop.desdelinux.fan. 3600 A CIKIN 192.168.10.33 sysadmin.fromlinux.fan. 10800 IN Zuwa 192.168.10.1 daga linux.fan. 10800 A cikin SOA dns.fromlinux.fan. root.dns.fromlinux.fan. 6 86400 3600 604800 10800

A cikin fitarwa da ke sama, mun haskaka akan m da TTL a cikin dakika- ga kwamfutoci masu adireshin IP waɗanda aka ba da sabis na DHCP, waɗanda ke da bayyananniyar sanarwa game da TTL 3600 da DHCP ta bayar. Kafaffen IPs suna jagorantar $ TTL na 3H -3 hours = 10800 seconds- an bayyana a cikin rikodin SOA na kowane fayil ɗin yanki.

Zasu iya bincika yankin baya a hanya guda.

[tushen @ dns ~] # tono 10.168.192.in-addr.arpa axfr

Sauran umarni masu ban sha'awa sune:

[tushen @ dns ~] # mai suna-journalprint /var/named/dynamic/db.desdelinux.fan.jnl
[tushen @ dns ~] # mai suna-journalprint /var/named/dynamic/db.10.168.192.in-addr.arpa.jnl
[tushen @ dns ~] # journalctl -f

Gyara fayilolin hannu na fayilolin Zones

Bayan DHCP ya shigo cikin aiki na sabunta fayilolin yanki na mai sunaIdan har abada muna buƙatar canza fayil ɗin yanki da hannu, dole ne mu aiwatar da waɗannan hanyoyin, amma ba kafin sanin ɗan ƙarami game da aikin mai amfani ba. rdc don sunan uwar garken suna.

[tushen @ dns ~] # mutum rndc
....
       daskare [yanki [aji [duba]]]
           Dakatar da sabuntawa zuwa yanki mai kuzari. Idan ba'a bayyana yanki ba, to, an dakatar da dukkan yankuna. Wannan yana ba da damar yin gyare-gyaren hannu zuwa yankin da aka saba sabunta shi ta hanyar sabuntawa mai ƙarfi. Hakanan yana haifar da canje-canje a cikin fayil ɗin mujallar don daidaitawa cikin babban fayil. Duk yunƙurin sabuntawa mai tsauri za'a ƙi shi yayin da yankin ya daskarewa.

       narke [yanki [aji [duba]]]
           Kunna sabuntawa zuwa daskararren yanki mai daskarewa. Idan babu wani yanki da aka ayyana, to, ana kunna duk yankuna masu sanyi. Wannan yana sa sabar ta sake loda yankin daga faifai, kuma ta sake sabunta abubuwan sabuntawa bayan lodin ya gama. Bayan an narkar da wani yanki, ba za a ƙara ƙin sabunta abubuwa ba. Idan yankin ya canza kuma ana amfani da zaɓin ixfr-daga-bambance-bambancen, to za a sabunta fayil ɗin mujallar don nuna canje-canje a yankin. In ba haka ba, idan yankin ya canza, za a cire duk fayilolin mujallar da ke ciki. ....

Menene, shin kuna tsammanin zan sake rubuta duk littafin? ... yanki kuma suna tafiya da mota. Sauran na bar muku shi. 😉

M:

  • rndc daskarewa [yanki [aji [duba]]], Dakatar da ingantaccen sabuntawar yankin. Idan ba a bayyana ɗaya ba, duk za a daskarewa. Umurnin yana ba da izinin sarrafa hannu na daskararren yanki ko na dukkan yankuna. Duk wani kwaskwarimar sabuntawa za a ƙi shi yayin daskarewa.
  • rndc ya narke [yanki [aji [duba]]], yana ba da damar sabunta abubuwa akan yankin daskararre na baya. Sabar DNS ta sake shigar da fayil ɗin yanki daga faifai, kuma ana sabunta sabuntawa bayan kammala sake kammalawa.

Kulawa za a ɗauka lokacin da muke gyara fayil ɗin yanki da hannu? Daidai yake da cewa idan muna ƙirƙirar shi, ba tare da mantawa da ƙara lambar serial ɗin ta 1 ko ba serial kafin adana fayil ɗin tare da canje-canje na ƙarshe.

Alal misali:

[tushen @ dns ~] # rndc daskare daga linux.fan

[tushen @ dns ~] # nano /var/named/dynamic/db.fromlinux.fan
Na canza fayil ɗin yanki don kowane dalili, ya zama dole ko a'a. Ina ajiye canje-canje

[tushen @ dns ~] # rndc narke daga linux.fan
An sake shigar da yanki da narkewa. Duba rajistan ayyukan don ganin sakamako.

[tushen @ dns ~] # journalctl -f
Jan 29 14:06:46 dns mai suna [2257]: yankin thawing 'desdelinux.fan/IN': nasara
Jan 29 14:06:46 dns mai suna [2257]: shiyya daga linux.fan/IN: yankin serial (6) bai canza ba. Yankin na iya kasa canzawa zuwa bayi.
Jan 29 14:06:46 dns mai suna [2257]: zone desdelinux.fan/IN: ɗumbin serial 6

Kuskure a cikin fitowar da ta gabata, wanda aka nuna a ja a kan na'urar wasan, saboda gaskiyar cewa na "manta" don ƙara lambar serial ɗin da 1. Idan da na bi tsarin yadda ya kamata, abin da aka fitar zai kasance:

[tushen @ dns ~] # journalctl -f
- Lissafin zai fara a Rana 2017-01-29 08:31:32 EST. - Jan 29 14:06:46 dns mai suna [2257]: zone desdelinux.fan/IN: adreshin da aka ɗora 6 Jan 29 14:10:01 dns systemd [1]: Farawa Zama na 43 na tushen mai amfani. Jan 29 14:10:01 dns systemd [1]: Farawa Zama na 43 na tushen mai amfani. Jan 29 14:10:01 dns CROND [2693]: (tushen) CMD (/ usr / lib64 / sa / sa1 1) Jan 1 29:14:10 dns mai suna [45]: ya karbi umarnin tashar sarrafa 'daskarewa daga Linux. fan 'Jan 2257 29:14:10 dns mai suna [45]: yankin daskarewa' desdelinux.fan/IN ': success Jan 2257 29:14:10 dns mai suna [58]: ya karbi umarnin tashar sarrafa' thaw desdelinux.fan 'Jan 2257 29:14:10 dns mai suna [58]: thawing zone 'desdelinux.fan/IN': success Jan 2257 29:14:10 dns mai suna [58]: zone desdelinux.fan/IN: file file baya aiki: cire fayil din jarida Jan 2257 29: 14: 10 dns mai suna [58]: zone desdelinux.fan/IN: adana serial 2257
  • Abokai mai karatu, Ina maimaita cewa dole ne ka karanta kayan aikin umarni da kyau. Don wani abu masu haɓakawa sun ɓatar da aiki sosai don tsara kowane umarni, komai sauƙin shi.

Tsaya

Zuwa yanzu mun yi magana kan aiwatar da ayyukan DNS - DHCP biyu, ayyuka masu mahimmanci da mahimmanci don kyakkyawan aikin Kamfanin Sadarwarmu na SME, yana nufin bayar da adiresoshin haɓaka ta hanyar DHCP da ƙudurin kwamfuta da sunayen yanki ta hanyar DNS.

Muna fatan kun ji daɗin dukkan aikin kamar yadda muka yi. Kodayake yana iya zama da wahalar gaske ta amfani da na'urar wasan bidiyo, ya fi sauƙi kuma mafi ilimi don aiwatar da sabis akan UNIX® / Linux tare da taimakonsa.

Sun gafarta mini duk wata fassarar da ba ta dace ba game da tunanin da aka kirkira, aka rubuta, aka rubuta, aka bita, aka sake rubutawa, kuma aka buga a cikin harshen Shakespeare, ba Cervantes ba. 😉

Isarwa na gaba

Ina tsammanin ɗan ƙaramin abu ɗaya ne - tare da abubuwan da ake ƙididdigewa akan rikodin DNS - amma a Debian. Ba za mu iya manta da wannan rarraba ba, daidai?


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

15 comments, bar naka

Bar tsokaci

Your email address ba za a buga.

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Kirista Merchan m

    Na gode sosai da aikin da kuka yi na yabo wajen rubuta irin waɗannan labarai masu fa'ida. Zai amfane ni sosai

  2.   federico m

    Kuma na gode sosai, Cristian, da kuka biyo ni da kuma kimanta wannan sakon. Nasarori!

  3.   Ismael Alvarez Wong m

    Bayan mun gama duba wannan sabon sakon ta Federico, babban kwarewar da aka gani a duk cikin jerin «PYMES» an sake samun sananne; ban da babban dalla-dalla da ke nuna yankinku a kan mahimman ayyuka biyu (DNS da DHCP) na kowane hanyar sadarwa. A wannan lokacin kuma ba kamar maganganun da na gabata ba, Ina da sharhi na 2 da ke jiran lokacin da na aiwatar da abin da na bayyana a cikin wannan sakon.

  4.   maryama88 m

    Babu sharhi, pa '400 !!! Fico na gode saboda kun sani sarai cewa na karanta sakonninku kuma ba za mu iya neman ƙarin ba. Kuna farawa da kyakkyawar ƙungiya, daga yadda ake girka da saita tebur na mai amfani, aikin shine tushe, shine ma'anar kasancewar waɗancan sabis ɗin cibiyar sadarwar da kuka bayyana sosai. Kun kasance kuna hawa kuma duk da cewa gaskiya ne matakin yana ƙaruwa, gaskiya ne kun yi rubuce-rubuce da bugawa ga waɗanda ke ƙasa da waɗanda suke farawa, ga waɗanda suka kasance kamar ni na ɗan lokaci kuma don waɗanda suka ci gaba.
    Na wuce lokaci na kammala cewa na san da yawa sun riga sun zo, ka'idar, wacce ke biyan mu kuɗi da yawa don saukin gaskiyar rashin son karantawa, saboda zartarwar ta riga ta fi sauƙi idan muka san abin da muke yi, me yasa ???, tambayoyin, inda zan samu da yadda za mu fita daga kuskuren da ke ba da yawan ciwon kai yayin da ba mu ma san inda suka fito ba, ya dace da sakewa.
    A saboda wannan dalili, bana son ka bar wadancan abubuwan ka'idoji wadanda za ka hada dasu game da bayanan DNS a cikin bugu na gaba kamar yadda ka sanar, kasa sosai idan ya zo ga masoyi da masoyi DEBIAN.
    NA GODE SOSAI kuma muna jira.

  5.   nisanta m

    Madalla da koyaushe Fico! Ina jiran sigar Debian, na kasance ina wasa da komai da wannan dambarwar tsawon shekaru.

  6.   federico m

    Wong: Ra'ayinku bayan karantawa yana da daraja sosai. Ina jiran maganganun ku lokacin da kuka gwada abin da ke ciki, saboda na san hakan shine yadda kuke son yin sa. 😉

  7.   federico m

    Crespo: Kamar koyaushe, ana karɓar ra'ayoyinku sosai. Na ga kun kama layin gama gari wanda na kirkira a cikin jeri. Ina fatan cewa, kamar ku, da yawa sun riga sun lura. Godiya ga bayaninka.

  8.   federico m

    Dhunter: Yayi kyau in sake karanta ka! Ba za ku jira dogon lokaci ba. Zuwa Litinin a sabuwar -ko kafin- za'a gama shi don bugawa. Kada kuyi tunanin cewa abu ne mai sauki a gareni in rufe abubuwa uku daban-daban, amma Mai Karatu Mai Daraja, ya nema. Ba Debian da Ubuntu kawai ba, amma Uku masu daidaituwa ga SMEs.

  9.   maryama88 m

    Idan kun buga, saboda kawai kuna iya, zamu goyi bayan ku kuma mun san cewa zaku bi wannan layin.
    A matsayina na ɗan ƙaramin abu, Ina fatan sakin Debian da haƙoran haƙora. Zai yi kyau idan kun dan dan rufe kadan game da NTP. Sl2 da kuma babban runguma. Da ace malamai na sun koya min komai kamar haka, HAHAJJA, Degree Platinum, HAHAJJA.

  10.   federico m

    Matsayin daki-daki a cikin kayan sarrafawa ya zama dole don nuna mahimmancin sa. Suna faɗi da yawa. Gaskiya ne cewa 'yan labarai suna magana game da wannan matakin daki-daki, saboda suna tunanin cewa za su yi tsayi da nauyi don karantawa. Da kyau, wani ɓangare na aikin SysAdmin shi ne karanta waɗancan abubuwan masu nauyi da bayanai dalla-dalla, ba wai kawai a cikin matsala ba, har ma a fuskar dubawa.

  11.   Ismael Alvarez Wong m

    Barka dai Federico, nayi alkawari a baya, dan rubuta wasu maganganu bayan nayi karatun ta natsu a hankali; To, a nan za su ci gaba:
    - Babbar dabara maimakon samar da mabuɗin TSIG don sabuntawar DNS ta DHCP, kwafin maɓallin rndc.key iri ɗaya kamar dhcp.key, wannan a bayyane yake "mai sauƙi ne" yana nuna cewa makasudin ba kawai fasaha bane na HOWTO-INSTALL-DNS - & - DHCP amma yana koya mana yin tunani, 5 TAURARI GA marubucin.
    - Mai ban sha'awa sosai a cikin fayil ɗin sanyi na DNS, mai suna.conf, kasancewar layin «izinin-canja wuri {localhost; 192.168.10.1; }, » don gwada Yankin «desdelinux.fan» kawai daga tashar SysAdmin da localhost (uwar garken DNS ɗin kanta), sannan kuma saka maɓallin TSIG don sabunta DNS daga DHCP.
    - Yana da kyau ƙirƙirar yankuna na kai tsaye da na ɓoye na DNS tare da "cikakken bayani" game da nau'ikan bayanan su, da kuma aiwatar da umarnin "# mai suna-checkconf -zp" don bincika duk tsarin haɗin sunan da aka ambata kafin ta sake saiti mai wuya, da misalai na gudanar da "haƙa" umarnin don tabbatar da nau'ikan bayanan DNS.
    . A cikin daidaitawar DHCP (ta amfani da fayil /etc/dhcp/dhcpd.conf):
    - Yadda ake kara cibiyar sadarwarmu ta gida tare da kewayon adiresoshin IP masu karfi da zasu sanya, ma'anar sunan-uwar garken, da sauransu; kazalika da yadda za a gaya wa DHCP don sabunta bayanan DNS ta hanyar amfani da layukan "ddns- ..." a cikin tsarinsa.
    . Lokacin da komai ya riga ya fara aiki, 5 TAURARI GA MARUBUCI, a aiwatar da umarnin "# dig des desdelinux.fan axfr" don bincika TTL na kwamfutocin da ke kan LAN waɗanda ke da tsayayyen IP na waɗanda ke da tsayayyen IP.
    . A ƙarshe, MAI GIRMA, gyaran hannu na fayilolin Zones ta daskare su da farko da "# rndc freeze desdelinux.fan", sannan yin gyare-gyaren kuma daga ƙarshe ya sakar musu da "# rndc thaw desdelinux.fan"
    . DA MAFIFICI, KOMAI YAYI LOKACI.
    Ci gaba da shi Fico.

    1.    Joy m

      Hello,
      Idan ba ka da wata ma'ana, za ka iya bincika duk bayanan da za ka iya amfani da su daga bayanan da za ka iya amfani da su game da bayanan komputa. Duk da haka akwai ikon sarrafawa a kan komfuta ta mijn eigen akan mobiel.
      Het zit m dus ook a cikin het dns a dhcp. Ik weet echt niet hoe ik dit moet oplossen en het kan verwijderen. Misschien dat iemand mij zai taimaka? Dit ne namelijk buiten mij om geinstalleerd. Walgelijk gedrag vind ik het.

  12.   federico m

    Wong: sharhinku ya cika labarin. Da gaske, yana nuna cewa kunyi karatun sa sosai. In ba haka ba, ba za ku iya yin sharhi tare da matakin dalla-dalla da kuke yi ba. Just ƙara cewa izinin-canja wuri Ana amfani dashi galibi don lokacin da muke da Bawan DNS kuma muna ba da izinin canja wurin yankuna daga maigidan zuwa gare shi. Ina amfani da shi ta wannan hanyar saboda hanya ce mai sauƙin aiwatarwa don yin cak marasa haɗari daga kwamfuta guda ɗaya. Na gode sosai don kwatancen ku 5. Gaisuwa! kuma zan ci gaba da jiran ku a makala ta ta gaba.

  13.   IgnacioM m

    Sannu Federico. Na san na ɗan makara, amma zan so in yi muku tambaya.
    Shin wannan aikin zai taimaka min idan ina son nuna yanki zuwa sabar vps dina?

    Kowane mintina 15 na samu wadannan sakonnin tsarin:

    DHCPREQUEST akan eth0 zuwa tashar jiragen ruwa 67 (tushen =…)
    DHCPACK daga (tushen =…)
    daure - sabuntawa a cikin sakan 970.

    Kuma daga abin da na fahimta ya kamata in ƙirƙiri rikodin tare da yanki na da ip na sabar sadaukarwa.

    * Ina taya ku murna kuma na gode da wannan labarin, ban sani ba ko abin da nake nema amma na ga ya zama mai ban sha'awa sosai kuma an bayyana shi da kyau. Na kuma samu shawarwarin daga "DNS da BIND" cewa na riga na yi tsegumi game da ɗan kuma da alama yana da ban sha'awa sosai.

    Gaisuwa daga Argentina!

    1.    Antonio valdes Toujague m

      don Allah a tuntube ni ta hanyar valdestoujague@yandex.com