Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa
Barka dai abokai !. Don fahimta da bi daidai wannan labarin shine da muhimmanci karanta magabata:
Suna bayanin ka'idoji da dabaru masu amfani waɗanda ba za mu ambata a cikin wannan ba. Za mu canza rarraba a cikin shekara ta yanzu zuwa Debian 8.6 "Jessie" kuma za mu ci gaba da irin abubuwan da muke amfani da su a ciki INulla da Aiki Littafin Adireshi®.
- Hanyar da aka bayyana a cikin wannan post ɗin tana aiki don CentOS 7. Fayil ɗin sanyi / sauransu / dnsmasq iri ɗaya ne. Ina bayyana shi ne saboda ina ganin bashi da mahimmanci don yin kasida daban na Dnsmasq da Littafin AikiDangane da CentOS. Abin farin ciki, kundin adireshi masu alaƙa da rubuce-rubuce da daidaitawa iri ɗaya ne. '????
- Dnsmaq halitta ne na Simon Kelley
Iyaka kan amfani da Dnsmasq
Saboda mahimmancin sa muke maimaitawa IYAKA da ke tallafawa Dnsmasq -run mutum dnsmasq- wanda ya nuna daidai na gaba:
IYAKA
- Valuesididdigar tsoho don ƙayyadaddun albarkatu gabaɗaya masu ra'ayin mazan jiya ne, kuma sun dace don amfani a kan na'urori irin na na'ura mai ba da hanya tsakanin hanyoyin sadarwa. makale tare da jinkirin sarrafawa da ƙananan ƙwaƙwalwa. A cikin kayan aiki iya, yana yiwuwa a ƙara iyaka, kuma a tallafawa da yawa abokan ciniki. Mai zuwa ya shafi dnsmasq-2.37: samfuran da suka gabata basa yi sun hau sosai.
- Dnsmasq yana iya tallafawa DNS da DHCP aƙalla dubu ɗaya (1,000) abokan ciniki. Kada lokutan haya su zama da gajarta sosai (ƙasa da ɗaya lokaci). Ofimar –dns-forward-max na iya ƙaruwa: fara da kwatankwacin adadin kwastomomi da haɓaka shi idan DNS. Lura cewa aikin DNS ya dogara da sabobin DNS mai nisa. Za'a iya ƙara girman ma'ajin DNS: iyaka Ana buƙatar sunaye 10,000 kuma tsoho (150) yayi ƙasa ƙwarai. Aika SIGUSR1 zuwa dnsmasq yana sanya bitacore bayanai wanda yake mai amfani don daidaita girman ma'ajin cache. Duba sashin LURA don cikakkun bayanai.
- A ciki uwar garken TFTP yana da ikon tallafawa sauye-sauye da yawa fayilolin lokaci guda: cikakken iyaka yana da alaƙa da adadin abubuwan sarrafawar fayil da aka yarda da tsari da damar sys‐tem call zaɓi () don tallafawa adadi mai yawa na abubuwan sarrafa fayil. Idan an saita iyaka sosai tare da -tftp-max za a sake taƙaitawa kuma za a rufe ainihin iyakar lokacin farawa. Lura cewa ƙarin canje-canje zai yiwu yayin aika fayil iri ɗaya menene lokacin kowane juyiferencia ta aika da fayil daban. Zai yiwu a yi amfani da dnsmasq don musanta tallan Gidan yanar gizo ta amfani da jerin sanannun sabobin banner, duk suna warware zuwa 127.0.0.1 ko 0.0.0.0 a cikin / sauransu / runduna ko a cikin ƙarin runduna fayil. Jerin na iya yi tsayi sosai. An gwada Dnsmasq cikin nasara da sunaye miliyan. Wannan girman fayil ɗin yana buƙatar CPU 1GHz da kimanin60MB RAM.
- Dnsmasq yana iya tallafawa DNS da DHCP aƙalla dubu ɗaya (1,000) abokan ciniki.
Bari mu girka kuma mu saita Jessie da Dnsmasq
Za mu fara daga sabon saiti mai tsabta na sabar bisa Debian 8 "Jessie". Wannan shine, tsarin aiki ba tare da wani zane mai zane ba ko wani kunshin da aka sanya. Sigogin cibiyar sadarwar zasu kasance daidai da waɗanda aka yi amfani dasu a cikin labarin INulla da Aiki Littafin Adireshi®:
Sunan yanki mordor.fan Hanyar Sadarwar LAN 10.10.10.0/24 ========================================== == ======================================== Sabbin Manufar IP Adireshin (Sabisai masu OS OS) ============================================== = = ============================ sauron.mordor.fan. 10.10.10.3 Adireshin aiki® 2008 SR2 mamba.mordor.fan. 10.10.10.4 Server na Fayil na Windows dns.mordor.fan 10.10.10.5 DnsMasq Server akan Jessie shukura.mordor.fan. 10.10.10.6 Wakili, ƙofa da bangon waya akan Kerios troll.mordor.fan. 10.10.10.7 Blog dangane da ... ba zai iya tuna shadowftp.mordor.fan ba. 10.10.10.8 FTP uwar garken blackelf.mordor.fan. 10.10.10.9 Cikakken sabis na imel blackspider.mordor.fan. 10.10.10.10 WWW sabis palantir.mordor.fan. 10.10.10.11 Tattaunawa akan Openfire don Windows Real CNAME ================================= sauron ad-dc mamba fileserver darklord proxyweb troll blog shadowftp ftpserver kai da kanka mail blackspider www palantir openfire
Saitunan sabar dns.mordor.fan na farko
tushen @ dns: ~ # Nano / sauransu / sunan mai masauki dns tushen @ dns: ~ # Nano / sauransu / runduna 127.0.0.1 localhost 10.10.10.5 dns.mordor.fan dns # Lines masu zuwa suna da kyau ga masu karɓar bakuncin IPv6 :: 1 localhost ip6-localhost ip6-loopback ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouter tushen @ dns: ~ # Nano / sauransu / cibiyar sadarwa / musaya # Wannan fayil din yana bayanin hanyoyin sadarwar da ake samu akan tsarin # da yadda ake kunna su. Don ƙarin bayani, duba musaya (5). source /etc/network/interfaces.d/* # Hanyar sadarwar hanyar sadarwa ta lopback auto lo iface lo inet loopback # Babban hanyar sadarwar yanar gizo damar-hotplug eth0 iface eth0 inet a tsaye adireshin 10.10.10.5 netmask 255.255.255.0 network 10.10.10.0 watsa 10.10.10.255. 10.10.10.1 ƙofa 127.0.0.1 # dns- * ana aiwatar da zaɓuɓɓuka ta hanyar kunshin warwarewa, idan an shigar dns-nameservers XNUMX dns-search mordor.fan
Bari mu shigar da Dnsmasq da htop
tushen @ dns: ~ # ƙwarewa shigar dnsmasq htop
Bayan shigar da kunshin htop zamu iya bincika CPU da ƙwaƙwalwar ajiyar kayan aiki. Yana cin kusan megabytes 71 na RAM. Idan muna son rage cin abinci sosai, zamu iya shigar da kunshin Farashin SSMTP -sami MTA- wanda hakan yana tsarkake kunshin exim4 cewa Debian koyaushe tana girkawa ta tsoho kuma lallai ba ma buƙata gwargwadon amfani da za mu ba wannan sabar:
tushen @ dns: ~ # ƙwarewa shigar ssmtp tushen @ dns: ~ # ƙwarewar tsarkakewa ~ c tushen @ dns: ~ # ƙwarewa mai tsabta tushen @ dns: ~ # ƙwarewar autocle root @ dns: ~ # systemctl sake yi
Bayan sake kunna kwamfutar, amfani kamar haka: 
Asa, daidai? Bari mu ci gaba.
Bari mu nuna cewa Dnsmasq kuma yayi laakari da Microsft® DNS
Don gwada yiwuwar daidaitawar Dnsmasq akan kwamfutarka dns.mordor.fan, dole ne mu hada da sanarwa da ke nuna cewa ana neman Microsoft DNS na saba sauron.mordor.fan. Zamu iya yin hakan gami da umarnin saba = / mordor.fan / 10.10.10.3 a cikin kayan tarihi dnsmasq.conf -kamar yadda zamu gani a gaba- ko kara layi nameserver 10.10.10.3 a cikin kayan tarihi /etc/resolv.conf. Tunda har yanzu bamu tsara Dnsmasq ba bisa bukatunmu, zamu zabi hanya ta biyu:
tushen @ dns: ~ # nano /etc/resolv.conf
yankin mordor.fan
nameserver 127.0.0.1
nameserver 10.10.10.3
Yanzu zamu iya warware tambayoyin DNS
Tare da daidaitaccen tsari na Dnsmasq wanda aka bayar ta babban fayil /etc/dnasmq.conf, kuma tare da abin da aka ayyana a cikin fayil ɗin /etc/resolv.conf daga saba kanta «dns«, Duk wani abokin ciniki da aka haɗa da LAN -da kuma wanda ya bayyana a matsayin uwar garken DNS dns.mordor.fan- zaka iya warware tambayoyin DNS a kan kuɗin Microsoft® DNS a yanzu…
- Yana da matukar mahimmanci a duba saurin martani na Dnsmasq yayin nuna matsayin ta Mai gabatarwa ta hanyar hada IP 10.10.10.3 a cikin fayil din ku /etc/resolv.conf.
Daga wurin aikin gudanarwa da tallafi na duk kayan aikin da nake rubutu, nake gudu:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Ratedirƙira ta hanyar NetworkManager yankin mordor.fan sunayen mai amfani 10.10.10.5 buzz @ sysadmin: ~ $ nslookup > dns Adireshin: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Suna: dns.mordor.fan Adireshin: 10.10.10.5 > taliyar ruwa Adireshin: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Amsar mara izini: Sunan: sauron.mordor.fan Adireshin: 10.10.10.3 > 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan Sabis: 10.10.10.5 Adireshin: 10.10.10.5 # 53 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan sunan canonical = sauron.mordor.fan. Sunan: sauron.mordor.fan Adireshin: 10.10.10.3 > 10.10.10.3 Adireshin: 127.0.0.1 Adireshin: 127.0.0.1 # 53 3.10.10.10.in-addr.arpa suna = sauron.mordor.fan. > 10.10.10.9 Adireshin: 127.0.0.1 Adireshin: 127.0.0.1 # 53 9.10.10.10.in-addr.arpa suna = blackelf.mordor.fan. > 10.10.10.5 Adireshin: 127.0.0.1 Adireshin: 127.0.0.1 # 53 5.10.10.10.in-addr.arpa suna = dns.mordor.fan. > wasiku Adireshin: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Amsar mara izini: mail.mordor.fan sunan canonical = blackelf.mordor.fan. Sunan: blackelf.mordor.fan Adireshin: 10.10.10.9> mafita buzz @ sysadmin: ~ $
Bari muyi la'akari da kyau a bangarorin masu zuwa:
- dns.mordor.fan kai tsaye yana amsa tambayoyin DNS wanda zai iya warwarewa bisa ga saitunan Dnsmasq na yanzu. Idan ba za ku iya warware su ba, yana aiki kamar Mai gabatarwa kuma yana tambayar IP 10.10.10.3 idan zata iya amsa tambayar. Lokacin da aka nemi IP na kayan aiki «dns«, Yana amsa kai tsaye. Lokacin da aka tambayi Dnsmasq wanene shi «taliyar ruwa",?, yi aikawa Ga 10.10.10.3 -Ba zaku iya amsa kai tsaye ba saboda baku yi rijistar shi ba- wanda ya dawo da Amsa mara gaskiya.
- Lokacin da aka tambaye shi wanene «03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan"?, yi aikawa kuma a wannan lokacin kun karɓi Martani mai izini daga Microsoft® DNS.
- Babban saurin amsawa na Dnsmasq ga kowane nau'in tambaya.
Smallananan bayanai ne waɗanda ke sa soyayya girma ;-).
Bambancin asali tsakanin Dnsmasq da BIND hadedde tare da Active Directory®
Bari muyi wasu tambayoyin DNS akan rikodin Soa y NS na yankin mordor.fan, ga kowane daga cikin sunayen masu suna:
buzz @ sysadmin: ~ $ host -t SOA mordor.fan 10.10.10.3 Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: mordor.fan yana da SOA rikodin sauron.mordor.fan. masaukin bakin.mordor.fan. 56 900 600 86400 3600 XNUMX buzz @ sysadmin: ~ $ host -t SOA mordor.fan 10.10.10.5 Ta amfani da uwar garken yankin: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: mordor.fan yana da SOA rikodin sauron.mordor.fan. masaukin bakin.mordor.fan. 56 900 600 86400 3600 XNUMX buzz @ sysadmin: ~ $ host -t NS mordor.fan 10.10.10.5 Ta amfani da uwar garken yankin: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: mordor.fan sunan sabar.mordor.fan. buzz @ sysadmin: ~ $ host -t NS mordor.fan 10.10.10.3 Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: mordor.fan sunan sabar.mordor.fan.
Amsoshin iri ɗaya ne - wanda ma'ana ce - saboda koyaushe amsa baya sauron.mordor.fan. kafin tambayar DNS game da bayanai Soa o NS, ko da yake yi kama me yake amsawa dns.mordor.fan. Duk da haka ya bambanta da abin da aka gani a cikin labarin INulla da Aiki Littafin AdireshiInda muka cire aikin Microsoft® DNS gaba daya. A waccan labarin DUK tambayoyin DNS game da Sunan Sunaye na Domino mordor.fan Bind din ya basu amsa, saboda mun saita hakan ta hanya, kuma saboda BIND din yana amsa tambayoyin Soa y NS ban da kyale makircin Jagora - Bawa, Canja wurin Yankuna, da sauransu, sabili da haka yana da cikakkiyar uwar garken DNS - hadaddun.
Wataƙila waɗannan sune manyan bambance-bambance tsakanin DNS na Dnsmasq da BIND ... amma A DAURA - koyaushe za a iya samun guda ɗaya ko fiye - ba shi da sabar DHCP da ke haɗawa ba tare da sabar DNS ba a guda ɗaya daemon, kuma ba tare da buƙatar mabuɗan TSIG ba, fayilolin daidaitawa, Bayanai na Yankin, da dai sauransu, kamar yadda muka gani a cikin labaran da suka gabata.
- Ina tsammanin zuwa yanzu, Deara Dearan Masu Karatu zasu iya fahimtar cewa bana ƙiyayya da BIND ko kuma na fi son Dnsmasq akan BIND. Tattaunawar gaba game da ita ɓata lokaci ne gaba ɗaya, saboda yana da alaƙa da buƙatu, buƙatu, dandano, abubuwan da ake so da .... kowane bayani yana da kwarjini ;-)
- A cikin irin wannan yanayin, bari kowa ya girka kuma ya saita software ɗin da yake so da wanda suka sani game dashi kuma cewa komai yana aiki kamar yadda ake tsammani.
Fa'idodi na hade Dnsmasq + Active Directory®
Tare da wannan haɗin muna da cikakken kewayon martani ga tambayoyin DNS da ingantacciyar hanyar ba da hayar adiresoshin IP don SME LAN ɗinmu. Kamar yadda za mu gani a gaba, yana aiki daidai don kowane yanayi game da ko an haɗa kwamfutar zuwa Microsoft® Active Directory® Domain Controller. Bugu da kari, muna da DNS da kuma uwar garken DNS Mai gabatarwa daidai, tare da sabar DHCP mai sauri. Kuma duk tare da karancin bukatar albarkatu. Shin kuna son ƙari?
Shin zai yiwu Dnsmasq + BIND?
Tabbas haka ne. Kodayake ina ba da shawarar a sanya su a kan kwamfutoci daban-daban don kada a sami haɗuwa saboda ƙaunataccen tashar 53 na sabis ɗin DNS. Wataƙila za mu ga wani abu game da shi idan muka je Samba 4-AD-DC.Wa ya sani?
Nasihu game da Dnamasq
- Fayel ɗin aiki masu mahimmanci don Dnsmasq don samar da sabis na DHCP da DNS akan LAN sune: / da sauransu / dnsmasq.conf, / sauransu / runduna, /var/lib/misc/dnsmasq.leasesda kuma /etc/resolv.conf. Fayil din dnsmasq.lafiya an ƙirƙira shi lokacin da kuka yi hayar adireshin IP ɗinku na farko.
- Wani fayil ɗin aiki da zaku iya amfani dashi shine / sauransu / sauransu. Idan akwai irin wannan fayil ɗin, umarnin karanta-ethers bayyana a cikin fayil ɗin saiti, ya gaya wa Dnsmasq ya karanta shi. Yana da matukar amfani idan muka danganta MAC adiresoshin / rundunar sunayen saboda wasu dalilai.
- Za'a iya kashe sabis na DNS kwata-kwata ta amfani da umarnin tashar jiragen ruwa = 0 a cikin dnsmasq.conf.
- Za'a iya kashe sabis na DHCP don musayar hanyoyin sadarwa ɗaya ko sama ta hanyar umarni - ɗayan kowane layi - no-dhcp-interface = eth0, babu-dhcp-dubawa = eth1, da sauransu. Yana da matukar amfani yayin da muke gaban ƙungiya tare da hanyoyin sadarwa 2 -ko ƙari kuma muna son a samar da sabis na DHCP ta ɗayansu ko kuma babu ɗayansu. Tabbas, idan muka katse sabis ɗin DHCP don duk musaya, zamu bar sabis ɗin DNS kawai yana gudana. Idan muka katse ayyukan biyu, to me yasa muke buƙatar Dnsmasq? 😉
- Don bayyana wa wasu DNS Domain Servers cewa babu na jama'a ne ko na waje ga LAN - kamar yadda ya kasance game da Microsoft DNS- muna yin sa ta cikin umarnin uwar garke = / sunan yanki / DNS uwar garken IP a cikin kayan tarihi / da sauransu / dnsmasq.conf. Misali: saba = / mordor.fan / 10.10.10.3.
- Don gayawa Dnsmasq cewa ana amsa tambayoyin game da yankuna na gida kawai daga fayil ɗin / sauransu / runduna ko ta hanyar DHCP ɗinka, dole ne mu ƙara umarnin na gida = / localnet / a cikin babban fayil ɗin saitin ku. Misali: na gida = / mordor.fan /.
- Don daidaita fayil ɗin yadda yakamata /etc/resolv.conf - warware muna ba da shawarar karanta littafinsa ta amfani da umarnin mutum resolv.conf. Idan ka girka Debian 8.6 "Jessie" zaka sami cewa an rubuta shi da kyau cikin Sifaniyanci.
- Dnsmasq baya amfani da fayilolin Zones don amsa tambayoyin kai tsaye ko juyawa.
- Don sanin ma'anar kowane filin «musamman»Ana amfani da wannan a cikin sanarwar SRV Resource Record, ya kamata ka shawarta INulla da Aiki Littafin Adireshi®. Bayanin rubutun SRV a cikin fayil ɗin / da sauransu / dnsmasq.conf Yana da kamar haka:
srv-mai gida = , , , ,
Masu karatu masu son sani, da fatan za ku karanta ainihin fayil ɗin a hankali / da sauransu / dnsmasq.conf ko takaddun data kasance a cikin kundin adireshin / usr / share / doc / dnsmasq-tushe.
tushen @ dns: ~ # ls -l / usr / share / doc / dnsmasq-base / jimlar 128 -rw-r - r - 1 tushen tushen 883 Mayu 5 2015 haƙƙin mallaka -rw-r - r - tushen 1 tushen 36261 5 Mayu 2015 1 changelog.archive.gz -rw-r - r-- 11297 tushen tushen 5 Mayu 2015 1 changelog.Debian.gz -rw-r - r-- 26014 tushen tushen 5 Mayu 2015 1 changelog.gz -rw-r - r-- 2084 tushen tushen 5 May 2015 1 DBus-interface. Gz -rw- r - r-- 4297 tushen tushen 5 Mayu 2015 2 doc.html drwxr-xr-x 4096 tushen tushen 19 Feb 17 52:1 misalai -rw-r - r- tushen 9721 tushen 5 Mayu 2015 1 FAQ.gz -rw -r - r- tushen 4180 tushen 5 Mayu 2015 1 README.Debian -rw-r - r- tushen 12019 tushen 5 Mayu 2015 XNUMX setup.html
Bari mu daidaita Dnsmasq da Resolver
Za mu ɗauka azaman jagora na farko - canza sunaye da sauransu, ba shakka - fayil ɗin sanyi da aka yi amfani da shi a cikin labarin «Dnsmasq akan CentOS 7.3".
Kada mu manta da mataki na gaba:
[tushen @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original
Kafaffen adiresoshin IP
Adireshin sabobin ko kwamfutocin da ke buƙatar tsayayyen IP -both IPv4 kamar yadda IPv6- an bayyana a cikin fayil ɗin / sauransu / runduna:
[tushen @ dns ~] # Nano / sauransu / masu masaukai 127.0.0.1 localhost # Lines masu zuwa suna da kyau ga masu karɓar bakuncin IPv6 :: 1 localhost ip6-localhost ip6-loopback ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouter # Servers da kwamfutoci tare da tsayayyen IPs. 10.10.10.1 sysadmin.mordor.fan 10.10.10.3 sauron.mordor.fan 10.10.10.4 mamba.mordor.fan 10.10.10.5 dns.mordor.fan 10.10.10.6 darklord.mordor.fan 10.10.10.7 troll.mordor.fan 10.10.10.8. 10.10.10.9 shadowftp.mordor.fan 10.10.10.10 blackelf.mordor.fan 10.10.10.11 blackspider.mordor.fan XNUMX palantir.mordor.fan
Bari mu ƙirƙiri fayil /etc/dnsmasq.conf
[tushen @ dns ~] # nano /etc/dnsmasq.conf
# --------------------------------------------------------- ------------------ # ZABEN GABA DAYA # ---------------------------- - ------------------------------------ da ake buƙatar yankin # Kada a wuce sunaye ba tare da yankin ba sashi na bogi-priv # Kada a wuce adiresoshin a cikin fadada-rundunonin sararin samaniya # Ta atomatik ƙara yanki don karɓar mai amfani = eth0 # Interface. HATTARA DA GASKIYA # face-interface = eth1 # KADA KA saurari wannan NIC tsauraran umarni # Umurnin da kake tuntuɓar fayil din /etc/resolv.conf # ludara zaɓuɓɓukan daidaitawa da yawa da yawa # ta hanyar fayil ko ta hanyar gano sanyi # additionalarin fayiloli a cikin kundin adireshi # conf-file = / etc / dnsmasq.more.conf conf-dir = / etc / dnsmasq.d # Dangane da yankin Sunan yanki = mordor.fan # Sunan yanki # Asalin Lokaci shine 10.10.10.1. 10.10.10.1 Adireshin = / time.windows.com / XNUMX # Aika wani zaɓi mara kyau na ƙimar WPAD. Da ake bukata don # Windos 7 kuma daga baya kwastomomi suyi halin kirki. ;-) dhcp-option = 252, "\ n" # Fayil inda zamu bayyana HOSTS din da za'a "dakatar dasu" addn-host = / etc / banner_add_hosts # Tuntubi Microsoft® DNS server "sauron" idan muka # barshi run server = / mordor.fan / 10.10.10.3 # Za a amsa tambayoyi game da yankuna na gida # daga / sauransu / runduna ko ta hanyar DHCP = / mordor.fan / # Tambayoyi game da PTR ko Reverse records za a amsa # ta hanyar sabobin " dns "da" sauron "a cikin wannan umarnin sabar = / 10.10.10.in-addr.arpa / 10.10.10.5 uwar garke = / 10.10.10.in-addr.arpa / 10.10.10.3 # ------- - ------------------------------------------------------------- --------- # REGISTROSCNAMEMXTXT # ------------------------------------ - - ----------------------------- # Irin wannan rajistar tana bukatar shigarwa # a cikin / sauransu / rundunoni # fayil misali: 10.10.0.7. 10 troll.mordor.fan troll # cname = ALIAS, REAL_NAME cname = ad-dc.mordor.fan, sauron.mordor.fan cname = fileserver.mordor.fan, mamba.mordor.fan cname = proxyweb.mordor.fan, darklord .mordor.fan cname = blog.mordor .fan, troll.mordor.fan cname = ftpserver.mordor.fan, shadowftp.mordor.fan cname = mail.mordor.fan, blackelf.mordor.fan cname = www.mordor.fan, blackspider.mordor.fan cname = opendire .mordor.fan, palantir.mordor.fan # MX RECORDS # Ya dawo da rikodin MX tare da sunan "mordor.fan" wanda aka ƙaddara # ga ƙungiyar blackelf.mordor.fan da fifikon 10 mx-host = mordor.fan, mail. mordor.fan, XNUMX # Matsayin da aka nufa na bayanan MX da aka kirkira # ta amfani da zabin yankin zai kasance: mx-target = mail.mordor.fan # Ya dawo da rikodin MX wanda yake nuni zuwa mx-target na DUK # injunan gida na cikin gida # Sakon rubutu.
dhcp-haya-max = 222 # Matsakaicin adadin adiresoshin haya
# ta tsohuwa shine 150
# IPV6 Range # dhcp-range = 1234 ::, ra-only # Zaɓuɓɓuka don RANJI # ZABE dhcp-zaɓi = 1,255.255.255.0 # NETMASK dhcp-option = 3,10.10.10.253 # ROUTER GATEWAY dhcp-option = 6,10.10.10.5. 15 # DNS Servers dhcp-option = 19,1, mordor.fan # DNS Sunan yankin dhcp-zaɓi = 28,10.10.10.255 # zaɓi ip-turawa ON dhcp-zaɓi = 42,10.10.10.1 # BROADCAST dhcp-zaɓi = 40. 41,10.10.10.3 # NTP # dhcp-option = 44,10.10.10.3, MORDOR # NIS Sunan yanki # dhcp-option = 45,10.10.10.3 # NIS Server # dhcp-option = 73,10.10.10.3 # WINS # dhcp-option = 46,8 # Bayanan NetBIOS # dhcp-zaɓi = XNUMX # Server Finger # dhcp-option = XNUMX # NetBIOS kumburi dhcp-izini # DHCP mai iko a cikin subnet # ------------- - ------------------------------------------------------------- --- # -------------------------------------------- - - - --------------------- # LOGGING wutsiya -f / var / log / syslog ko journalctl -f # ------------ - ------------------------------------------------------------- ---- log-queries # ------------------------------------------ - - ------------------------ # Re A da SRV sun yi daidai da Littafin Aiki # ---------------------------------------- --------------------------
# Rikodi A
adireshin = / gc._msdcs.mordor.fan / 10.10.10.3 adireshin = / DomainDnsZones.mordor.fan / 10.10.10.3 adireshin = / ForestDnsZones.mordor.fan / 10.10.10.3
# Microsoft DNS Zone CNAME yayi rikodin _msdcs.mordor.fan
cname=03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan,sauron.mordor.fan
# SRV rikodin
# srv-mai gida = , , , ,
# Lissafin Duniya # Yankin Microsoft DNS _msdcs.mordor.fan
srv-host = _ldap._tcp.gc._msdcs.mordor.fan, sauron.mordor.fan, 3268,0,0 srv-host = _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor .fan, sauron.mordor.fan, 3268,0,0
# Microsoft DNS yankin mordor.fan
srv-host = _gc._tcp.mordor.fan, sauron.mordor.fan, 3268,0,0 srv-host = _gc._tcp.Default-First-Site-Name._sites.mordor.fan, sauron.mordor.fan .3268,0,0
# LDAP da aka gyara da kuma masu zaman kansu LDAP na Littafin aiki
# Yankin Microsoft DNS _msdcs.mordor.fan
srv-host=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.dc._msdcs.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.pdc._msdcs.mordor.fan,sauron.mordor.fan,389,0,0
# Microsoft DNS yankin mordor.fan
srv-host=_ldap._tcp.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.DomainDnsZones.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.Default-First-Site-Name._sites.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan,sauron.mordor.fan,389,0,0
srv-host=_ldap._tcp.ForestDnsZones.mordor.fan,sauron.mordor.fan,389,0,0
#
# KERBEROS an gyara ta kuma mai zaman kanta daga Active Directory
srv-host=_kerberos._tcp.Default-First-Site-Name._sites.mordor.fan,sauron.mordor.fan,88,0,0
srv-host=_kerberos._tcp.mordor.fan,sauron.mordor.fan,88,0,0
srv-host=_kpasswd._tcp.mordor.fan,sauron.mordor.fan,464,0,0
srv-host=_kerberos._udp.mordor.fan,sauron.mordor.fan,88,0,0
srv-host=_kpasswd._udp.mordor.fan,sauron.mordor.fan,464,0,0
# KARSHEN fayil din /etc/dnsmasq.conf
# --------------------------------------------------------- ------------------
Bari mu ƙirƙiri fayil ɗin / sauransu / banner_add_host
[tushen @ dns ~] # nano / sauransu /banner_add_hosts 127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com [tushen @ dns ~] # dnsmasq - gwajin dnsmasq: aiwatar da bincike ya yi daidai. [tushen @ dns ~] # systemctl sake kunnawa dnsmasq.service [tushen @ dns ~] # systemctl halin dnsmasq.service
Bari mu gyara fayil /etc/resolv.conf - Resolver
tushen @ dns: ~ # nano /etc/resolv.conf
yankin mordor.fan bincike mordor.fan
Me yasa bamu da layin da aka saba bayyana a cikin fayil ɗin shawarwari? Domin mun bayyana a cikin dnsmasq.conf umarnin nan masu zuwa:
# Yi amfani da sabar Microsoft® "sauron" idan muka bar ta tayi aiki saba = / mordor.fan / 10.10.10.3 # Tambayoyi game da yankuna na gida za a amsa # daga / sauransu / runduna ko ta DHCP na gida = / mordor.fan / # Tambayoyi game da PTR ko Reverse records za a amsa # ta hanyar "dns" da "sauron" sabobin a cikin wannan tsari uwar garke = / 10.10.10.in-addr.arpa / 10.10.10.5 uwar garke = / 10.10.10.in-addr.arpa / 10.10.10.3
Tambayoyi daga sysadmin.mordor.fan
Fayil /etc/resolv.conf na wannan ƙungiyar sune:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Ratedirƙira ta hanyar binciken NetworkManager mordor.fan mai sakawa 10.10.10.5
buzz @ sysadmin: ~ $ host -t Don spynet4.microsoft.com spynet4.microsoft.com yana da adireshi 127.0.0.1 buzz @ sysadmin: ~ $ host -t Zuwa www.download.windowsupdate.com www.download.windowsupdate.com yana da adireshi 127.0.0.1 Buzz@sysadmin: ~ $ digo dns buzz @ sysadmin: ~ $ dig dns.mordor.fan ;; SASHE NA TAMBAYA :; dns.mordor.fan. A CIKIN A ;; SASAN AMSA: dns.mordor.fan. 0 A CIKIN 10.10.10.5 buzz @ sysadmin: ~ $ host -t SRV _ldap._tcp.gc._msdcs buzz @ sysadmin: ~ $ host -t SRV _ldap._tcp.gc._msdcs.mordor.fan _ldap._tcp.gc._msdcs.mordor.fan yana da rikodin SRV 0 0 3268 sauron.mordor.fan. buzz @ sysadmin: ~ $ dig _ldap._tcp.gc._msdcs.mordor.fan ;; SASHE NA TAMBAYA :; _ldap._tcp.gc._msdcs.mordor.fan. A CIKIN A ;; SASHE NA AMSA: _ldap._tcp.gc._msdcs.mordor.fan. 0 A CIKIN 10.10.10.3 buzz @ sysadmin: ~ $ digo mordor.fan axfr buzz @ sysadmin: ~ $ digo 10.10.10.in-addr.arpa axfr
Kuma wannan hanyar, shawarwari nawa muke buƙata
Dnsmasq + Active Directory® + Microsoft® Abokan Cinikin Windows®
Sake suna ga Abokin Cinikin Microsoft® Windows
bakwai.mordor.fan hayar adireshin IP:
tushen @ dns: ~ # cat /var/lib/misc/dnsmasq.leases 1488006009 00:0c:29:d6:14:36 10.10.10.115 seven 01:00:0c:29:d6:14:36
Bari mu sake sunabakwai»-Wane ne ba a haɗa shi ba zuwa Active Directory Domain- ta«eucalyptus«. Bayan canji da sake kunnawa muna duba:
tushen @ dns: ~ # cat /var/lib/misc/dnsmasq.leases 1488006633 00:0c:29:d6:14:36 10.10.10.115 eucaliptus 01:00:0c:29:d6:14:36
Ana iya ganin tarihin canje-canje daga "sysadmin":
buzz @ sysadmin: ~ $ host -t A bakwai bakwai.mordor.fan yana da adireshi 10.10.10.115
Bayan canjin suna
buzz @ sysadmin: ~ $ host -t A bakwai bakwai bashi da rikodi buzz @ sysadmin: ~ $ host -t A eucaliptus eucaliptus.mordor.fan yana da adireshi 10.10.10.115
Tambayoyi daga abokin ciniki eucaliptus.mordor.fan
Microsoft Windows [Shafin 6.1.7601] Hakkin mallaka (c) Kamfanin Microsoft na 2009. Duk haƙƙoƙi. C: \ Masu amfani \ buzz> nslookup Tsoffin Uwar Garke: dns.mordor.fan Adireshin: 10.10.10.5 > sauron Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 Sunan: sauron.mordor.fan Adireshin: 10.10.10.3 > mordor.fan Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 Sunan: mordor.fan Adireshin: 10.10.10.3 > eucalyptus Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 Suna: eucaliptus.mordor.fan Adireshin: 10.10.10.115 > 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 Suna: sauron.mordor.fan Adireshin: 10.10.10.3 Sunayen sunayen: 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan > saitin nau'in = SRV > _kerberos._udp.mordor.fan Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 _kerberos._udp.mordor.fan SRV wurin sabis: fifiko = 0 nauyi = 0 tashar jiragen ruwa = 88 svr sunan mai masauki = sauron.mordor.fan sauron.mordor.fan adireshin intanet = 10.10.10.3. XNUMX > _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan Adireshin: dns.mordor.fan Adireshin: 10.10.10.5 _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan SRV wurin sabis: fifiko = 0 nauyi = 0 tashar jiragen ruwa = 389 svr sunan mai masauki = sauron .mordor.fan sauron.mordor.fan adreshin intanet = 10.10.10.3 > fita C: \ Masu amfani \ buzz>
Rijistar abokan cinikin Windows a Microsoft® DNS
Abokan Cinikin Windows Ba Sun Shiga cikin Active Directory® Domain ba
Dole ne mu bincika idan adiresoshin IP ɗin da aka yi haya da su ta hanyar kwastomomin Windows daban-daban daga Dnsmasq suna da rajista daidai a cikin Microsoft® DNS. Zai iya tasiri yadda muke kunna Dynamic Updates - Sabuntawa mai ƙarfi a cikin Microsoft® DNS Zones na Aikin Littafin Adireshin®. Muna farawa daga daidaitaccen tsari na Microsoft DNS wanda ke ba da damar ureaukaka Dynamic Updates kawai - Dynamic updates -> Amintacce kawai, a kowane Yankin ta.
Lura cewa abokin ciniki tare da na yanzu FQDN eucalyptus.mordor.fan babu yana haɗe da Aikin Littafin Adireshi na Aiki (ko Samba4 AD-DC), kuma banda ga dokar Microsoft cewaAbokan ciniki kawai waɗanda suka yi rajista a cikin Yanki na zasu sami izini ta hanyar Myaukaka Sabunta - wanda kawai na sani- yin rajista a cikin My DNS«. Kyakkyawan abu Samba4 AD-DC ya koya mana wani abu game da shi.
eucalyptus.mordor.fan haya IP 10.10.10.115:
buzz @ sysadmin: ~ $ host -t A eucaliptus eucaliptus.mordor.fan yana da adireshi 10.10.10.115
Bari mu canza sunansa zuwa «mahogany«, Bari mu sake farawa Windows 7, mu ga abin da ya faru yayin da muka nemi sunaye«eucalyptus»Kuma«mahogany»Ga kowane ɗayan DNS ɗin, da farko zuwa Microsoft DNS sannan zuwa Dnsmasq:
buzz @ sysadmin: ~ $ host -t A eucaliptus.mordor.fan 10.10.10.3 Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Mai watsa shiri eucaliptus.mordor.fan bai samu ba: 3 (NXDOMAIN) buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.3 Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Mai watsa shiri mahogany.mordor.fan bai samu ba: 3 (NXDOMAIN) buzz @ sysadmin: ~ $ host -t A eucaliptus.mordor.fan 10.10.10.5 Ta amfani da uwar garken yankin: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: Mai watsa shiri eucaliptus.mordor.fan bai samu ba: 3 (NXDOMAIN) buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.5 Ta amfani da uwar garken yankin: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: mahogany.mordor.fan yana da adireshi 10.10.10.115
Za mu iya canza sunan Windows 7 abokin ciniki cewa babu an haɗe shi zuwa Yankin mordor.fan na Littafin Adireshi® na aiki kamar yadda muka so sau da yawa, cewa Microsoft® DNS ba su gano game da waɗannan canje-canjen ba ko kuma akwai irin wannan abokin ciniki. Shin yana yiwuwa ne kawai saboda mun zaɓi zaɓi Dynamic updates -> Amintacce kawai a cikin kowane Yanki na Micorosft DNS?.
Domin Mista Microsoft® DNS ya san game da canje-canje, dole ne mu zaɓi Dynamic updates -> Ba aiki da amintacce. Wannan zabin, Masoya Masu Karatu, yana nuna matukar raunin tsaro na duk wani Server mai suna wanda ake mutunta shi, Microsft® ne ko UNIX® / Linux. Microsoft® DNS yayi kashedin game da yanayin raunin saboda a ƙarshe ba komai bane face gyara da keɓaɓɓen AIKI da zai ba mu «Tsaro don Duhu«. Idan ba haka ba, me yasa kuke ba da shawarar adanawa a sanannun sanannenku rajista duk saitunan DNS da bayanan Microsoft® DNS ɗin ka lokacin da muke aiwatar da Adireshin Ayyuka ®? Toari da tallafawa ba amintattun ɗaukakawa ga Microsoft® DNS, ana buƙatar gyare-gyare mai zuwa a cikin tsarin haɗin katin abokin ciniki na Windows 7:
Bari mu bincika:
buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.3 Ta amfani da uwar garken yanki: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Mahogany.mordor.fan yana da adireshi 10.10.10.115 buzz @ sysadmin: ~ $ host 10.10.10.115 10.10.10.3 Ta amfani da uwar garken yanki: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunayen sunayen: 115.10.10.10.in-addr.arpa sunan yankin mai nuna mahogany.mordor.fan. buzz @ sysadmin: ~ $ host -t A mahogany 10.10.10.5 Ta amfani da uwar garken yanki: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: Mahogany.mordor.fan yana da adireshi 10.10.10.115 buzz @ sysadmin: ~ $ host 10.10.10.115 10.10.10.5 Ta amfani da uwar garken yanki: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunayen sunayen: 115.10.10.10.in-addr.arpa sunan yankin mai nuna mahogany.mordor.fan.
Ee yanzu. Abin da kyau aiki tare don sabobin DNS guda biyu waɗanda ba a haɗa su ta kowane hanya!
Abokan Cinikin Windows sun Shiga cikin Active Directory® Domain
Mu hada kan abokin harka mahogany.mordor.fan zuwa Yankin, amma ba kafin kawar da gyare-gyaren da muka yi ba a cikin tsarin katin sadarwar ku, idan a kowane lokaci mun yi hakan ne don tabbatar da ma'anar babin da ya gabata. Har ila yau share shigarwa don «mahogany»A cikin Microsoft® DNS, kuma dawo da Updaukaka Dynamic zuwa asalinsu na asalin «M kawai«. Af, yana da inganci don sake kunna sabis ɗin Microsoft® DNS.
Bayan shiga yankin, kuma duk da kokarin da muke, abokin harka «mahogany»Ba a rajista a Microsoft® DNS ba. Har ma mun bayyana a cikin dnsmasq.conf -zamani-cewa sabar DNS ta farko ita ce 10.10.10.3.
Microsoft Windows [Shafin 6.1.7601]
Hakkin mallaka (c) Kamfanin Microsoft na 2009. Duk haƙƙoƙi.
C: \ Masu amfani \ saruman> ipconfig / duk
Windows IP Kanfigareshan Mai watsa shiri Sunan. . . . . . . . . . . . : MAHOGANY Primary Dns Suffix. . . . . . . : mordor.fan Node Nau'in. . . . . . . . . . . . : Haɗa IP Sashin Hanyar IP . . . . . . . : Babu Wakilin WINS da aka kunna. . . . . . . . : Babu jerin Sunaye na Suffix na DNS. . . . . . : mordor.fan adaftar Ethernet Local Area Haɗin: Takamaiman takamaiman Haɗin DNS. : mordor.fan Bayani. . . . . . . . . . . : Intel (R) PRO / 1000 MT Hanyar Sadarwar Sadarwar Sadarwar Jiki. . . . . . . . . : 00-0C-29-D6-14-36 DHCP An kunna. . . . . . . . . . . : Ee An kunna fasalin atomatik. . . . : Ee Adireshin-adireshin IPv6 na gida. . . . . : fe80 :: 352a: b954: 7eba: 963e% 12 (Anfi so) IPv4 Adireshin. . . . . . . . . . . : 10.10.10.115 (Wanda aka fi so) Maƙallin Maskarƙashin netasa. . . . . . . . . . . : 255.255.255.0 An Samu Hayar. . . . . . . . . . : Asabar, 25 ga Fabrairu, 2017 8:19:05 AM Hayar ta ƙare. . . . . . . . . . : Asabar, Fabrairu 25, 2017 4: 20: 36Pm Tsohuwar Hanya. . . . . . . . . : 10.10.10.253 Sabar DHCP. . . . . . . . . . . : 10.10.10.5 DHCPv6 IAID. . . . . . . . . . . : 251661353 DHCPv6 Abokin Ciniki DUID. . . . . . . . : 00-01-00-01-20-3B-69-81-00-0C-29-D6-14-36
Saitunan DNS. . . . . . . . . . . : 10.10.10.3
10.10.10.5
NetBIOS akan Tcpip. . . . . . . . : Adaftan Rami mai aiki isatap.mordor.fan: Media State. . . . . . . . . . . : Media ta cire haɗin Haɗin takamaiman DNS ɗin Suffix. : mordor.fan Bayani. . . . . . . . . . . : Microsoft ISATAP Adafta Jiki Na Jiki. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP An kunna. . . . . . . . . . . : Ba a kunna Canji na atomatik ba. . . . : Ee Adaftan Rami Rama Haɗin Yankin Gida * 9: Media State. . . . . . . . . . . : Media ta cire haɗin Haɗin takamaiman DNS ɗin Suffix. : Bayani. . . . . . . . . . . : Adireshin Jiki na Adaftan Rikicin Microsoft Teredo. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP An kunna. . . . . . . . . . . : Ba a kunna Canji na atomatik ba. . . . : Kuma yana da
C: \ Masu amfani \ saruman>
buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.3
Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Sunaye: Mai watsa shiri caoba.mordor.fan bai samu ba: 3 (NXDOMAIN)
Buzz@sysadmin: ~ $ mai masaukin baki -t Don mahogany.mordor.fan
mahogany.mordor.fan yana da adireshi 10.10.10.115
- Hanyar hanyar da ake yiwa abokin ciniki rajista «mahogany»A cikin Microsft® DNS yana gyara katin hanyar sadarwar ku kamar yadda aka nunaó a cikin hoton da ya gabata, ma'ana, a bayyane yake faɗi cewa: ɗumbin DNS ɗin don haɗin shine mordor.fan, cewa yana yin rijistar adireshin haɗin yanar gizo a cikin DNS, kuma yana amfani da ɓoyayyen DNS ɗin da aka bayyana yayin yin rijistar haɗin.
buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.3 Ta amfani da uwar garken yanki: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Mahogany.mordor.fan yana da adireshi 10.10.10.115 buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan mahogany.mordor.fan yana da adireshi 10.10.10.115
Bari mu canza suna daga "mahogany" zuwa "itacen al'ul"
buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.3 Ta amfani da uwar garken yankin: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: Sunaye: Mai watsa shiri caoba.mordor.fan bai samu ba: 3 (NXDOMAIN) buzz @ sysadmin: ~ $ host -t Zuwa cedar.mordor.fan 10.10.10.3 Ta amfani da uwar garken yanki: Suna: 10.10.10.3 Adireshin: 10.10.10.3 # 53 Sunaye: cedro.mordor.fan yana da adireshi 10.10.10.115 buzz @ sysadmin: ~ $ host -t A mahogany.mordor.fan 10.10.10.5 Ta amfani da uwar garken yankin: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: Sunaye: Mai watsa shiri caoba.mordor.fan bai samu ba: 3 (NXDOMAIN) buzz @ sysadmin: ~ $ host -t Zuwa cedar.mordor.fan 10.10.10.5 Ta amfani da uwar garken yanki: Suna: 10.10.10.5 Adireshin: 10.10.10.5 # 53 Sunaye: cedro.mordor.fan yana da adireshi 10.10.10.115
Kuma duk al'ada, kamar yadda Microsoft® abokan ciniki da Microsoft® DNS suke son abubuwa su kasance.
Bari muyi aiki tare da Microsoft® DHCP da Microsoft® DNS
Ya ku masu karatu, wannan babi ya fita daga yanayin shafin da aka sadaukar dashi ga Free Software. Duba taimakon Microsoft®. Ba su yi imani ba?. 😉
ƘARUWA
Akwai hanyoyi da yawa don aiki da Microsoft® DNS lokacin da muka sanya shi ya kasance tare a cikin Sadarwar SME tare da Dnsmasq. Daga cikinsu za mu ambaci kawai masu zuwa:
- Cire sabis ɗin Microsoft® na DNS gaba ɗaya akan kwamfutar da yake gudana, yana nuna daga baya cewa farkon sabis ɗin yana da nakasa. Cire alamar a cikin sanyi na cibiyar sadarwar katin kowane Microsoft® abokin ciniki zabin don Rijistar haɗin adireshin a cikin DNS. Cire daga fayil / da sauransu / dnsmasq.conf Umurni saba = / mordor.fan / 10.10.10.3. Bayanan kula:
- Ko da ba a amsa tambayoyin game da bayanan ba Soa y NS.
- Yana da fa'ida cewa a cikin SME LAN za'a sami guda ɗaya Server Name Server -machote- kuma zai zama Dnsmasq. ;-) A gefe guda, yiwuwar rashin daidaituwa tsakanin rikodin DNS da aka adana a cikin Microsoft® DNS da waɗanda ke samuwa ta hanyar Dnsmasq an kawar da su.
- Bar Microsoft® DNS da ke gudana don amsa tambayoyin DNS kawai game da bayanan SOA da NS. Notes:
- Gyara kwatancen katin sadarwar kowane mai amfani da Windows, cire alamar zaɓi don Yi rijistar adireshin haɗin cikin DNS.
- Muna tunani cewa wannan maganin ɓata albarkatu ne.
- Sanya aiyukan kamar yadda muka gani a duk labarin, wanda ke nuna wata mafita ga yadda falsafar Microsoft® take - ba FreeBSD / Linux- ba?
Tsaya
- Shafin Microsoft® DNS ya rufe sosai. Bata bar sarari ba ga sauran hanyoyin warware matsalar wadanda basu dace da falsafancinta ba.
- Yanayin Uwa yana koya mana cewa muna rayuwa a cikin sararin duniya daban-daban. Abu na yau da kullun shine a sami LAN mai hade, yana motsawa zuwa Free Software, kuma mai wadataccen rayuwa da iri-iri.
- Da alama cewa ga Microsoft®, kwastomomin da ba sa Shiga Falsafar sa Baƙi ne, don haka kada su damu da la'akari da su.
- Yaya wahala yake aiki tare da Software na Musamman! Na gwammaci in ɗan kashe aiki na kafa Free Software kuma in zama Gaskiya Free, tir!
"Mafi kyawun Cikakken Gaskiya shine Aiki."
Babban labarin da kuka rubuta, Federico!
Babban labarin masoyi na. Kuma taƙaitaccen shine mafi kyawun XD
Ma'auni;
Ba na tsammanin na ga cikakken jagora da cikakken bayani game da sysadmin a kan intanet (a cikin yaren Mutanen Espanya), aikin da kuke yi a Cibiyoyin Sadarwa na SMEs shine tsarawa.
Kodayake aikin yana da wahala kuma isa wannan matakin daki-daki al'amari ne na awanni da yawa, na yi imanin cewa kuna ƙirƙirar mahimmin bayani wanda za ayi amfani da shi kamar yadda yawancin SysAdmin suka san shi wanda ke da mabuɗin a cikin malaminku labarin yawancin ayyukan da take fuskanta kowace rana.
Dangane da dnsmasq da kundin adireshi, ina tsammanin ban taba samun damar aiki tare da duka ba, amma a dakin bincike na, in babu abokin cinikin windows, komai ya yi daidai, kuma ba abin mamaki bane da wannan kyakkyawan matakin ta mataki.
Ceto jumlar ku «Yaya wahalar aiki tare da Software mai zaman kansa!. Na fi son kashe ɗan aikin daidaitawa Software na Kyauta kuma in zama Kyauta da gaske, la'ananne! »… Bari mu tafi da kashe ɗan aikin da ake yi na daidaita software kyauta tsallake kan lokaci, galibi saboda takardu irin naku da sauran mutane, yaya kuma tare da daidaitaccen mutuntaka na software kyauta.
Barka da FIco… Mun ci gaba.
Zodiac: Kalmominku ƙarfafawa ne don ci gaba da rubutu. Kada ku yi shakka, yawancin awanni masu kyau - gindi ya zama dole don rubuta ƙaramin abu kamar wannan.
Julio León: Ina gaishe ku ku ma, ƙaunataccen Julio. Da fatan kuma za ku ci gaba da kasancewa tare da mu kan tafarkin sanin ɗan abin da muke sani game da Free Software.
Lagarto: Kwanaki da awannin da aka shafe suna da daraja idan na karanta tsokaci kamar waɗanda suke a cikin wannan rubutun. Su ne mafi kyawun sakamako ga aikinmu. Na ba da hanyar haɗin labarin zuwa ga Simon Kelley kansa kuma yana da kirki ya ba ni amsa.
Ina so in yi amfani da wannan sarari in faɗi cewa a cikin batun DNS da DHCP mun fara -by dabaru- daga hadadden zuwa mai sauƙi. Dnsmasq ingantaccen bayani ne na SME Networks, kuma yana da sauƙin aiwatarwa fiye da BIND + Isc-Dhcp-Server duo. Maganar na iya zama ɗan fasaha ga masu karatu da yawa. Tare da lokaci da aiki za su gane cewa ba haka lamarin yake ba. Yana da kyau ƙarancin nazarin Ka'idodin Sabis na Infrastructure, taken da zai iya ƙunshe da abubuwa 6 da aka rubuta game da ayyukan DNS da DHCP, ba tare da mantawa da NTP ba.
Taya murna ga kowa… Mun ci gaba!
Na gode Federico don wani babban labarin tare da cikakken bayani dalla-dalla game da Dnsmasq, kayan aikin da muka riga muka gani yana da matukar amfani ga sysadmins.
GIRMA duk abin da ya shafi shigar da Yankin Microsoft DNS "_msdcs.mordor.fan" a cikin fayil ɗin daidaitawar /etc/dnsmasq.conf ta hanyar rikodin SRV ɗin da ke amfani da sabis ɗin: _gc, _ldap, _kerberos da _kpasswd tare da Burin shi ne amfani da Microsoft DNS ("uwar garke = / mordor.fan / 10.10.10.3" sanarwa) ban da Dnsmasq ("local = / mordor.fan /" sanarwa) don warware tambayoyin DNS.
GREAT shine kuma misalin da aka kirkira cewa don Microsoft DNS suyi rajistar abokan cinikin Windows tare da canje-canje na IP akan LAN, dole ne ku zaɓi cikin daidaitattun DNS, "ynamararrawar Dynamic" azaman "Rashin aiki da amintacce" da abin da hakan ke nunawa cikin rashin lafiyar tsaro na duk wani Sabo na Server wanda ake girmamawa, walau Microsoft ko UNIX / Linux. Baya ga zama dole gyara a cikin daidaitawar katin sadarwar abokin cinikin Windows.
Babu wani abin da tare da kowane sabon matsayi da kuka ɗaga tasha! Da jiran jiran labarai na gaba!
Na gode sosai don kimantawa da tsokaci, IWO. A kowane labarin da na buga, koyaushe nakan jira ra'ayinku, saboda aikinku, iliminku da aikinku suna tallafawa. Taya murna IWO. Za mu gan ku a cikin labarin na gaba
Kyakkyawan aiki, kamar koyaushe sanya waɗannan gems ɗin don sysadmins. Godiya dubu!
Ba wa Microsoft dama ta Microsoft, ba ku ma bari ta nuna ba. Ba mu sani ba ko yana raye ko kuwa yana da wani abin kunya da ya rage. Labari mai kyau.
Lu'u lu'u lu'u-lu'u wanda babu kamarsa, an adana shi a cikin waɗanda aka fi so don shawara. Labari mai kyau.
Na gode HO2Gi don kimantawar ku. Ina baku shawarar -da kuma gabaɗaya kowa ya ziyarci https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/. An sake shirya shi tare da jerin abubuwan da aka buga da kuma abubuwan da za'a tattauna. Gaisuwa ku ci gaba da mu.
Madalla daftarin aiki kamar wanda yake a ciki https://blog.desdelinux.net/bind-active-directory/
Ina so in ba da shawara, kuma don Allah a ɗauka azaman zargi mai ma'ana; Don nuna daidaito, zai fi kyau idan maimakon amfani da hanyar sadarwar 10.10.10.0/24, ta yi amfani da ɗaya inda kowane toshi yana da lambobi daban-daban, kamar hanyar 192.168.1.0/24.
Wannan zai fayyace maki inda adireshin hanyar sadarwa ke tafiya ta baya, kamar lokacin da dole ka ƙara ƙimomin nau'ikan ".in-addr.arpa"
Na gode da raba wadataccen ilimi mai inganci.
Mafi kyau