DNS da DHCP a cikin Debian 8 "Jessie" - Cibiyoyin sadarwar SMB

Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa

Barka dai abokai !. Bayan bayanan da suka gabata akan Domain Name System da kuma Cibiyar Jirgin Gizon Cibiyar Nazarin Dynamic buga a cikin «DNS da DHCP a buɗeSUSE 13.2 'Harlequin'"da"DNS da DHCP akan CentOS 7«, Dukansu daga jerin Sadarwar SME, dole ne mu saita waɗannan ayyukan a cikin Debian.

Muna maimaita cewa kyakkyawar hanyar farawa don koyo game da ka'idojin ka'idoji na DNS da DHCP shine Wikipedia.

Shigar da tsarin aiki

Zamu fara daga shigar da sabar tare da tsarin Debian 8 "Jessie" ba tare da girka duk wani yanayi ko zane ba. Inji mai kama da megabytes 512 na RAM da kuma rumbun kwamfutarka mai karfin gigabyte 20 ya fi isa.

Yayin aiwatar da shigarwa - a cikin yanayin rubutu mafi kyau- kuma bin umarnin allo, mun zabi wadannan sigogi:

  • Harshe: Spanish - Sifen
  • Kasa, yanki ko yanki: Amurka
  • Maɓalli don amfani: Turanci na Amurka
  • Sanya hanyar sadarwa da hannu:
    • Adireshin IP: 192.168.10.5
    • Tashar yanar gizo: 255.255.255.0
    • Wayofar: 192.168.10.1
    • Adiresoshin suna: 127.0.0.1
    • Sunan na'ura: dns
    • Sunan yanki: desdelinux.fan
  • Babban Kalmar wucewa ta Mai amfani: SuClave (sannan ka nemi tabbaci)
  • Cikakken suna don sabon mai amfani: Debian Na farko OS Buzz
  • Sunan mai amfani don asusun: kugi
  • Zaɓi kalmar sirri don sabon mai amfani: SuClave (sannan ka nemi tabbaci)
  • Zaɓi yankin lokacinku: Gabas
  • Hanyar rabuwa: Jagora - yi amfani da faifai duka
    • Zabi faifai zuwa bangare: Virtual disk 1 (vda) - 21.5 GB Virto Block Device
    • Tsarin rabuwa: Duk fayiloli a cikin bangare ɗaya (an bada shawarar sababbin sababbin).
    • Gama raba bangare kuma rubuta canje-canje zuwa faifai
    • Shin kuna son rubuta canje-canje ga diski?
  • Shin kuna son yin nazarin wata CD ko DVD?:
  • Shin kana son amfani da irin nad?:
  • Shin kuna son yin binciken binciken kunshin?:
  • Zaɓi shirye-shiryen shigar:
    [] Yanayin tebur na Debian
    [*] Kayan aikin yau da kullun na yau da kullun
  • Shin kana son shigar da GRUB boot Loader a cikin babban rikodin boot?
    • / dev / vda
  • "An gama girkawa":

A ganina daidai gwargwado, shigar Debian mai sauki ne. Ana buƙatar kawai don amsa tambayoyin zaɓaɓɓun zaɓuɓɓuka da wasu bayanan. Har ma na yi kuskure in faɗi cewa ya fi sauƙi a bi matakan da suka gabata fiye da ta bidiyo, misali. Lokacin da nake karatu bana rasa nutsuwa. Wani batun shine kallo, karanta, fassara, da bayar da bidiyo gaba da gaba, lokacin da na rasa ko kuma ban fahimci wasu mahimman ma'anoni da kyau ba. Takardar da aka rubuta da hannu, ko bayyananniyar fayil ɗin fayil da aka kwafa zuwa wayar hannu, za su yi aiki azaman jagora mai tasiri sosai.

Saitunan farko

Bayan kammala shigarwar asali da sake sakewa na farko, zamu ci gaba da bayyana Wuraren Shirye-shiryen.

Lokacin gyara fayil din sources.list, muna yin tsokaci akan duk shigarwar data kasance ta tsoho saboda zamuyi aiki ne kawai tare da wuraren ajiya na cikin gida. Abun ƙarshe na fayil ɗin-wanda ya haɗa da layukan da aka yi sharhi- zai kasance:

tushen @ dns: ~ # nano /etc/apt/sources.list
bashi http://192.168.10.1/repos/jessie/debian/ jessie babban gudummawar bashi http://192.168.10.1/repos/jessie/debian-security/ jessie / updates main gudummawa

Muna sabunta tsarin

root @ dns: ~ # sabuntawa
root @ dns: ~ # haɓaka haɓakawa
root @ dns: ~ # sake yi

Mun sanya SSH don samun damar nesa

tushen @ dns: ~ # gwaninta shigar ssh

Don bawa mai amfani damar fara zama mai nisa ta hanyar SSH tushen -daga Kamfanin LAN kawai - muna gyara fayil ɗin saitin sa:

tushen @ dns: ~ # nano / sauransu / ssh / sshd_config
.... PermitRootLogin eh ....

root @ dns: ~ # systemctl sake farawa ssh.service
tushen @ dns: ~ # systemctl matsayin ssh.service

Mun fara zama ta nesa ta hanyar SSH a cikin «dns» daga na’urar «sysadmin»:

buzz @ sysadmin: ~ $ rm .ssh / known_hosts buzz @ sysadmin: ~ $ ssh root@192.168.10.5 ... root@192.168.10.5's password: ... root @ dns: ~ #

Babban fayilolin sanyi

Babban fayilolin tsarin tsarin zai kasance bisa ga abubuwan da muka zaba yayin shigarwar:

tushen @ dns: ~ # cat / sauransu / runduna
127.0.0.1   localhost
192.168.10.5    dns.desdelinux.fan  dns

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

tushen @ dns: ~ # cat /etc/resolv.conf 
search desdelinux.fan
nameserver 127.0.0.1

tushen @ dns: ~ # sunan mai masauki
dns

tushen @ dns: ~ # sunan mai masauki -f
dns.desdelinux.fan

tushen @ dns: ~ # cat / sauransu / cibiyar sadarwa / musaya
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
    address 192.168.10.5
    netmask 255.255.255.0
    network 192.168.10.0
    broadcast 192.168.10.255
    gateway 192.168.10.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 127.0.0.1
    dns-search desdelinux.fan

Muna girka fakitin kwarewa

tushen @ dns: ~ # ƙwarewa shigar htop mc deborphan

Tsaftace fakitin da aka zazzage, idan akwai

tushen @ dns: ~ # ƙwarewa kafa -f tushen @ dns: ~ # ƙwarewar tsarkake ~ c tushen @ dns: ~ # ƙwarewar tsabtace tushe @ dns: ~ # ƙwarewar autoclean

Mun shigar da BIND9

  • KAFIN girka AIKI muna bada shawara sosai ziyarci shafin Nau'in rikodin DNS a kan Wikipedia, duk a cikin sifofinsa na Spain da Ingilishi. Waɗannan nau'ikan rajista sune waɗanda za mu yi amfani da su a cikin tsarin fayilolin Zones, duka kai tsaye da Reverse. Yana da matukar ilimi don sanin abin da muke ma'amala da shi.
  • Har ila yau muna ba da shawara karanta wadannan Neman Sharhi RFC - Buƙatun don Sharhi, waɗanda ke da alaƙa da aikin lafiya na sabis na DNS, musamman ma game da Maimaitawa zuwa Sabis ɗin Akidar:
    • RFCs 1912, 5735, 6303, da BCP 32: game da Localhost
    • RFC 1912, 6303: Yankin salo don adireshin IPv6 localhost
    • RFCs 1912, 5735 da 6303: Dangane da Cibiyar Sadarwar Gida - «Wannan» Hanyar sadarwa
    • RFCs 1918, 5735 da 6303: Hanyoyin Sadarwar Masu Amfani
    • RFC 6598: Raba Adireshin Adireshi
    • RFCs 3927, 5735 da 6303: Link-local / APIPA
    • RFCs 5735 da 5736: Aikin Injiniyan Injiniyan Injin Intanet
    • RFCs 5735, 5737 da 6303: GWADA-NET- [1-3] don Takardawa
    • RFC 3849 da 6303: IPv6 Misalin Matsakaici don Rubutawa
    • Bayani na BCP32: Sunayen Yanki don Rubutawa da Gwaji
    • RFCs 2544 da 5735: Gwajin Samfurin na'ura mai ba da hanya tsakanin hanyoyin sadarwa
    • RFC 5735: IANA aka adana - Tsoffin Ajin E Sarari
    • RFC 4291: IPv6 Adireshin da Ba a Saka ba
    • RFCs 4193 da 6303: Farashin IPv6
    • RFCs 4291 da 6303: Haɗin IPv6 Local
    • RFCs 3879 da 6303: Adireshin Gida-Gida na IPv6 Mara Inganci
    • RFC 4159: IP6.INT ya Rage

Shigarwa

tushen @ dns: ~ # binciken iyawa9
p bind9 - Sunan Yanar Gizon Sunan Yanar gizo p bind9-doc - Takaddun shaida don BIND i bind9-host - Sigar 'host' wanda aka hada shi da BIND 9.X p bind9utils - Kayan aiki don BIND p gforge-dns-bind9 - kayan aikin hadin kai - gudanarwar DNS (ta amfani da Bind9) i A Labbind9-90 - BIND9 Rabaren karatu wanda BIND yayi amfani dashi

Har ila yau gwada gudu binciken iyawa ~ dbind9

tushen @ dns: ~ # ƙwarewar kafa bind9

tushen @ dns: ~ # systemctl sake farawa bind9.service

tushen @ dns: ~ # systemctl status bind9.service
Bind9.service - BIND Domain Name Server Loaded: ɗora Kwatancen (/lib/systemd/system/bind9.service; kunna) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ mai suna.conf
   Aiki: aiki (a guje) tun Fri 2017-02-03 10:33:11 EST; 1s da suka gabata Docs: mutum: mai suna (8) Tsarin aiki: 1460 ExecStop = / usr / sbin / rndc tasha (lambar = fita, hali = 0 / SUCCESS) Babban PID: 1465 (mai suna) CGroup: /system.slice/bind9.service └─1465 / usr / sbin / mai suna -f -u sun ɗaura Feb 03 10:33:11 dns masu suna [1465]: yankin da babu kowa a ciki: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns mai suna [1465]: sauraron tashar bada umarni a ranar 127.0.0.1 # 953 Feb 03 10:33:11 dns mai suna [1465]: sauraran tashar bada umarni akan :: 1 # 953 Feb 03 10:33:11 dns mai suna [1465]: an gudanar -keys-zone: adon da aka loda 2 Feb 03 10:33:11 dns mai suna [1465]: zone 0.in-addr.arpa/IN: serial daka 1 Feb 03 10:33:11 dns mai suna [1465]: zone localhost / IN: serial serial Feb 2 03 10:33:11 dns mai suna [1465]: zone 127.in-addr.arpa/IN: adon da aka loda Feb 1 03 10:33:11 dns mai suna [1465]: yankin 255.in -addr.arpa/IN: adreshin da aka loda 1 Feb 03 10:33:11 dns mai suna [1465]: duk bangarorin da aka loda Feb 03 10:33:11 dns mai suna [1465]: Gudanar da Shawara: Wasu layukan an zana su, amfani -l a nuna a cika.

Fayilolin kanfigareshan da BIND9 suka girka

Ta wata hanya daban dan saita sabis na DNS a cikin CentOS da openSUSE, a Debian an kirkiro wadannan fayilolin a cikin kundin adireshin / sauransu / ɗaura:

tushen @ dns: ~ # ls -l / sauransu / ɗaure /
duka 52 -rw-r - r-- 1 tushen asalin 2389 Jun 30 2015 bind.keys -rw-r - r-- tushen 1 tushen 237 Jun 30 2015 db.0 -rw-r - r-- tushen 1 tushen 271 Jun 30 2015 db.127 -rw-r - r-- 1 tushen tushen 237 Jun 30 2015 db.255 -rw-r - r-- 1 tushen tushen 353 Jun 30 2015 db.empty -rw- r - r-- 1 tushen tushen 270 Jun 30 2015 db.local -rw-r - r - 1 tushen tushen 3048 Jun 30 2015 db.root -rw-r - r - 1 tushen ɗaure 463 Jun 30 2015 mai suna.conf -rw-r - r-- 1 tushen ɗaure 490 Jun 30 2015 mai suna.conf.default-zones -rw-r - r-- 1 tushen 165 Jun 30 2015 mai suna.conf.local -rw -r - r-- 1 tushen ɗaure 890 Feb 3 10:32 mai suna.conf.options -rw-r ----- 1 ɗaure ɗaure 77 Feb 3 10:32 rndc.key -rw-r - r- - 1 tushen tushen 1317 Jun 30 2015 zones.rfc1918

Duk fayilolin da ke sama suna cikin rubutu bayyananne. Idan muna son sanin ma'ana da abun cikin kowannensu, zamu iya yinta ta amfani da umarni Kadan o cat, wanda kyakkyawan aiki ne.

Rarraba takardu

A cikin littafin adireshi / usr / raba / doc / bind9 za mu sami:

tushen @ dns: ~ # ls -l / usr / share / doc / bind9
jimlar 56 -rw-r - r - 1 tushen tushen 5927 Jun 30 2015 haƙƙin mallaka -rw-r - r-- tushen 1 19428 30 Jun 2015 1 changelog.Debian.gz -rw-r - r-- 11790 tushen tushen 27 Jan 2014 1 FAQ.gz -rw-r - r-- tushen 396 30 Jun 2015 1 LABARAI.Debian.gz -rw-r - r- 3362 tushen tushen 30 Jun 2015 1 README.Debian. Gz -rw- r - r-- 5840 tushen tushen 27 Jan 2014 XNUMX README.gz

A cikin bayanan da suka gabata za mu sami Abubuwan Nazari Mai Yawa waɗanda muke ba da shawarar karanta KAFIN daidaitawa da BIND, har ma da KAFIN bincika Intanet don abubuwan da suka shafi BIND da DNS gaba ɗaya.. Za mu karanta abubuwan da ke cikin wasu fayilolin:

FAQs o Fbukata Asked Qji game da ɗaure 9

  1. Haɗawa da Tambayoyi Girkawa - Tambayoyi game da tattarawa da girkawa
  2. Kanfigareshan da Saitin Tambayoyi - Tambayoyi game da daidaitawa da kunnawa
  3. Tambayoyin Aiki - Tambayoyi game da Aikin
  4. Gabaɗaya Tambayoyi - Janar bincike
  5. Aikin-Tsarin Takamaiman Tambayoyi - Takamaiman Tambayoyi game da kowane Tsarin Aiki
    1. HPUX
    2. Linux
    3. Windows
    4. FreeBSD
    5. Solaris
    6. Apple Mac OS X

LABARI.Debian.gz

LABARAI.Debian a takaice ya gaya mana cewa sigogi damar-tambaya-cache y sake ba da izini ana kunna ta tsoho don ACLs da aka saka a daure -gina-in- 'gidajan gida"da"Localhost'. Hakanan yana sanar da mu cewa tsoffin canje-canjen anyi su ne don sanya sabobin cache basu da kyan gani ga hari ta Kwashewa daga cibiyoyin sadarwar waje.

Don bincika abin da aka rubuta a cikin sakin layi na baya, idan daga inji akan cibiyar sadarwar kanta 192.168.10.0/24 que es la de nuestro ejemplo, realizamos una petición DNS sobre el dominio desdelinux.net, y al mismo tiempo en el propio servidor dns.desdelinux.fan muna aiwatarwa wutsiya -f / var / log / syslog za mu sami wadannan:

buzz @ sysadmin: ~ $ digo localhost
.... ;; ZABE NA ZARI :; EDNS: sigar: 0, tutoci :; udp: 4096 ;; SASHE NA TAMBAYA :; localhost. A CIKIN A ;; SASAN AMSA: localhost. 604800 A CIKIN 127.0.0.1 ;; SASHE NA HUKUNTA: localhost. 604800 A cikin NS localhost. ;; ARIN SASHE: localhost. 604800 A AAAA :: 1

buzz@sysadmin:~$ dig desdelinux.net
....
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;desdelinux.net.            IN  A
....
tushen @ dns: ~ # wutsiya -f / var / log / syslog ....
Feb  4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:7fd::1#53
Feb  4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:503:c27::2:30#53
....

Fitarwa na syslog ya fi tsayi sosai saboda binciken sabar da RUFE. Tabbas fayil din /etc/resolv.conf a cikin kungiyar sysadmin.desdelinux.fan maki zuwa DNS 192.168.10.5.

Daga aiwatar da umarnin baya zamu iya yanke shawara da yawa a priori:

  • An saita BIND ta tsohuwa azaman aikin Cache Server ba tare da buƙatar ƙarin daidaitawa ba, kuma yana amsa tambayoyin DNS don gidajan gida da kuma Localhost
  • Maimaitawa - Recursion an kunna shi don gidajan gida da kuma Localhost
  • Har yanzu ba sabar mai izini bane
  • Ba kamar CentOS ba, inda yakamata mu bayyana siga «Takaitaccen sauraren tashar jiragen ruwa 53 {127.0.0.1; 192.168.10.5; }, » a bayyane don sauraron buƙatun DNS akan hanyar sadarwa 192.168.10.5 DNS da kanta, a cikin Debian ba lallai bane saboda yana tallafawa buƙatun DNS don gidajan gida da kuma Localhost tsoho Duba abin da ke cikin fayil ɗin /etc/bind/named.conf.options kuma za su ga cewa babu wata sanarwa saurare-kan.
  • Ana kunna tambayoyin IPv4 da IPv6

Idan kawai ta hanyar karantawa da fassara -a tin kamar yadda muke faɗa a Cuba- tarihin LABARI.Debian.gz Mun cimma matsaya mai ban sha'awa wacce zata bamu damar sanin dan kadan game da Tsoffin tsarin Gudanar da Falsafa na Team Debian game da BIND, wadanne abubuwa ne masu ban sha'awa zamu iya sani daga ci gaba da karanta fayilolin Takardun Rakiya?.

KARANTADebian.gz

KARANTA: Debian ya sanar da mu -a cikin wasu bangarorin da yawa- cewa Tsaron Tsaro na Tsarin Sunan Yanki - Domain sunan Tsaro Tsaro Tsaro o DNSSEC, an kunna; kuma ya sake tabbatar da cewa daidaitaccen tsari yana aiki don yawancin sabobin (sabobin ganye - sabobin ganye yana nufin ganyen bishiyar yankin) ba tare da buƙatar sa hannun mai amfani ba.

  • DNSSEC a cewar Wikipedia: Ensionsarin Tsaron Tsaron Yanki na Yanki (DNSSEC) saiti ne na takamaiman ofungiyar Injiniyan Injiniyan Intanet (IETF) don tabbatar da wasu nau'ikan bayanan da aka samar da sunan tsarin sunan yankin (DNS) da ake amfani da su a cikin Intanet Protocol (IP). Tsara ne na kari zuwa DNS wanda ke samarwa abokan ciniki na DNS (ko masu warwarewa) tare da ingantaccen tushen bayanan DNS, ƙin yarda da wanzuwar da amincin bayanai, amma ba kasancewa ko sirrin ba.

Game da Tsarin Gyarawa ya gaya mana cewa duk Fayil na Kanfigareshan Tsayayyen tsaye, Fayilolin Yanki na Sabbin Akidar, da Yankunan Gaba da Karkata na Localhost suna ciki / sauransu / ɗaura.

Littafin Aiki na Aljanu mai suna es / var / cache / ɗaure sab thatda haka, duk wani ɗan lokaci mai tsawo fayil generated da mai suna kamar rumbun adana bayanai wadanda take aikinsu a matsayin Sabar Bawa, an rubuta su a cikin Tsarin Fayil / var, wanda shine inda suke.

Ba kamar sifofin da suka gabata na kunshin BIND na Debian ba, fayil ɗin mai suna.conf da kuma db. * kawota, an lakafta su azaman fayilolin daidaitawa. Ta wannan hanyar cewa idan muna buƙatar DNS Server wanda ke aiki akasari a matsayin Server na Kache kuma hakan baya da Izini ga kowa, zamu iya amfani da shi kamar yadda aka sanya shi kuma an tsara shi ta hanyar da ba ta dace ba.

Idan kuna buƙatar aiwatar da DNS na Gaskiya, suna ba da shawarar sanya fayilolin Master Zone a cikin wannan kundin adireshin / sauransu / ɗaura. Idan hadadden yankunan wanda mai suna zai zama Mai ikon buƙata yana buƙata, ana ba da shawarar ƙirƙirar ƙaramin tsari, yana nufin fayilolin yankin kwata-kwata a cikin fayil ɗin mai suna.conf.

Duk wani Fayil na Zone wanda mai suna yi aiki azaman Bawan Server dole ne ya kasance a ciki / var / cache / ɗaure.

Fayilolin Yankin da suke ƙarƙashin Dynamic Updates ta hanyar DHCP ko umarnin sabuwa, ya kamata a adana a ciki / var / lib / ɗaure.

Idan tsarin aiki yayi amfani kayan aiki, bayanin da aka sanya yana aiki ne kawai tare da saitunan BIND na asali. M canje-canje a cikin sanyi na mai suna Suna iya buƙatar canje-canje ga bayanan mai amfani. Ziyarci https://wiki.ubuntu.com/DebuggingApparmor kafin cika fom mai zargin a kwaro a cikin wannan sabis ɗin.

Akwai batutuwa da yawa da suka danganci gudanar da Debian BIND a cikin Chroot Cage - kurkuku. Ziyarci http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html don ƙarin bayani.

Sauran bayanai

mutum mai suna, mutum mai suna.conf, mutum mai suna-checkconf, mutum mai suna-checkzone, mutumin rndc, da sauransu

tushen @ dns: ~ # mai suna -v
INulla 9.9.5-9 + deb8u1-Debian (Supportarin Tallafin Talla)

tushen @ dns: ~ # mai suna -V
INulla 9.9.5-9 + deb8u1-Debian (Supportarin Tallafin Talla) gina ta hanyar amfani da '--prefix = / usr' '-mandir = / usr / share / man' '-infodir = / usr / share / info' '--sysconfdir = / etc / bind' \ '- -localstatedir = / var '' --abubban-zaren '' -abili-babban fayil '\' -with-libtool '' --abuwa-rabawa '' --enable-tsaye '' '-with-openssl = / usr '' -with-gssapi = / usr '' -with-gnu-ld '\' -with-geoip = / usr '' -with-atf = a'a '' - mai yuwuwa-ipv9 '' --enable-rrl '\' --able-filter-aaaa '\' CFLAGS = -fno-tsananin-laƙabi -fno-share-null-pointer-checks -DDIG_SIGCHASE -O8 'wanda GCC 50 ta tattara ta amfani da sigar OpenSSL : OpenSSL 6k 2 Jan 4.9.2 ta amfani da libxml1.0.1 sigar: 8

tushen @ dns: ~ # ps -e | grep mai suna
  408? 00:00:00 mai suna

tushen @ dns: ~ # ps -e | daure man shafawa
  339? 00:00:00 rpcbind

tushen @ dns: ~ # ps -e | gauraye daure9
tushen @ dns: ~ #

tushen @ dns: ~ # ls / var / run / mai suna /
mai suna.pid zaman.key  
tushen @ dns: ~ # ls -l /var/run/named/named.pid 
-rw-r - r-- 1 ɗaure ɗaure 4 Feb 4 13:20 /var/run/named/named.pid

tushen @ dns: ~ # rndc matsayi
sigar: 9.9.5-9 + deb8u1-Debian An samo CPUs: Zaren mai aiki 9: 8 UDP masu sauraro ta hanyar dubawa: lamba 50 na yankuna: matakin cire kuskure 1: 1 xfers yana gudana: 1 xfer da aka jinkirta: 100 tambayoyin soa na ci gaba: Shigar da tambayoyin 0 KASHE abokan ciniki masu sake dawowa: 0/0/0 tcp abokan ciniki: Sabar 0/0 tana aiki kuma tana aiki
  • Ba za a iya musun mahimmancin tuntuɓar Takaddun da aka sanya tare da kunshin BIND9 ba. kafin wani.

daura9-doc

tushen @ dns: ~ # ƙwarewar shigar da hanyoyin haɗin9-doc2
tushen @ dns: ~ # dpkg -L bind9-doc

Kunshin daura9-doc girka, a tsakanin sauran bayanai masu amfani, littafin Jagorar Mai Gudanar da BIND 9. Don samun damar jagorar - a Ingilishi- muna aiwatarwa:

tushen @ dns: ~ # fayil na 2 links: ///usr/share/doc/bind9-doc/arm/Bv9ARM.html
BIND 9 Administrator Reference Manual Hakkin Mallaka (c) 2004-2013 Consortium na Intanet na Intanet, Inc. ("ISC") Hakkin mallaka (c) 2000-2003 Consortium na Intanet na Intanet.

Muna fatan kun ji daɗin karanta shi.

  • Ba tare da barin gida ba, muna da cikakkun Takaddun Hukumomi game da BIND da kuma game da sabis ɗin DNS gaba ɗaya.

Mun saita BIND a cikin salon Debian

/etc/bind/named.conf "babba"

tushen @ dns: ~ # nano /etc/bind/named.conf
// Wannan shine farkon fayil ɗin daidaitawa don uwar garken BIND DNS mai suna.
//
// Da fatan a karanta /usr/share/doc/bind9/README.Debian.gz don bayani akan
// tsarin fayilolin daidaita BIND a cikin Debian, * KAFIN * ka tsara
// wannan fayil ɗin daidaitawa.
//
// Idan kawai kuna ƙara yankuna ne, da fatan za a yi hakan a cikin /etc/bind/named.conf.local

hada da "/etc/bind/named.conf.options";
hada da "/etc/bind/named.conf.local";
hada da "/etc/bind/named.conf.default-zones";

Shin taken da aka yi sharhi yana buƙatar fassara?

/etc/bind/named.conf.options

tushen @ dns: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

tushen @ dns: ~ # nano /etc/bind/named.conf.options
za optionsu {{ukan {directory "/ var / cache / bind"; // Idan akwai Tacewar zaɓi tsakanin ku da sunayen masu son da kuke so // kuyi magana da su, kuna iya buƙatar gyaran katangar don ba da dama // mashigai suyi magana. Duba http://www.kb.cert.org/vuls/id/800113 // Idan ISP naka ya ba da adireshin IP ɗaya ko fiye don masu karko // masu amfani da suna, mai yiwuwa kana son amfani da su azaman masu turawa. // Ba da bayani game da toshe mai zuwa, sa'annan shigar da adiresoshin maye gurbin // mai wurin-0 duka. // masu gabatarwa {// 0.0.0.0; //}; // ============================================== = ===================== $ // Idan BIND ya sanya kuskuren sakonni game da tushen mabudin da ya kare, // zaka bukaci sabunta makullinka Duba https://www.isc.org/bind-keys // ================================== ================================= $ $

    // Ba mu son DNSSEC
        dnssec-ba damar;
        //dnssec-validation auto;

        auth-nxdomain babu; # yi dace da RFC1035

 // Ba mu buƙatar sauraron adiresoshin IPv6
        // saurara-on-v6 {kowane; };
    saurare-kan-v6 {babu; };

 // Don dubawa daga localhost da sysadmin
    // mediante dig desdelinux.fan axfr
    // No tenemos DNS Esclavos... hasta ahora
 Bada damar-canja wurin {localhost; 192.168.10.1; };
};

tushen @ dns: ~ # mai suna-checkconf 
tushen @ dns: ~ #

/etc/bind/named.conf.local

A cikin rubutun da aka yi sharhi na wannan fayil ɗin, suna ba da shawarar har da Yankunan da aka nuna a cikin BA-1918 aka bayyana a cikin fayil /etc/bind/zones.rfc1918. Hada waɗannan yankuna a cikin gida yana ba da cewa duk wata tambaya game da su ba ta barin cibiyar sadarwar gida zuwa tushen sabobin, wanda ke da fa'idodi biyu masu mahimmanci:

  • Saurin ƙuduri na gari don masu amfani na gida
  • Ba ya haifar da zirga-zirga ba dole ba - ko ɓarna - zuwa sabar tushen.

Ni kaina ba ni da haɗin Intanet don gwada Balaguro ko Turawa. Koyaya, kuma kamar yadda ba mu ɓatar da Maimaitawa a cikin suna.conf.options fayil -a hanyar maimaitawa ba; - za mu iya haɗawa da yankunan da aka ambata da sauransu waɗanda na bayyana a ƙasa.

Lokacin shigar da BIND 9.9.7 akan FreeBSD 10.0 Operating System, wanda shima -kuma ba zato ba tsammani- Free Software, fayil ɗin sanyi /usr/local/etc/namedb/named.conf.sample ya ƙunshi duka jerin yankuna waɗanda ke ba da shawarar yin hidima a cikin gida don-sami- mahimman fa'idodin da aka ambata.

Don kar a canza ainihin saitin BIND a cikin Debian, muna ba da shawarar ƙirƙirar fayil ɗin /etc/bind/zones.rfcFreeBSD kuma hada da shi a cikin /etc/bind/named.conf.local tare da abubuwan da aka nuna a ƙasa, kuma tare da hanyoyi - hanyoyi ga fayilolin da suka riga sun dace da Debian:

tushen @ dns: ~ # nano /etc/bind/zones.rfcFreeBSD
// Sararin Adireshin Gida (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Link-local / APIPA (RFCs 3927, 5735 da 6303)
yankin "254.169.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IETF ayyukan yarjejeniya (RFCs 5735 da 5736)
yankin "0.0.192.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; };

// GWADA-NET- [1-3] don Takaddun shaida (RFCs 5735, 5737 da 6303)
yankin "2.0.192.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "100.51.198.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "113.0.203.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IPv6 Misalin Matsakaici don Rikodin (RFCs 3849 da 6303)
yankin "8.bd0.1.0.0.2.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; };

// Sunayen Yanki don Rubutawa da Gwaji (BCP 32)
yankin "gwaji" {nau'in mai gida; fayil "/etc/bind/db.empty"; }; yankin "misali" {type master; fayil "/etc/bind/db.empty"; }; yankin "mara inganci" {mai gida iri; fayil "/etc/bind/db.empty"; }; yankin "example.com" {type master; fayil "/etc/bind/db.empty"; }; shiyyar "example.net" {type master; fayil "/etc/bind/db.empty"; }; shiyyar "example.org" {type master; fayil "/etc/bind/db.empty"; };

// Router Benchmark Testing (RFCs 2544 da 5735)
yankin "18.198.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "19.198.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IANA Aka Tsara - Tsohon Ajin E Sarari (RFC 5735)
yankin "240.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "241.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "242.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "243.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "244.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "245.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "246.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "247.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "248.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "249.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "250.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "251.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "252.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "253.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "254.in-addr.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IPv6 Adireshin da Ba a Saka ba (RFC 4291)
yankin "1.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "3.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "4.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "5.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "6.ip6.arpa" {mai gida irin; fayil "/etc/bind/db.empty"; }; yankin "7.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "8.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "9.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "a.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "b.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "c.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "d.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "e.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "0.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "1.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "2.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "3.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "4.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "5.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "6.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "7.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "8.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "9.f.ip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "afip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "bfip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "0.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "1.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "2.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "3.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "4.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "5.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "6.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "7.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 da 6303)
yankin "cfip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "dfip6.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IPv6 Haɗin Gida (RFCs 4291 da 6303)
yankin "8.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "9.efip6.arpa" {type master; fayil "/etc/bind/db.empty"; }; yankin "aefip6.arpa" {nau'ikan jagora; fayil "/etc/bind/db.empty"; }; yankin "befip6.arpa" {type master; fayil "/etc/bind/db.empty"; };

// IPv6 Ragunan Adireshin Gida-Gida (RFCs 3879 da 6303)
yankin "cefip6.arpa" {nau'ikan jagora; fayil "/etc/bind/db.empty"; }; yankin "defip6.arpa" {nau'in mai gida; fayil "/etc/bind/db.empty"; }; shiyyar "eefip6.arpa" {nau'in mai gida; fayil "/etc/bind/db.empty"; }; shiyyar "fefip6.arpa" {nau'in jagora; fayil "/etc/bind/db.empty"; };

// IP6.INT ya Rage kansa (RFC 4159)
yankin "ip6.int" {type master; fayil "/etc/bind/db.empty"; };

Kodayake mun kawar da yiwuwar sauraron buƙatun IPv6 a cikin misalinmu, yana da daraja a haɗa da shiyyoyin IPv6 a cikin fayil na baya ga waɗanda suke buƙatar su.

Contentarshen abun ciki na /etc/bind/named.conf.local es:

tushen @ dns: ~ # nano /etc/bind/named.conf.local
// // Yi kowane tsari na gida a nan // // Yi la'akari da ƙara yankunan 1918 a nan, idan ba a amfani da su a cikin ƙungiyar ku //
hada da "/etc/bind/zones.rfc1918"; hada da "/etc/bind/zones.rfcFreeBSD";

// Bayanin suna, nau'in, wurin, da sabunta izini
// na Yankunan Rikodi na DNS // Duk Yankunan sune MASTERS
zone "desdelinux.fan" {
 Nau'in mashigin;
 file "/var/lib/bind/db.desdelinux.fan";
};

yankin "10.168.192.in-addr.arpa" {
 Nau'in mashigin;
 fayil "/var/lib/bind/db.10.168.192.in-addr.arpa";
};

tushen @ dns: ~ # mai suna-checkconf tushen @ dns: ~ #

Mun ƙirƙiri fayilolin kowane yanki

Za'a iya kofe abubuwan cikin fayilolin a kowane yanki a zahiri daga labarin «DNS da DHCP akan CentOS 7«, Muddin muna da hankali don canza kundin adireshin makoma zuwa / var / lib / ɗaure:

[root@dns ~]# nano /var/lib/bind/db.desdelinux.fan
$TTL 3H
@   IN SOA  dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                        1   ; serial
                                        1D  ; refresh
                                        1H  ; retry
                                        1W  ; expire
                                        3H )    ; minimum or
                                                ; Negative caching time to live
;
@               IN  NS  dns.desdelinux.fan.
@               IN  MX  10 mail.desdelinux.fan.
@       IN  TXT "DesdeLinux, su Blog dedicado al Software Libre"
;
sysadmin        IN  A   192.168.10.1
ad-dc           IN  A   192.168.10.3
fileserver  IN  A   192.168.10.4
dns             IN  A   192.168.10.5
proxyweb        IN  A   192.168.10.6
blog            IN  A   192.168.10.7
ftpserver   IN  A   192.168.10.8
mail            IN  A   192.168.10.9

[tushen @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$TTL 3H
@   IN SOA  dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                        1   ; serial
                                        1D  ; refresh
                                        1H  ; retry
                                        1W  ; expire
                                        3H )    ; minimum or
                                                ; Negative caching time to live
;
@               IN  NS  dns.desdelinux.fan.
;
1   IN  PTR     sysadmin.desdelinux.fan.
3   IN  PTR     ad-dc.desdelinux.fan.
4   IN  PTR     fileserver.desdelinux.fan.
5   IN  PTR     dns.desdelinux.fan.
6   IN  PTR     proxyweb.desdelinux.fan.
7   IN  PTR     blog.desdelinux.fan.
8   IN  PTR     ftpserver.desdelinux.fan.
9   IN  PTR     mail.desdelinux.fan.

Muna bincika tsarin amfani da kowane yanki

root@dns:~# named-checkzone desdelinux.fan /var/lib/bind/db.desdelinux.fan 
zone desdelinux.fan/IN: loaded serial 1
OK

tushen @ dns: ~ # mai suna-rajista 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa 
yankin 10.168.192.in-addr.arpa/IN: adana serial 1 Yayi

Duba manyan saitunan BIND

tushen @ dns: ~ # mai suna-checkconf -zp
  • Bin hanyoyin gyaran mai suna.conf Dangane da bukatunmu da dubawa, kuma ƙirƙirar kowane fayil na yanki kuma bincika shi, muna shakkar cewa zamu fuskanci manyan matsalolin daidaitawa. A ƙarshe mun gane cewa wasan yara ne, tare da ra'ayoyi da yawa da kuma maganganun haɗi. '????

Binciken ya dawo da sakamako mai gamsarwa, saboda haka zamu iya sake farawa da BIND - mai suna.

Mun sake kunna BIND kuma mun duba matsayinta

[tushen @ dns ~] # systemctl sake farawa bind9.service
[tushen @ dns ~] # systemctl halin ɗaure9.service
Bind9.service - BIND Domain Name Server Loaded: ɗora Kwatancen (/lib/systemd/system/bind9.service; kunna) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Mai aiki: yana aiki (gudana) tun Rana 2017-02-05 07:45:03 EST; 5s da suka gabata Docs: mutum: mai suna (8) Tsarin aiki: 1345 ExecStop = / usr / sbin / rndc stop (lambar = an fita, status = 0 / SUCCESS) Babban PID: 1350 (mai suna) CGroup: /system.slice/bind9.service └─1350 / usr / sbin / mai suna -f -u ɗaura Feb 05 07:45:03 dns mai suna [1350]: zone 1.f.ip6.arpa/IN: serial ɗorawa 1 Feb 05 07:45:03 dns mai suna [1350]: zone afip6.arpa/IN: load serial 1 Feb 05 07:45:03 dns mai suna [1350]: zone localhost / IN: adon da aka ɗora 2 Feb 05 07:45:03 dns mai suna [1350]: gwajin yankin / IN: load serial 1 Feb 05 07:45:03 dns mai suna [1350]: zone zone / IN: serial adamu 1 Feb 05 07:45:03 dns mai suna [1350]: zone 5.efip6.arpa/IN: ɗora Kwatancen serial 1 Feb 05 07:45:03 dns mai suna [1350]: zone bfip6.arpa/IN: serial load 1 Feb 05 07:45:03 dns mai suna [1350]: ip6.int/IN: serial 1 Feb 05 07:45:03 dns mai suna [1350]: duk shiyoyin da aka loda Feb 05 07:45:03 dns mai suna [1350]: suna gudana

Idan muka sami kowane irin kuskure a cikin fitowar umarnin ƙarshe, dole ne mu sake kunna shi mai suna. sabis kuma sake duba naka status. Idan kuskuren ya ɓace, sabis ɗin ya fara cikin nasara. In ba haka ba, dole ne mu gudanar da cikakken bincike game da duk fayilolin da aka gyara da ƙirƙirar su, kuma mu maimaita aikin.

Dubawa

Ana iya gudanar da binciken a kan sabar ɗaya ko a kan injin da aka haɗa da LAN. Mun fi so mu yi su daga ƙungiyar sysadmin.desdelinux.fan wanda muka bashi izini izini don ya sami damar Canja wurin Yankin. Fayil din /etc/resolv.conf na wannan ƙungiyar sune masu zuwa:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Generated by NetworkManager
search desdelinux.fan
nameserver 192.168.10.5

buzz@sysadmin:~$ dig desdelinux.fan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr
;; global options: +cmd
desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
desdelinux.fan.     10800   IN  NS  dns.desdelinux.fan.
desdelinux.fan.     10800   IN  MX  10 mail.desdelinux.fan.
desdelinux.fan.     10800   IN  TXT "DesdeLinux, su Blog dedicado al Software Libre"
ad-dc.desdelinux.fan.   10800   IN  A   192.168.10.3
blog.desdelinux.fan.    10800   IN  A   192.168.10.7
dns.desdelinux.fan. 10800   IN  A   192.168.10.5
fileserver.desdelinux.fan. 10800 IN A   192.168.10.4
ftpserver.desdelinux.fan. 10800 IN  A   192.168.10.8
mail.desdelinux.fan.    10800   IN  A   192.168.10.9
proxyweb.desdelinux.fan. 10800  IN  A   192.168.10.6
sysadmin.desdelinux.fan. 10800  IN  A   192.168.10.1
desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 192.168.10.5#53(192.168.10.5)
;; LOKACI: Rana Feb 05 07:49:01 EST 2017
;; Girman XFR: bayanai 13 (saƙonni 1, bytes 385)

buzz @ sysadmin: ~ $ digo 10.168.192.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr
;; global options: +cmd
10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
10.168.192.in-addr.arpa. 10800  IN  NS  dns.desdelinux.fan.
1.10.168.192.in-addr.arpa. 10800 IN PTR sysadmin.desdelinux.fan.
3.10.168.192.in-addr.arpa. 10800 IN PTR ad-dc.desdelinux.fan.
4.10.168.192.in-addr.arpa. 10800 IN PTR fileserver.desdelinux.fan.
5.10.168.192.in-addr.arpa. 10800 IN PTR dns.desdelinux.fan.
6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux.fan.
7.10.168.192.in-addr.arpa. 10800 IN PTR blog.desdelinux.fan.
8.10.168.192.in-addr.arpa. 10800 IN PTR ftpserver.desdelinux.fan.
9.10.168.192.in-addr.arpa. 10800 IN PTR mail.desdelinux.fan.
10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
;; Query time: 1 msec
;; SERVER: 192.168.10.5#53(192.168.10.5)
;; LOKACI: Rana Feb 05 07:49:47 EST 2017
;; Girman XFR: bayanai 11 (saƙonni 1, bytes 333)

buzz@sysadmin:~$ dig IN SOA desdelinux.fan
buzz@sysadmin:~$ dig IN MX desdelinux.fan
buzz@sysadmin:~$ dig IN TXT desdelinux.fan

buzz @ sysadmin: ~ $ host proxyweb
proxyweb.desdelinux.fan has address 192.168.10.6

buzz @ sysadmin: ~ $ mai watsa shiri ftpserver
ftpserver.desdelinux.fan has address 192.168.10.8

buzz @ sysadmin: ~ $ host 192.168.10.9
9.10.168.192.in-addr.arpa domain name pointer mail.desdelinux.fan.

Da duk wani cheque da muke bukata.

Mun girka kuma mun saita DHCP

A kan Debian, ana ba da sabis na DHCP ta kunshin isc-dhcp-server:

tushen @ dns: ~ # bincike mai kyau isc-dhcp
i isc-dhcp-abokin ciniki - abokin ciniki na DHCP don samun adireshin IP ta atomatik p isc-dhcp-abokin ciniki-dbg - uwar garken ISC DHCP don aikin adireshin IP na atomatik (cire abokin ciniki) i isc-dhcp-gama gari - fayilolin gama gari waɗanda duk aka kunshin isc-dhcp p isc-dhcp-dbg - ISC DHCP sabar don aikin adireshin IP ta atomatik (alamar cirewa p isc-dhcp-dev - API don samun dama da gyaggyara uwar garken DHCP da jihar abokin ciniki p isc-dhcp-relay - ISC DHCP relay daemon p isc-dhcp-relay-dbg - ISC DHCP uwar garke don aikin adireshin IP na atomatik (relay debug) p isc-dhcp-uwar garken - ISC DHCP uwar garken aikin adireshin IP na atomatik p isc-dhcp-server-dbg - ISC DHCP sabar sanya adireshin IP ta atomatik (cire uwar garke) p isc-dhcp-server-ldap - sabar DHCP wacce ke amfani da LDAP azaman bayanta

tushen @ dns: ~ # ƙwarewar shigar da uwar garken isc-dhcp

Bayan shigarwa na kunshin, da -omnipresent- tsarin tsarin yayi korafin cewa ba zata iya fara aikin ba. A cikin Debian, dole ne mu fito fili mu bayyana a kan wacce hanyar sadarwar da za ta bayar da hayar adiresoshin IP da kuma amsa buƙatu, da isc-dhcp-server:

tushen @ dns: ~ # nano / sauransu / tsoho / isc-dhcp-uwar garke
.... # A waɗanne hanyoyin musaya ya kamata uwar garken DHCP (dhcpd) su biya buƙatun DHCP? # Raba maɓalloli da yawa tare da sarari, misali "eth0 eth1".
INTERFACES = "eth0"

Takaddun da aka girka

tushen @ dns: ~ # ls -l / usr / share / doc / isc-dhcp-server /
duka 44 -rw-r - r - tushen 1 tushen 1235 Dec 14 2014 haƙƙin mallaka -rw-r - r-- tushen 1 tushen 26031 Feb 13 2015 canji : Misalai 2 -rw-r - r-- 4096 tushen asalin 5 Dec 08 10 LABARAI.Debian.gz -rw-r - r-- tushen 1 592 Dec 14 2014 README.Debian

Maballin TSIG "mabuɗin dhcp"

An ba da shawarar ƙarni na maɓallin TSIG o Sa hannu na ma'amala - Transaction SIGyanayi, don tabbatar da kwaskwarimar DNS ta DHCP. Kamar yadda muka gani a labarin da ya gabata «DNS da DHCP akan CentOS 7«, Muna la'akari da cewa ƙarni na wannan maɓallin ba shi da mahimmanci, musamman ma idan an shigar da dukkan sabis ɗin a kan sabar ɗaya. Koyaya, muna ba da babbar hanyar don tsara ta atomatik:

root @ dns: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n MAI AMFANI da dhcp-key
Kdhcp-key. + 157 + 11088

tushen @ dns: ~ # cat Kdhcp-key. + 157 + 11088. keɓaɓɓu 
Tsarin maɓallin keɓaɓɓe: v1.3 Algorithm: 157 (HMAC_MD5) Maɓalli: TEqfcx2FUMYBQ1hA1ZGelA == Bits: AAA = An ƙirƙira: 20170205121618 Buga: 20170205121618 Kunna: 20170205121618

tushen @ dns: ~ # Nano dhcp.key
maballin dhcp-key {
        algorithm hmac-md5;
        sirrin "TEqfcx2FUMYBQ1hA1ZGelA ==";
};

tushen @ dns: ~ # kafa -o tushen -g daura -m 0640 dhcp.key /etc/bind/dhcp.key tushen @ dns: ~ # shigar -o tushen -g tushen -m 0640 dhcp.key / sauransu / dhcp /dhcp.key tushen @ dns: ~ # ls -l /etc/bind/*.key
-rw-r ----- tushen 1 tushen 78 Feb 5 08:21 /etc/bind/dhcp.key -rw-r ----- 1 daura 77 Feb 4 11:47 / sauransu / daura / rndc .kyau
tushen @ dns: ~ # ls -l /etc/dhcp/dhcp.key 
-rw-r ----- tushen 1 tushen 78 Feb 5 08:21 /etc/dhcp/dhcp.key

Ana ɗaukaka Yankunan BIND ta amfani da maɓallin dhcp

tushen @ dns: ~ # nano /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
include "/etc/bind/zones.rfcFreeBSD";
include "/etc/bind/dhcp.key";

// Declaración del nombre, tipo, ubicación, y permiso de actualización
// de las Zonas de Registros DNS
// Ambas Zonas son MAESTRAS
zone "desdelinux.fan" {
    type master;
    file "/var/lib/bind/db.desdelinux.fan";
 ba da izini-sabuntawa {key dhcp-key; };
}; yankin "10.168.192.in-addr.arpa" {type master; fayil "/var/lib/bind/db.10.168.192.in-addr.arpa";
 ba da izini-sabuntawa {key dhcp-key; };
};
tushen @ dns: ~ # mai suna-checkconf 
tushen @ dns: ~ #

Muna daidaita sabar isc-dhcp

tushen @ dns: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
tushen @ dns: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style interim;
ddns-updates on;
ddns-domainname "desdelinux.fan.";
ddns-rev-domainname "in-addr.arpa.";
ignore client-updates;

authoritative;

option ip-forwarding off;
option domain-name "desdelinux.fan";

include "/etc/dhcp/dhcp.key";

zone desdelinux.fan. {
        primary 127.0.0.1;
        key dhcp-key;
}
zone 10.168.192.in-addr.arpa. {
        primary 127.0.0.1;
        key dhcp-key;
}

shared-network redlocal {
        subnet 192.168.10.0 netmask 255.255.255.0 {
                option routers 192.168.10.1;
                option subnet-mask 255.255.255.0;
                option broadcast-address 192.168.10.255;
                option domain-name-servers 192.168.10.5;
                option netbios-name-servers 192.168.10.5;
                range 192.168.10.30 192.168.10.250;
        }
}
# FIN dhcpd.conf

Muna duba fayil dhcpd.conf

tushen @ dns: ~ # dhcpd -t
Kamfanin Intanet na Kamfanin Intanet DHCP Server 4.3.1 Hakkin mallaka 2004-2014 Consortium na Tsarin Intanet. Duk haƙƙoƙi. Don bayani, da fatan za a ziyarci https://www.isc.org/software/dhcp/ Sanya fayil: /etc/dhcp/dhcpd.conf Fayil Database: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

Mun sake kunna BIND kuma mun fara sabar isc-dhcp

tushen @ dns: ~ # systemctl sake farawa bind9.service 
tushen @ dns: ~ # systemctl status bind9.service 

tushen @ dns: ~ # systemctl farawa isc-dhcp-server.service
tushen @ dns: ~ # systemctl status isc-dhcp-server.service 
Isc-dhcp-server.service - LSB: Sabar DHCP An ɗora: ɗora Kwatancen (/etc/init.d/isc-dhcp-server) Mai aiki: yana aiki (yana gudana) tun Rana 2017-02-05 08:41:45 EST; 6s da suka gabata Tsarin aiki: 2039 ExecStop = / sauransu / init.d / isc-dhcp-uwar garken tasha (lambar = fita, hali = 0 / SUCCESS) Tsarin aiki: 2049 ExecStart = / etc / init.d / isc-dhcp-server farawa ( lambar = fita, matsayi = 0 / SUCCESS) CGroup: /system.slice/isc-dhcp-server.service └─2057 / usr / sbin / dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf / var / run / dhcpd.pid eth0 Feb 05 08:41:43 dns dhcpd [2056]: Ya rubuta 0 haya zuwa hayar fayil. Feb 05 08:41:43 dns dhcpd [2057]: Sabis na farawa da Sabis. Feb 05 08:41:45 dns isc-dhcp-server [2049]: An fara uwar garken ISC DHCP: dhcpd.

Duba tare da abokan ciniki

Mun fara abokin ciniki tare da tsarin aiki na Windows 7, da suna «LAGER».

buzz @ sysadmin: ~ $ host lager
LAGER.desdelinux.fan has address 192.168.10.30

buzz@sysadmin:~$ dig in txt lager.desdelinux.fan

Mun canza sunan wannan abokin harka zuwa "bakwai" kuma zamu sake farawa abokin ciniki

buzz @ sysadmin: ~ $ host lager
;; haɗin lokaci ya ƙare; babu sabar da aka samu

Buzz@sysadmin: ~ $ bako bakwai
bakwai.desdelinux.fan has address 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa domain name pointer seven.desdelinux.fan.

buzz@sysadmin:~$ dig in txt seven.desdelinux.fan

Mun sake sauya sunan kwastomomin Windows 7 zuwa "win7"

buzz @ sysadmin: ~ $ bako bakwai
;; haɗin lokaci ya ƙare; babu sabar da aka samu

buzz @ sysadmin: ~ $ mai masaukin baki win7
nasara 7.desdelinux.fan has address 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa domain name pointer win7.desdelinux.fan.

buzz@sysadmin:~$ dig in txt win7.desdelinux.fan
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> in txt win7.desdelinux.fan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11218
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;win7.desdelinux.fan.       IN  TXT

;; ANSWER SECTION:
win7.desdelinux.fan.    3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

;; AUTHORITY SECTION:
desdelinux.fan.     10800   IN  NS  dns.desdelinux.fan.

;; ADDITIONAL SECTION:
dns.desdelinux.fan. 10800   IN  A   192.168.10.5

;; Query time: 0 msec
;; SERVER: 192.168.10.5#53(192.168.10.5)
;; WHEN: Sun Feb 05 09:13:20 EST 2017
;; MSG SIZE  rcvd: 129

buzz@sysadmin:~$ dig desdelinux.fan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr
;; global options: +cmd
desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800
desdelinux.fan.     10800   IN  NS  dns.desdelinux.fan.
desdelinux.fan.     10800   IN  MX  10 mail.desdelinux.fan.
desdelinux.fan.     10800   IN  TXT "DesdeLinux, su Blog dedicado al Software Libre"
ad-dc.desdelinux.fan.   10800   IN  A   192.168.10.3
blog.desdelinux.fan.    10800   IN  A   192.168.10.7
dns.desdelinux.fan. 10800   IN  A   192.168.10.5
fileserver.desdelinux.fan. 10800 IN A   192.168.10.4
ftpserver.desdelinux.fan. 10800 IN  A   192.168.10.8
mail.desdelinux.fan.    10800   IN  A   192.168.10.9
proxyweb.desdelinux.fan. 10800  IN  A   192.168.10.6
sysadmin.desdelinux.fan. 10800  IN  A   192.168.10.1
nasara 7.desdelinux.fan. 3600 IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
nasara 7.desdelinux.fan. 3600    IN  A   192.168.10.30
desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800
;; Query time: 2 msec
;; SERVER: 192.168.10.5#53(192.168.10.5)
;; WHEN: Sun Feb 05 09:15:13 EST 2017
;; XFR size: 15 records (messages 1, bytes 453)

A cikin fitarwa da ke sama, mun haskaka akan m da TTL a cikin dakika- ga kwamfutoci masu adireshin IP waɗanda aka ba da sabis na DHCP, waɗanda ke da bayyananniyar sanarwa game da TTL 3600 da DHCP ta bayar. Kafaffen IPs suna jagorantar $ TTL na 3H -3 hours = 10800 seconds- an bayyana a cikin rikodin SOA na kowane fayil ɗin yanki.

Zasu iya bincika yankin baya a hanya guda.

[tushen @ dns ~] # tono 10.168.192.in-addr.arpa axfr

Sauran umarni masu ban sha'awa sune:

[root@dns ~]# named-journalprint /var/lib/bind/db.desdelinux.fan.jnl
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800
add LAGER.desdelinux.fan.   3600    IN  A   192.168.10.30
add LAGER.desdelinux.fan.   3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800
del LAGER.desdelinux.fan.   3600    IN  A   192.168.10.30
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800
del LAGER.desdelinux.fan.   3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800
add seven.desdelinux.fan.   3600    IN  A   192.168.10.30
add seven.desdelinux.fan.   3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800
del seven.desdelinux.fan.   3600    IN  A   192.168.10.30
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800
del seven.desdelinux.fan.   3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800
del desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800
add desdelinux.fan.     10800   IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800
add win7.desdelinux.fan.    3600    IN  A   192.168.10.30
add win7.desdelinux.fan.    3600    IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

[tushen @ dns ~] # mai suna-journalprint /var/lib/bind/db.10.168.192.in-addr.arpa.jnl
del 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
add 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800
add 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan.
del 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800
del 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan.
add 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800
del 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800
add 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800
add 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan.
del 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800
del 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan.
add 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800
del 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800
add 10.168.192.in-addr.arpa. 10800  IN  SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800
add 30.10.168.192.in-addr.arpa. 3600 IN PTR win7.desdelinux.fan.

[tushen @ dns ~] # journalctl -f

Gyara fayilolin hannu na fayilolin Zones

Bayan DHCP ya shiga wasan sabunta sabunta fayilolin shiyya na yanki, idan har muna buƙatar canza fayil ɗin yanki da hannu, dole ne mu aiwatar da wannan hanyar, amma ba kafin sanin ɗan ƙaramin aiki game da yankin ba. rdc -mutum rndc- don sarrafawa na mai suna.

  • rndc daskarewa [yanki [aji [duba]]], Dakatar da ingantaccen sabuntawar yankin. Idan ba a bayyana ɗaya ba, duk za a daskarewa. Umurnin yana ba da izinin sarrafa hannu na daskararren yanki ko na dukkan yankuna. Duk wani kwaskwarimar sabuntawa za a ƙi shi yayin daskarewa.
  • rndc ya narke [yanki [aji [duba]]], yana ba da damar sabunta abubuwa akan yankin daskararre na baya. Sabar DNS ta sake shigar da fayil ɗin yanki daga faifai, kuma ana sabunta sabuntawa bayan kammala sake kammalawa.

Kulawa za a ɗauka lokacin da muke gyara fayil ɗin yanki da hannu? Daidai yake da cewa idan muna ƙirƙirar shi, ba tare da mantawa da ƙara lambar serial ɗin ta 1 ko ba serial kafin adana fayil ɗin tare da canje-canje na ƙarshe.

Muna daskare yankuna

Kamar yadda za muyi canje-canje ga Yankunan Gaban da Karkatawa yayin da DNS da DHCP ke gudana, abu mafi koshin lafiya shine daskare Yankin DNS:

[tushen @ dns ~] # rndc daskarewa

Yanki desdelinux.fan ya ƙunshi bayanan masu zuwa:

[root@dns ~]# cat /var/lib/bind/db.desdelinux.fan
$ORIGIN .
$TTL 10800      ; 3 hours
desdelinux.fan          IN SOA  dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                8; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      dns.desdelinux.fan.
                        MX      10 mail.desdelinux.fan.
                        TXT     "DesdeLinux, su Blog dedicado al Software Libre"
$ORIGIN desdelinux.fan.
ad-dc                   A       192.168.10.3
blog                    A       192.168.10.7
dns                     A       192.168.10.5
fileserver              A       192.168.10.4
ftpserver               A       192.168.10.8
mail                    A       192.168.10.9
proxyweb                A       192.168.10.6
sysadmin                A       192.168.10.1
$TTL 3600       ; 1 hour
win7                    A       192.168.10.30
                        TXT     "31b7228ddd3a3b73be2fda9e09e601f3e9"

Bari mu ƙara sabar «bango»Tare da IP 192.168.10.10:

root@dns:~# nano /var/lib/bind/db.desdelinux.fan
$ORIGIN .
$TTL 10800  ; 3 hours
desdelinux.fan      IN SOA  dns.desdelinux.fan. root.dns.desdelinux.fan. (
                9; serial
                86400      ; refresh (1 day)
                3600       ; retry (1 hour)
                604800     ; expire (1 week)
                10800      ; minimum (3 hours)
                )
            NS  dns.desdelinux.fan.
            MX  10 mail.desdelinux.fan.
            TXT "DesdeLinux, su Blog dedicado al Software Libre"
$ORIGIN desdelinux.fan.
ad-dc           A   192.168.10.3
blog            A   192.168.10.7
dns         A   192.168.10.5
fileserver      A   192.168.10.4
ftpserver       A   192.168.10.8
mail            A   192.168.10.9
proxyweb        A   192.168.10.6
shorewall A 192.168.10.10
sysadmin A 192.168.10.1 $ TTL 3600; 1 hour win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

Yakamata mu sake gyara yankin baya:

tushen @ dns: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN .
$TTL 10800      ; 3 hours
10.168.192.in-addr.arpa IN SOA  dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                7; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      dns.desdelinux.fan.
$ORIGIN 10.168.192.in-addr.arpa.
1                       PTR     sysadmin.desdelinux.fan.
3                       PTR     ad-dc.desdelinux.fan.
$TTL 3600       ; 1 hour
30                      PTR     win7.desdelinux.fan.
$TTL 10800      ; 3 hours
4                       PTR     fileserver.desdelinux.fan.
5                       PTR     dns.desdelinux.fan.
6                       PTR     proxyweb.desdelinux.fan.
7                       PTR     blog.desdelinux.fan.
8                       PTR     ftpserver.desdelinux.fan.
9                       PTR     mail.desdelinux.fan.
10                      PTR     shorewall.desdelinux.fan.

Mun derost kuma muna cajin yankuna

[tushen @ dns ~] # rndc narke

tushen @ dns: ~ # journalctl -f
-- Logs begin at dom 2017-02-05 06:27:10 EST. --
feb 05 12:00:29 dns named[1996]: received control channel command 'thaw'
feb 05 12:00:29 dns named[1996]: thawing all zones: success
feb 05 12:00:29 dns named[1996]: zone 10.168.192.in-addr.arpa/IN: journal file is out of date: removing journal file
feb 05 12:00:29 dns named[1996]: zone 10.168.192.in-addr.arpa/IN: loaded serial 7
feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: journal file is out of date: removing journal file
feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: loaded serial 9

buzz @ sysadmin: ~ $ host shorewall
shorewall.desdelinux.fan has address 192.168.10.10

buzz @ sysadmin: ~ $ host 192.168.10.10
10.10.168.192.in-addr.arpa domain name pointer shorewall.desdelinux.fan.

buzz@sysadmin:~$ dig desdelinux.fan axfr

buzz @ sysadmin: ~ $ digo 10.168.192.in-addr.arpa axfr

tushen @ dns: ~ # journalctl -f
....
feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR started
feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR ended
feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr.arpa/IN': AXFR started
feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr.arpa/IN': AXFR ended

Tsaya

Ya zuwa yanzu muna da sabar Caché DNS a cikin aiki, wanda ke tallafawa Recursion, wanda ke da ikon sarrafa Yankin desdelinux.fan, kuma hakan yana bawa DHCP damar sabunta Yankin Gaba da Baya tare da sunayen kwamfutoci da IP wanda take bayarwa.

Wannan labarin da na baya biyu «DNS da DHCP a buɗeSUSE 13.2 'Harlequin'"da"DNS da DHCP akan CentOS 7»Suna kusan ɗaya. Za ku sami cikakkun bayanai game da DNS da DHCP, da abubuwan da ke cikin kowane rarraba a cikin kowane ɗayansu. Su ne Matsayin shigarwa ga batun, kuma tushe ne don abubuwan da suka fi rikitarwa.

Ba za mu yi jinkirin nacewa ba - a kan mahimmancin karanta takaddun fasaha waɗanda aka girka ta tsohuwa tare da kowane kunshin, KAFIN daidaita kowane bayani. Mun faɗi hakan ne daga kwarewarmu.

Isarwa na gaba

Mai yiwuwa ne "Microsoft® Active Directory + daure"


23 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   kadangare m

    Wani darasi ne wanda kuka tura abokin tarayya, ban san inda karfin iko dalla-dalla da tsari a cikin batutuwa masu rikitarwa kamar hakan ya fito ba.

    Babban taya murna na, girmamawa ga iya karanta ku

  2.   bafo m

    Dole ne in gaya muku cewa HOSTIA koyarwar da kuke bugawa, ina son su.
    Kullum ina jiran babi na gaba.
    Idan kin gama, zaki saka shi a pdf? Takaddun aiki ne wanda a ganina yana da daraja ƙwarai, ya cancanci a kiyaye shi sosai.
    Na gode sosai da babbar gaisuwa.
    Bafo.

  3.   federico m

    Bafo: Na gode sosai don kimantawa da tsokaci. Kyakkyawan sakamako ga lokaci, aiki, da ƙoƙari wanda na keɓewa ga kowane mai koyarwa shine sharhin. Kasance mai kyau ko mara kyau, amma alama ce ta cewa ba a kula da shi. Ina tsammanin yawancin masu karatu kawai zazzagewa da adanawa, ko sanya alama a ciki. Amma zan iya ɗauka kawai gwargwadon yawan ziyarar. Ya yi muni sosai cewa ba magana da yawa ne, kodayake na san cewa al'amuran da nake ma'amala da su asali ne ga Sysadmins. Gaisuwa gare ku ni ma zan jira ku a cikin labarai na na gaba.

  4.   federico m

    Lizard: Na gode don kimantawar gaskiya da koyaushe zan saka a zuciyata.

  5.   artus m

    Yaya daidaitawar zata kasance idan ina da hanyoyin sadarwa guda biyu a cikin batun ɗaura
    Godiya da taya murna akan kayan.

  6.   federico m

    Artus: Na gode da sharhinku da taya ku murna.
    Amsar tambayarku ta cancanci wani labarin daban game da amfani da Ra'ayoyi - views a daure.

    Idan kana da Yankin da aka Bada a ƙarƙashin alhakin ka, kuma kana so ka sami BIND guda ɗaya don halartar tambayoyin cikin gida daga LAN da tambayoyin waje daga Intanit - tare da BIND da ke da kariya ta Firewall ba shakka- ana ba da shawarar yin amfani da Ra'ayoyin .

    Duba, misali, yana ba ka damar gabatar da tsari don hanyar sadarwar ka ta SME da kuma ta Intanet. Lokacin da bamu tsara kowane Duba a bayyane ba, BIND a bayyane yake ƙirƙirar guda ɗaya wanda ke nuna duk kwamfutocin da suke tuntuɓar ta.

    Kamar yadda ake amfani da Ra'ayoyi Na dauke shi a matsayin babban ci gaba iya kuma rubuta labarin game da shi, kafin ko bayan bayanan da aka alkawarta wanda aka sanar a ƙarshen sa.

    Yanzu, idan kuna da hanyoyin sadarwa guda biyu da ke fuskantar hanyar sadarwar ku ta SME wanda aka samar da shi ta hanyar sadarwar masu zaman kansu guda biyu- saboda kowane dalili na zane, ma'aunin nauyi, yawan kayan aiki ko wasu, kuma kuna son gabatar da dukkanin yankuna ku ga hanyoyin sadarwar biyu, zaku iya warwarewa sanarwa:

    saurare-kan {
    127.0.0.1.
    IP-Masu zaman kansu-Interface1;
    IP-dubawa-Masu zaman kansu2;
    };

    Ta wannan hanyar, BIND yana saurarar buƙatun akan hanyoyin biyu.

    Idan duk kwamfutocinku suna kan hanyar sadarwa mai zaman kanta na Class C 192.168.10.0/255.255.240.0 - har zuwa runduna 4094- misali, zaku iya amfani da bayanin:

    saurara kan {127.0.0.1; 192.168.10.0/20; };

    Kuma zaka ci gaba da nuna hangen nesa guda daya ga dukkan kwamfutocin da ke hade da LAN dinka mai zaman kansa.

    Ina fatan gajeriyar amsa na taimaka muku. Gaisuwa da nasara.

    1.    artus m

      Godiya don amsa nan da nan. Kun ga ina kafa Debian Server tare da fasali na 9 (Strech), yana da DNS, dhcp da squid a matsayin wakili, don masu tace abubuwan da zan yi amfani dasu e2guardian.

      Kwamfuta tana da hanyoyin sadarwa guda biyu, wanda zai baiwa kwamfutoci dake kan LAN damar zuwa Intanet.
      na'ura mai ba da hanya tsakanin hanyoyin sadarwa: 192.168.1.1
      eth0: 192.168.1.55 (ta wannan hanyar yanar gizo za ta tafi Intanet)
      Eth1: 192.168.100.1 (LAN)

      Manufar ita ce, kwamfutocin na iya zuwa Intanet ta wannan hanyar wakilin, wanda kuma zai samar da ips da dns ga kwamfutocin da ke cikin hanyar sadarwar ta ciki.

      A wannan yanayin, bana buƙatar saba don halartar buƙatun dns ta hanyar amfani da ƙirar eth0 (ba na so in gabatar da yankuna na zuwa cibiyoyin sadarwar biyu, kawai ga LAN na); don haka idan na cire keɓaɓɓen-kera-IP1, shin hakan zai isa?

      Godiya sake da gaisuwa.

  7.   Eduardo Noel ne adam wata m

    Labari mai kyau abokina
    Kuna da BIND a cikin jijiyoyinku, koda kuwa kuna fada kuma kunyi tunani akasin haka 🙂
    Taya murna

  8.   federico m

    Artus: Cire faifan 192.168.1.55 daga bayanin sauraro kuma tafi. Ko kuma bayyana kawai sauraron-kan {127.0.0.1; 192.168.100.1; }; kuma hakane. Bindin zai saurara ne kawai akan waɗancan hanyoyin.

    1.    artus m

      Lafiya lau.

  9.   federico m

    Eduardo: abokina, har yanzu na fi son dnsmasq don "ƙananan" hanyoyin sadarwar, kuma dole ne mu ga yadda suke "girma". Kodayake na gane cewa BIND + isc-dhcp-uwar garken BIND + isc-dhcp ne. 😉

  10.   federico m

    Eduardo: Na manta ban fada maka cewa kwararre a daure ba kai ne, Jagora.

  11.   nisanta m

    Shekaru masu amfani da BIND kuma ina ci gaba da koyo tare da rubuce rubucen ku, na gode sosai Federico, da wannan jerin koyarwar aka kori sysadmin. Na dawo kuma na maimaita, ra'ayin kewaye da duk wannan ilimin a cikin tsarin aikin hukuma ba shi da kyau ko kaɗan, ba shi kan cewa wani abu mai kyau na iya fitowa. Gaisuwa.

  12.   federico m

    Aboki mai ƙaura: Ana karɓar ra'ayoyinku koyaushe. Yawo da komai yana da wahala kuma kusan ba zai yiwu ba, saboda sabon batun koyaushe yana zuwa. Ta surori, yana tafiya kuma yana yiwuwa. Dole a sake rubuta wasu labarin don samun daidaito a cikin daidaitawa. Ban yi alkawarin komai ba, amma za mu gani.

  13.   Ismael Alvarez Wong m

    hello federico, ga tsokacina:
    1) Abinda ka fifita a kan ... ... karanta kafin kaga BIND har ma da KAFIN bincika Intanet don abubuwan da suka shafi BIND da DNS ... »bincika su a kan kwamfutarmu da duk wannan« ... ba tare da barin gida ba ... »don amfani da kalmomin ka.
    2) A cikin wannan rubutun mun sami ƙarin ka'idar game da DNS wanda ya dace da wanda aka bayar a cikin rubutun biyu da suka gabata kuma ana yaba shi koyaushe; misali: DNSSEC (Sunan Tsarin Tsaro Tsaro na Tsaro) da abin da ake amfani da shi; haka nan kuma Tsarin Tsarin Tsarin BIND tare da Fayil dinsa na Tsayayyar tsaye, Fayilolin Yanki na Sabbin Akidar, da Yankunan Gaba da Baya na localhost a Debian.
    3) MAI GIRMA ƙarshen kar nakasa komawa (ta amfani da layin "recursion no;") sannan a saka a cikin fayil din sanyi /etc/bind/named.conf.local, fayilolin yankin / etc / bind / zones. Rfc1918 da / etc /bind/zones.rfcFreeBSD don hana kowace tambaya game da su barin hanyar sadarwa ta gida zuwa sabar tushen.
    4) Sabanin labarin da ya gabata game da CentOS 7, a cikin wannan sakon idan an samar da maɓallin TSIG "maɓallin" dhcp "don sabunta DNS mai ƙarfi daga DHCP; don ba da damarta a cikin fayil din /etc/bind/named.conf.local, hada da "sabunta-sabunta {key dhcp-key; }, » a cikin daidaitawar yankuna kai tsaye da na baya na yankin mu.
    5) Babban dalla-dalla (daidai yake da wanda ya gabata a CentOS 7) na duk abin da ya shafi binciken aikin DNS, DHCP da abokan ciniki.
    6) GIRMAN tip na amfani da umarnin "girka" (idan ka rubuta shi, bana nufin zabin sunan da ake amfani da shi a wasu dokokin), ban sani ba, don gaskiya ne " 3 a cikin 1 "saboda ƙungiyoyi suna kwafin (cp), kafa masu su (yankakke) da izini (chmod).
    . A ƙarshe, amsarku ga Artus game da amfani da Ra'ayoyi a BIND yana da kyau ƙwarai, ɗaya don LAN (cibiyar sadarwar masu zaman kansu) ɗayan kuma don Intanet don kawai a nemi shawarwarin jama'a. Da fatan daga baya kuna da lokaci don shirya post tunda yana da amfani sosai game da aikace-aikacen sysadmin da yawa.
    Babu wani abu da Federico da na ci gaba da kasancewa mai farinciki game da jerin PYMES kuma ina ɗokin zuwa rubutu na gaba "Microsoft Active Directory + BIND"

  14.   federico m

    Wong: Abokin aiki da aboki, bayananku sun dace da labarin na kuma sun nuna cewa za'a iya fahimtarsu. Umurnin "girka" yana da ƙarin zaɓuɓɓuka da yawa. Tambaya mutum girka. Godiya dubu ga sharhi !!!

  15.   maryama88 m

    Ban karanta maganganun ba tukuna, zan yi haka bayan bayyana mizanai.
    Kun yi kuma kun sami nasarori da yawa, kun ba mu haske amma ba wanda ake gani a ƙarshen 'ƙarshen ramin ba' lokacin da babu sauran + fata kamar yadda muka saba fadi; ba wai ba don komai ba, kun ba da cikakkiyar haske don ku iya cewa "A ƙarshe mun gane cewa wasan yara ne, tare da ra'ayoyi da yawa da kuma maganganun fussy" kamar yadda kuka bayyana a cikin gidan.
    POST TRUNK kuma tare da waɗanda suka gabata don wasu shahararrun mashahuri. Kun bi ka'idodin fadace-fadace da ka'idoji waɗanda a lokuta da yawa sukan cutar da mu. Na karanta dalla-dalla, cikin natsuwa kuma ba zai yuwu inyi sharhi ba kuma in ji cikakkiyar godiya ga irin wannan kwazo da kwazo.
    Ba tare da bata lokaci ba, duk muna yi muku fatan lafiya kuma ku ci gaba da bayar da gudummawa; Muna godiya gare ku kuma muna iya samun sa'a, tattalin arziki, kiwon lafiya (muna muku fatan ninki biyu) kuma soyayya za ta kasance tare da ku (tare da Sandra don haka ƙari, hahaha).
    Na san cewa sharhi ya wuce abin da post ɗin ya ƙunsa, ya shafi na sirri ne saboda mu abokai ne kuma ina jin daɗin isar da saƙonku. Babu wanda ke yin abin da kuke yi wa waɗanda muke son ƙarin sani kuma muna da alhakin kula da hanyoyin sadarwar SME a kafaɗunmu, ba aiki mai sauƙi ba.
    Sl2 kowa da kowa.

  16.   federico m

    crespo88: Na gode sosai don kimantawar ku game da wannan da sauran abubuwan da aka buga. Wasu masu karatu na iya tunanin cewa na ba da komai na, lokacin da ba gaskiya bane. Kullum nakan koma zuwa wurin Shigarwa, koda kuwa misalai suna aiki sosai. BIND Masana'antar Lantarki ce kuma DHCP ba ta da nisa. Don sanin su sama da matsakaita, dole ne ku sami digiri na uku a Jami'ar Helsinki, 😉

  17.   Miguel Guaramato mai sanya hoto m

    Na ga wannan batun yana da mahimmanci kuma yana da mahimmanci. Ina sha'awar wannan binciken game da abin da ya shafi gudanar da ayyukan sadarwar Linux da kuma musamman sabobin: dns, tsayayye da tsayayyar tsarin dhcp da hanyoyin sadarwar kama-da-wane, bin9, samba, sabobin buga, ldap, kulawar cibiyar sadarwa tare da aikace-aikace, hawa na rumbunan adana bayanai don aikace-aikacen masu shirye-shirye. da vlan, da dai sauransu. Abin da ya sa ke da mahimmanci kuma waɗannan nasihun suna da kyau sosai kuma suna da ayyuka da misalai.

  18.   federico m

    Sannu miguel !!!
    Na gode da yin tsokaci kuma ina fata jerin za su taimaka muku a cikin abin da kuke sha'awa. Gaisuwa.

  19.   Jorge m

    Na gode sosai da labarin Federico, za ku iya gaya muku kun san game da debian. Rungumewa.

  20.   federico m

    Na gode sosai Jorge, don tsokacinka. Da fatan labarina zasu taimaka muku.

  21.   Zauren Pablo Raul Vargas m

    Na gode sosai saboda sakon da aka tsara sosai kuma yana ƙarfafa mu mu sake karantawa, karantawa da karantawa. Yanzu tare da rubutu mai zuwa da zaku buga, Ina so kuyi la'akari da mahimmancin haɗin kan da zai samu:
    Microsoft Littafin Aiki tare da Samba4 azaman Littafin Adireshin

    Bayan haka, Ina so in yi shawarwari da masu zuwa:
    Ta yaya aiwatar da Bind + Isc-dhcp zai kasance a cikin FW a cikin dmz inda mai kula da yankin zai kasance a cikin dmz tare da samba 4 AD