Muna ci gaba da jerin labaranmu kuma a cikin wannan zamu tattauna da fannoni masu zuwa:
- Shigarwa
- Kundayen adireshi da manyan fayiloli
Kafin ci gaba, muna ba da shawara kada ku daina karantawa:
Shigarwa
A cikin Console kuma a matsayin mai amfani tushen mun shigar da daura9:
gwaninta shigar da daure9
Dole ne kuma mu sanya fakitin dnsutil wanda ke da kayan aikin da ake buƙata don yin tambayoyin DNS da bincika aikin:
gwaninta shigar dnsutils
Idan kana son tuntuɓar takardun da suka zo a cikin mangaza:
ƙwarewa shigar da bind9-doc
Za'a adana takaddun a cikin kundin adireshi / usr / share / doc / bind9-doc / hannu da fayil din fihirisar ko kuma Abinda ke ciki shine BV9ARM.html. Don buɗe shi gudu:
Firefox / usr / share / doc / bind9-doc / hannu / Bv9ARM.html
Lokacin da muka shigar da daura9 akan Debian, haka ma kunshin daure9utils wanda ke ba mu kayan aiki masu amfani da yawa don kula da shigarwar BIND da ke aiki. Daga cikinsu zamu samu rndc, mai suna-checkconf kuma mai suna-checkzone. Haka kuma, kunshin dnsutil yana ba da cikakkiyar jerin shirye-shiryen abokan cinikayya na BIND tsakanin wanda zai kasance tono da kuma nslookup. Zamuyi amfani da duk waɗannan kayan aikin ko umarni a cikin labarai masu zuwa.
Don sanin duk shirye-shiryen kowane kunshin dole ne mu aiwatar azaman mai amfani tushen:
dpkg -L bind9utils dpkg -L dnsutils
Ko je zuwa Synaptic, nemi fakitin, ka ga fayilolin da aka girka. Musamman waɗanda aka sanya a cikin manyan fayiloli / usr / bin o / usr / sbin.
Idan muna son ƙarin sani game da yadda ake amfani da kowane kayan aiki ko tsarin da aka sanya, dole ne mu aiwatar:
mutum
Kundayen adireshi da manyan fayiloli
Lokacin da muka girka Debian an ƙirƙiri fayil ɗin /etc/resolv.conf. Wannan fayil ɗin ko "Fayil ɗin daidaitawar sabis", Ya ƙunshi zaɓuɓɓuka da yawa waɗanda ta hanyar tsoho sune sunan yanki da adireshin IP na uwar garken DNS da aka ayyana yayin girkawa. Kamar yadda ƙunshin taimakon fayil ɗin ya kasance a cikin Mutanen Espanya kuma a bayyane yake, muna ba da shawarar karanta shi ta amfani da umarnin mutum resolv.conf.
Bayan shigar da daura9 A cikin Matsi, aƙalla an ƙirƙiri kundayen masu zuwa:
/ sauransu / ɗaura / var / cache / ɗaure / var / lib / ɗaure
A cikin littafin adireshi / sauransu / ɗaura Mun sami, a tsakanin wasu, fayilolin sanyi masu zuwa:
mai suna.conf mai suna.conf.options mai suna.conf.default-zones mai suna.conf.local rndc.key
A cikin littafin adireshi / var / cache / ɗaure zamu kirkiro fayiloli na Yankunan Gida wanda zamu magance shi daga baya. Saboda son sani, gudanar da waɗannan umarnin a cikin Console azaman mai amfani tushen:
ls -l / sauransu / ɗaure ls -l / var / cache / ɗaure
Tabbas, kundin adireshi na ƙarshe bazai ƙunshi komai ba, tunda har yanzu ba mu ƙirƙirar Yankin Yanki ba.
Rarraba saitunan BIND cikin fayiloli da yawa anyi shi ne don dacewa da tsabta. Kowane fayil yana da takamaiman aiki kamar yadda za mu gani a ƙasa:
mai suna.conf: Babban fayil ɗin sanyi. Ya hada da fayiloliname.conf.options, mai suna.conf.local y mai suna.conf.de tsoffin-yankuna.
name.conf.options: Zaɓuɓɓukan sabis na Janar DNS. Umurni: shugabanci "/ var / cache / ɗaure" zai gayama9 inda zaka nemo fayilolin Yankunan Yankin da aka kirkira. Mun kuma bayyana a nan sabobin “Masu turawa"Ko kuma a cikin fassara mai ma'ana" Ci gaba "har zuwa adadi mafi yawa na 3, waɗanda ba komai bane face sabobin DNS na waje waɗanda zamu iya tuntuɓar su daga hanyar sadarwarmu (ta hanyar Firewall mana) waɗanda zasu amsa tambayoyin ko buƙatun cewa DNS ɗinmu na gida bai iya amsawa ba.
Misali, idan muna daidaita DNS don LAN192.168.10.0/24, kuma muna son ɗaya daga cikin masu turawarmu ya zama Uwar garken Suna na UCI, dole ne mu bayyana masu gabatar da umarnin {200.55.140.178; }; Adireshin IP wanda yayi daidai da sabar ns1.uci.cu.
Ta wannan hanyar zamu iya tuntuɓar uwar garken mu na gida na DNS wanda shine adireshin IP na mai masaukin yahoo.es (wanda ba a bayyane yake akan LAN ɗin mu ba), tunda DNS ɗinmu zasu tambayi UCI idan ta san wanene adireshin IP na yahoo.es, sannan kuma ku bamu sakamako mai gamsarwa ko a'a. Hakanan kuma a cikin fayil ɗin kanta mai suna.conf.option Zamu bayyana wasu mahimman al'amura na daidaitawar kamar yadda zamu gani nan gaba.
mai suna.conf.de tsoffin-yankuna: Kamar yadda sunan ya nuna, su ne Tsoffin Yankunan. Anan sunan fayil ɗin da ke ƙunshe da bayanan Sabis na Tushen ko Tushen Akidar da ake buƙata don fara ɓoye DNS ɗin, an tsara fayil ɗin musammantushen. An kuma umarci BIND da samun cikakken Hukuma (ya zama Mai Izala) a cikin ƙudurin sunaye na Localhost, duka a cikin tambayoyin kai tsaye da juyawa, kuma iri ɗaya ne ga yankunan "Watsa labarai".
mai suna.conf.local: Fayil a inda muka bayyana tsarin gida na sabar mu na DNS da sunan kowane ɗayan Yankunan Gida, kuma wanene zai zama fayilolin Rikodi na DNS waɗanda zasu tsara sunayen kwamfutocin da aka haɗa da LAN ɗin mu tare da adireshin IP ɗin su kuma akasin haka.
rdc.key: Fayilolinda aka kirkiri mai dauke da Mabudin sarrafa BIND. Amfani da BIND uwar garken mai amfani rdc, za mu sami damar sake shigar da tsarin DNS ba tare da sake kunna shi ba tare da umarnin rndc sake loda. Yana da amfani sosai lokacin da muke yin canje-canje a cikin fayilolin Yankunan Yanki.
A cikin Debian fayilolin Yankin Yanki Hakanan za'a iya kasancewa a ciki / var / lib / ɗaure; yayin kuma a cikin wasu rarrabuwa kamar Red Hat da CentOS yawanci suna cikin / var / lib / mai suna ko wasu kundayen adireshi dangane da matakin tsaro da aka aiwatar.
Mun zabi kundin adireshi / var / cache / ɗaure shi ne wanda tsoho Debian ya ba da shawara a cikin fayil ɗin name.conf.options. Zamu iya amfani da kowane kundin adireshi muddin muka fadawa daura9 inda za a nemi fayilolin yankuna, ko a ba ku cikakkiyar hanyar kowannensu a cikin fayil ɗin mai suna.conf.local. Yana da lafiya ƙwarai a yi amfani da kundayen adireshi da rarrabawar da muke amfani da su.
Ya wuce girman wannan labarin don tattauna ƙarin tsaro da ke tattare da ƙirƙirar Cage ko Chroot don BIND. Hakanan batun batun tsaro ta mahallin SELinux. Waɗanda suke buƙatar aiwatar da waɗannan fasalulluka ya kamata su juya zuwa littattafai ko wallafe-wallafe na musamman. Ka tuna cewa kunshin takardun daura9-doc an shigar a cikin kundin adireshi / usr / raba / doc / bind9-doc.
To Yallabai, ya zuwa yanzu Kashi na 2. Ba ma so mu fadada a kan kasida daya saboda kyawawan shawarwarin Shugabanmu. A ƙarshe! za mu shiga cikin gwattaccen tsarin Saitin BIND da Gwaji… a babi na gaba.
barka da kyau sosai labarin!
Na gode sosai ..
Wannan bashi da mahimmanci saboda dalilan tsaro: Kada a bar dns a bude (bude mai warwarewa)
Abubuwan da suka shafi:
1) http://www.google.com/search?hl=en&q=spamhaus+ataque
2) http://www.hackplayers.com/2013/03/el-ataque-ddos-spamhaus-y-la-amenaza-de-dns-abiertos.html
Ina faɗi:
«... Misali, Open DNS Resolver Project (openresolverproject.org), kokarin da gungun masana tsaro suka yi don gyara wannan, ya kiyasta cewa a halin yanzu akwai miliyan 27" Open Recursive Resolvers ", kuma miliyan 25 daga cikinsu sune babbar barazanar., a ɓoye, tana jira don sake sake fushinta akan sabon manufa .. »
gaisuwa
Yana da kyau sosai don shigar da mutane cikin mahimmin sabis ɗin yau kamar DNS.
Abinda nakeyi, idan zan iya nuna wani abu, shine fassarar taka mai ma'anar "masu turawa", wanda yayi kama da an cire shi daga fassarar google. Fassarar daidai ita ce "Sanar da Sabis" ko "Masu Turawa."
Duk sauran abubuwa, babba.
gaisuwa
Matsalar Semantics. Idan kun tura buƙata zuwa wani don samun amsa, baku Gabatar da buƙata zuwa wani matakin ba. Na yi imanin cewa mafi kyawun magani a Cuban Spanish shi ne Adelantadores saboda ina nufin Pass ko Ci gaban wata tambaya da ni (DNS ɗin yankin) ba zan iya amsawa ba. Mai sauki. Zai fi sauƙi a gare ni in rubuta labarin cikin Turanci. Koyaya, koyaushe ina bayyanawa game da Fassarata. Na gode da bayanin da kuka yi a kan kari.
Luxury;)!
Na gode!
Kuma don OpenSUSE?
CREO yana aiki don kowane ɓoye. Yankin fayil wuri ya banbanta, Ina ji. a'a?
Na gode duka da kuka yi sharhi .. kuma da farin ciki na karbi shawarwarinku .. 😉