General index yeakateedzana: Computer Networks yeSMEs: Sumo
Mhoro shamwari !. Mushure memaviri akapfuura ezvinyorwa pane iyo Domain Name System and the Dynamic Host Configuration Protocol rakabudiswa mu «DNS uye DHCP mune yakavhurikaSUSE 13.2 'Harlequin'"uye"DNS uye DHCP pane CentOS 7«, Zvese zviri kubva zvakateedzana SME Networks, isu tinofanirwa kumisa iwo masevhisi muDebian.
Isu tinodzokorora kuti yakanaka yekutanga poindi yekudzidza nezve dzidziso dzedzidziso dzeDNS neDHCP ndeye Wikipedia.
Kuisa iyo inoshanda sisitimu
Tichatanga kubva pakuiswa kwekutanga kwevhavha neiyo Debian 8 "Jessie" sisitimu inoshanda pasina kuisa chero graphical nharaunda kana imwe chirongwa Mushini chaiwo une 512 megabytes e RAM uye 20 gigabyte hard drive inopfuura zvakakwana.
Munguva yekumisikidza maitiro - kunyanya mumavara mameseji - uye tichiteedzera marongero ezvikwiriso, isu takasarudza anotevera parameter:
- Mutauro: Spanish - Spanish
- Nyika, ndima kana nharaunda: U.S
- Keymap yekushandisa: American English
- Gadzira network yacho nemaoko:
- IP kero: 192.168.10.5
- Netmask: 255.255.255.0
- Gateway: 192.168.10.1
- Mazita eNameserver: 127.0.0.1
- Mushini zita: dns
- Zita reimba: desdelinux.fan
- Super Mushandisi Password: SuClave (ndokumbira kubvumidzwa)
- Zita rizere remushandisi mutsva: Debian Kutanga OS Buzz
- Username yeakaunzi:buzz
- Sarudza password yemushandisi mutsva: SuClave (ndokumbira kubvumidzwa)
- Sarudza yako nguva: Mabvazuva
- Kupatsanura nzira: Kutungamirirwa - shandisa diski yose
- Sarudza dhisiki kupatsanura: Virtual diski 1 (vda) - 21.5 GB Virto Block mudziyo
- Chikamu chekupatsanura: Ese mafaera muchikamu (chakakurudzirwa newbies).
- Pedzisa kupatsanura uye nyora shanduko ku diski
- Iwe unoda kunyora shanduko kuma disks here?
- Iwe unoda kuongorora imwe CD kana DVD?:
- Iwe unoda here kushandisa replica yed?:
- Iwe unoda here kutora pasuru yekushandisa ongororo?:
- Sarudza zvirongwa zvekuisa:
[] Debian desktop nharaunda
[*] Standard system zvinoshandiswa
- Iwe unoda kuisa iyo GRUB boot loader mune huru boot rekodhi?
- / dev / vda
- "Kuiswa kwapera":
Mune maonero angu ane mwero, kuisa Debian kuri nyore. Izvo zvinongodiwa chete kuti upindure mibvunzo yesarudzo dzakatsanangurwa uye rumwe ruzivo. Ini ndinotoshinga kutaura kuti zviri nyore kutevera nhanho dzakapfuura pane kuburikidza nevhidhiyo, semuenzaniso. Pandinoverenga handirasikirwe ne concentration. Imwe nyaya ndeyekutarisa, kuverenga, kududzira, uye kupa vhidhiyo kumashure nekudzoka, kana ini ndarasikirwa kana kusanzwisisa zvakanaka zvimwe zvakakosha kukosha. Gwaro rakanyorwa nemaoko, kana faira rakanyorwa rakakopwa kunharembozha, rinoshanda segwara rinoshanda zvakakwana.
Pakutanga marongero
Mushure mekupedza iko kwekutanga kumisikidza uye yekutanga reboot, isu tinopfuurira kuzivisa iyo Chirongwa Chekuchengetedza.
Paunenge uchigadzirisa iyo faira zvinyorwa.list, isu tinotaura pane zvese zviripo zvisipo nekutadza nekuti isu tinongo shanda pamwe nenzvimbo dzekuchengetedza. Zvekupedzisira zvemukati mefaira -kusanganisira mitsara yakataurwa- ichave iri:
midzi @ dns: ~ # nano /etc/apt/source.list deb http: // 192.168.10.1/repos/jessie/debian/ jessie main donje dh http: //192.168.10.1/repos/jessie/debian-security/ jessie / inogadziridza main inobatsira
Isu tinogadziridza iyo system
midzi @ dns: ~ # aptitude yekuvandudza midzi @ dns: ~ # aptitude kusimudzira midzi @ dns: ~ # reboot
Isu tinoisa SSH kuti tiwane kure
midzi @ dns: ~ # kukodzera kuisa ssh
Kubvumira mushandisi kutanga chikamu chiri kure kuburikidza neSSH mudzi -kubva ku Enterprise LAN chete- isu tinogadziridza yayo yekumisikidza faira:
midzi @ dns: ~ # nano / etc / ssh / sshd_config .... PermitRootLogin hongu .... midzi @ dns: ~ # systemctl kutanga ssh.service midzi @ dns: ~ # systemctl chimiro ssh.service
Isu tinotanga chikamu chiri kure kuburikidza neSSH mu «dns» kubva kune «sysadmin» muchina:
buzz @ sysadmin: ~ $ rm .ssh / inozivikanwa_hosts buzz @ sysadmin: ~ $ ssh root@192.168.10.5 ... root@192.168.10.5 password: ... root @ dns: ~ #
Main mafaira ekugadzirisa
Iwo makuru mafaera ehurongwa hwekumisikidza achave maererano nesarudzo dzedu panguva yekumisikidza:
midzi @ dns: ~ # kati / etc / hosts 127.0.0.1 localhost 192.168.10.5 dns.desdelinux.fan dns # Mitsetse inotevera inodiwa IPv6 anokwanisa mauto ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters midzi @ dns: ~ # kati /etc/resolv.conf kutsvaka desdelinux.fan nameserver 127.0.0.1 midzi @ dns: ~ # hostname DNS midzi @ dns: ~ # hostname -f dns.desdelinux.fan midzi @ dns: ~ # katsi / nezvimwe / network / nzvimbo # Iri faira rinotsanangura network interfaces inowanikwa pane yako system # uye maitiro ekuimisa. Kuti uwane rumwe ruzivo, ona interfaces(5). tsime /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface inobvumira-hotplug eth0 iface eth0 inet static address 192.168.10.5 netmask 255.255.255.0 network 192.168.10.0. 192.168.10.255 gedhi 192.168.10.1 # dns-* sarudzo dzinoitwa neresolvconf package, kana yakaiswa dns-nameservers 127.0.0.1 dns-search desdelinux.fan
Isu tinoisa super ruzivo mapakeji
midzi @ dns: ~ # aptitude yekuisa htop mc deborphan
Kuchenesa kurodha pasi mapakeji, kana paine
(email yakachengetedzwa):
Isu tinoisa iyo BIND9
- Usati waisa CHISUNGWA isu tinokurudzira zvikuru shanyira iyo peji DNS rekodhi mhando paWikipedia, zvese mushanduro dzayo dzeSpanish neChirungu. Aya marudzi emarejista ndiwo iwo atinozoshandisa mukumisikidza maZones mafaira, ese ari maviri Direct uye Reverse. Zvinodzidzisa zvikuru kuziva zvatiri kubata nazvo.
- Uyewo isu tinokurudzira verenga zvinotevera Kumbira Kwemashoko RFC - Zvikumbiro zveMakomendi, izvo zvine hukama zvakanyanya nekushanda kune basa reDNS sevhisi, kunyanya zvine chekuita neRewursion kune iyo Maseva eMidzi:
- RFCs 1912, 5735, 6303, uye BCP 32: zvine chekuita ne localhost
- MaRFC 1912, 6303: Chimiro zone ye IPv6 localhost kero
- RFCs 1912, 5735 uye 6303: Ine hukama neiyo Local Network - «Izvi» Network
- RFCs 1918, 5735 uye 6303: Yakavanzika Shandisa Networks
- RFC 6598: Yakagovaniswa Kero Nzvimbo
- RFCs 3927, 5735 uye 6303: Batanidza-yemuno / APIPA
- RFCs 5735 uye 5736: Internet Injiniya Task Force protocol migove
- RFCs 5735, 5737 uye 6303: TEST-NET- [1-3] YeGwaro
- RFCs 3849 uye 6303: IPv6 Muenzaniso Range reGwaro
- BCP 32: Domain Domain Mazita eGwaro uye Kuedza
- RFCs 2544 uye 5735: Router Benchmark Kuedza
- RFC 5735: IANA Yakachengetedzwa - Yekare Kirasi E Space
- RFC 4291: IPv6 Isina Kugoverwa Kero
- RFCs 4193 uye 6303: IPv6 ULA
- RFCs 4291 uye 6303: IPv6 Link Yemunharaunda
- RFCs 3879 uye 6303: IPv6 Yakadzingwa Saiti-Yemunharaunda Kero
- RFC 4159: IP6.INT yakadzingwa
Kuiswa
midzi @ dns: ~ # aptitude kutsvaga bind9 p bind9 - Internet Domain Name Server p p bind9-doc - Zvinyorwa zveBIND ini bind9-inomiririra - Shanduro ye 'host' yakasungwa neBIND 9.X p bind9utils - Zvishandiso zveBIND p gforge-dns-bind9 - yekudyidzana yekuvandudza chishandiso - DNS manejimendi (uchishandisa Bind9) i Libbind9-90 - BIND9 Yakagovaniswa Raibhurari inoshandiswa neBIND
Edza zvakare kumhanya kugona kutsvaga ~ dbind9
midzi @ dns: ~ # aptitude gadza bind9 midzi @ dns: ~ # systemctl restart bind9.service midzi @ dns: ~ # systemctl chimiro bind9.service ● bind9.service - BIND Domain Name Server Yakaremerwa: yakatakura (/lib/systemd/system/bind9.service; akwaniseKudonhedza-mukati: / run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Active: kushanda (kumhanya) kubvira Fri 2017-02-03 10:33:11 EST; 1s apfuura Docs: murume: akatumidzwa (8) Maitiro: 1460 ExecStop = / usr / sbin / rndc kumira (kodhi = yakabuda, chinzvimbo = 0 / KUSVIRA) Main PID: 1465 (inonzi) CGroup: /system.slice/bind9.service 1465 / usr / sbin / anonzi -f -u kusunga Feb 03 10:33:11 dns inonzi [1465]: otomatiki isina nzvimbo: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns inonzi [1465]: raira chiteshi kuteerera pa127.0.0.1 # 953 Feb 03 10:33:11 dns inonzi [1465]: raira chiteshi kuteerera pa :: 1 # 953 Feb 03 10:33:11 dns inonzi [1465]: -keys-zone: akatakura serial 2 Kukadzi 03: 10: 33: 11 dns inonzi [1465]: nzvimbo 0.in-addr.arpa/IN: yakatakura serial 1 Kukadzi 03 10:33:11 dns inonzi [1465]: zone localhost / IN: akatakura serial Feb 2 03 10:33:11 dns inonzi [1465]: zone 127.in-addr.arpa/IN: yakatakura serial Feb 1 03 10:33:11 dns inonzi [1465]: zone 255.in -addr.arpa/IN: akatakura serial 1 Feb 03 10:33:11 dns anonzi [1465]: nzvimbo dzese dzakatakurwa Feb 03 10: 33: 11 dns dzakatumidzwa [1465]: inomhanya Zano: Mimwe mitsara yakasunungurwa, shandisa- kuratidza zvizere.
Kugadziridza mafaera akaiswa neBIND9
Nenzira yakati siyanei pane iyo DNS sevhisi yekumisikidza muCentOS uye yakavhurikaSUSE, muDebian mafaira anotevera akagadzirwa mudhairekitori. / etc / bind:
midzi @ dns: ~ # ls -l / etc / bind / yakazara 52 -rw-r - r-- 1 mudzi mudzi 2389 Jun 30 2015 bind.keys -rw-r - r-- 1 mudzi mudzi 237 Jun 30 2015 db.0 -rw-r - r-- 1 mudzi midzi 271 Jun 30 2015 db.127 -rw-r - r-- 1 mudzi mudzi 237 Jun 30 2015 db.255 -rw-r - r-- 1 mudzi mudzi 353 Jun 30 2015 db.empty -rw- r - r-- 1 mudzi midzi 270 Jun 30 2015 db.local -rw-r - r-- 1 mudzi mudzi 3048 Jun 30 2015 db.root -rw-r - r-- 1 mudzi unosunga 463 Jun 30 2015 inonzi.conf -rw-r - r-- 1 midzi inosunga 490 Jun 30 2015 inonzi.conf.default-zones -rw-r - r-- 1 midzi inosunga 165 Jun 30 2015 inonzi.conf.local -rw -r-r-- 1 mudzi unosunga 890 Feb 3 10: 32 inonzi.conf.options -rw-r ----- 1 sunga kusunga 77 Kukadzi 3 10:32 rndc.key -rw-r - r- - 1 midzi midzi 1317 Jun 30 2015 zones.rfc1918
Ese mafaira ari pamusoro ari mumagwaro akajeka. Kana isu tichida kuziva zvinoreva nezviri mune yega yega, tinogona kuzviita tichishandisa mirairo zvishoma o katsi, inova tsika yakanaka.
Zvinoperekedza zvinyorwa
Mubhuku rekero / usr / share / doc / bind9 tichava ne:
midzi @ dns: ~ # ls -l / usr / share / doc / bind9 Yakazara 56 -rw-r - r-- 1 midzi midzi 5927 Jun 30 2015 copyright -rw-r - r-- 1 mudzi midzi 19428 30 Jun 2015 1 changelog.Debian.gz -rw-r - r-- 11790 mudzi mudzi 27 Jan 2014 1 FAQ.gz -rw-r - r-- 396 mudzi mudzi 30 Jun 2015 1 NEWS.Debian.gz -rw-r - r-- 3362 mudzi mudzi 30 Jun 2015 1 README.Debian. gz -rw-r-r- 5840 midzi midzi 27 Jan 2014 XNUMX README.gz
Mune zvinyorwa zvakapfuura isu tichawana Zvakawanda Zvekudzidza Zvinyorwa izvo tinokurudzira kuverenga KUSVIRA kugadzirisa iyo BIND, uye kunyangwe usati watanga kutsvaga paInternet zvinyorwa zvine chekuita neBIND uye DNS mune zvese.. Tichaverenga izvo zvemamwe emafaira aya:
FAQs o Fzvakakodzera Askd Questions nezve BATA 9
- Kuumbwa uye Kuisa Mibvunzo - Mibvunzo nezveKusanganisa uye Kuisirwa
- Kugadziridza uye Setup Mibvunzo - Mibvunzo nezvekumisikidza uye kugadzirisa
- Kushanda Mibvunzo - Mibvunzo nezve Operation
- General Questions - General kubvunza
- Inoshanda-Sisitimu Yakanangana Mibvunzo - Yakananga Mibvunzo nezve yega yega Inoshanda Sisitimu
- HPUX
- Linux
- Windows
- FreeBSD
- Solaris
- Apple Mac OSX
NEWS.Debian.gz
NEWS.Debian muchidimbu inotiudza kuti ma parameter tendera-mubvunzo-cache y tendera-kudzokorora inogoneswa nekukanganisa kweACLs dzakabatanidzwa mune BIND -yakavakwa mukati- 'localnets'uye'localhost'. Izvo zvinotizivisawo kuti shanduko dzekumisikidza dzakaitwa kuita kuti macache server asanyanya kukwezva pakurwiswa ne Kunyorera kubva kunetiweki dzekunze.
Kuti utarise zvakanyorwa mundima yapfuura, kana kubva kumuchina pane network pachayo 192.168.10.0/24 iyo ndiyo iri mumuenzaniso wedu, tinoita chikumbiro cheDNS pane iyo domain desdelinux.net, uye panguva imwe chete pane server pachayo dns.desdelinux.fan isu tevedzera muswe -f / var / log / syslog tichawana zvinotevera:
buzz @ sysadmin: ~ $ dig localhost .... ;; Sarudza KUSVIRA :; EDNS: vhezheni: 0, mireza :; udp: 4096 ;; CHIKAMU CHEMUBVUNZO :; localhost. IN A ;; MHINDURO CHIKAMU: localhost. 604800 MUNA 127.0.0.1 ;; CHIKAMU CHIKAMU: localhost. 604800 IN NS localhost. ;; CHIMWE CHIKAMU: localhost. 604800 IN AAAA :: 1 buzz@sysadmin:~$ dig desdelinux.com .... ;; OPT PSEUDOSECTION:; EDNS: vhezheni: 0, mireza:; udp: 4096 ;; CHIKAMU MUBVUNZO:;desdelinux.net. IN A ....
midzi @ dns: ~ # muswe -f / var / log / syslog .... Feb 4 13:04:31 dns zita[1602]: kukanganisa (network haisvikiki) kugadzirisa 'desdelinux.net/A/IN': 2001:7fd::1#53 Feb 4 13:04:31 dns zita[1602]: kukanganisa (network isingasvikiki) kugadzirisa 'desdelinux.net/A/IN': 2001:503:c27::2:30#53 ....
Kuburitswa kwe syslog yatoreba zvakanyanya nekuda kweKUSUNGA kutsvaga maseva emidzi. Ehe faira racho /etc/resolv.conf muchikwata sysadmin.desdelinux.fan inonongedza kuDNS 192.168.10.5.
Kubva pakuitwa kwemirairo yapfuura tinogona kutora mhedziso dzinoverengeka a priori:
- Iyo BIND inogadzirirwa nekukasira seCache inoshanda Server pasina kudiwa kwekutevera kumisikidzwa, uye inopindura DNS mibvunzo yeiyo localnets and the localhost
- Kudzokorora - Recursion inogoneswa ye localnets and the localhost
- Haisati iri yeVane masimba server
- Kusiyana neCentOS, kwataifanira kuzivisa paramende «Teerera-pachiteshi 53 {127.0.0.1; 192.168.10.5; }; » zvakajeka kuteerera kweDNS zvikumbiro pamusoro peiyo network interface 192.168.10.5 DNS pachayo, muDebian haina basa nekuti inotsigira DNS zvikumbiro zve localnets and the localhost default. Wongorora zviri mukati mefaira /etc/bind/named.conf.options uye ivo vachaona kuti hapana chirevo teerera-on.
- IPv4 uye IPv6 mibvunzo inogoneswa
Kana kungoverenga nekududzira - tini sekutaura kwedu kuCuba- iyo dura NEWS.Debian.gz Tasvika pamhedziso dzinonakidza dzinotitendera kuti tizive zvishoma nezve iyo Default Configuration Philosophy yeTeam Debian zvine chekuita ne BIND, ndezvipi zvimwe zvinonakidza zvatinga zive nekuenderera mberi nekuverenga mafaera eAchiperekedza Zvinyorwa?.
VERENGA.Debian.gz
VERENGA.Debian inotizivisa -pakati pezvimwe zvinhu zvakawanda- kuti iyo Kuchengetedzwa Kwekuwedzera kweiyo Domain Name System - Domain Name System Security Chengetedzo o DNSSEC, inogoneswa; uye inosimbisa kuti iyo yekumisikidza yekushandira inoshanda kune mazhinji maseva (mashizha emashizha - mashizha emashizha kutaura nezvemashizha emuti wedomeini) pasina chikonzero chekupindira kwevashandisi.
- DNSSEC maererano neWikipedia: Iyo Domain Zita Sisitimu Yekuchengetedzwa Kwekuwedzera (DNSSEC) seti yezvinotsanangurwa zveInternet Engineering Task Force (IETF) kuchengetedza mamwe marudzi eruzivo rwunopihwa nemazita system. domain name (DNS) rinoshandiswa muInternet Protocol (IP). Iyo seti yekuwedzeredzwa kune DNS iyo inopa DNS vatengi (kana kugadzirisa) nekusimbiswa kweiyo DNS dhata sosi, yakasimbiswa kuramba kwekuvapo uye kuvimbika kwedata, asi kwete kuwanikwa kana kuvanzika.
About the Chigadziro Scheme inotitaurira kuti ese maStatic Ekumisikidza Mafaira, maZone Mafaira eMidzi Maseva, uye Dhairekitori uye Dzosera Nzvimbo dze localhost vapinda / etc / bind.
Dhimoni Rinoshanda Dhairekitori ainzi es / var / cache / kusunga kuitira kuti chero faira rinopfuura rinogadzirwa ne ainzi senge dhatabhesi yarinoshanda seMuranda Server, zvakanyorwa muFaira System / var, kunova ndiko kwavanenge vari.
Kusiyana neshanduro dzekare dzeBIND package yeDebian, iyo faira anonzi.conf and the db. zvakapihwa, iwo akanyorwa seyekugadziriswa mafaira. Nenzira yekuti kana isu tichida DNS Server inoshanda zvakanyanya seCache Server uye iyo isiri Mvumo kune chero mumwe munhu, tinogona kuishandisa sekumisikidzwa uye kugadzirirwa nekutadza.
Kana iwe uchida kuita Anemvumo DNS, vanokurudzira kuisa ma Master Zone mafaera mune imwechete dhairekitori / etc / bind. Kana kuoma kwenzvimbo uko iyo ainzi ichave ine Mvumo inoda icho, zvinokurudzirwa kuti ugadzire subdirectory chimiro, uchinongedzera kumahofisi emahara zvachose mufaira anonzi.conf.
Chero Zoni Faira iro iro ainzi ita seMuranda Server inofanirwa kunge iri mukati / var / cache / kusunga.
Iyo Zoni Mafaira inoenderana neDynamic Kugadziridza neDHCP kana iwo wekuraira nupdate, inofanira kuchengetwa mu / var / lib / kusunga.
Kana iyo yekushandisa sisitimu inoshandisa mudziyo, iyo yakaisirwa profil inoshanda chete neiyo yakasarudzika BIND marongero. Dzinotevera shanduko mukugadziriswa kweiyo ainzi ivo vangangoda shanduko kune iyo apparmor chimiro Yakashanyirwa https://wiki.ubuntu.com/DebuggingApparmor usati wazadza fomu uchipomera a tsikidzi mubasa iro.
Pane nyaya dzinoverengeka dzakabatana nekumhanya kweDebian BIND mune Chroot Cage - chroot jeri. Shanyira http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html kune rumwe ruzivo.
Dzimwe ruzivo
murume anonzi, murume anonzi.conf, murume anonzi-checkconf, murume anonzi-checkzone, murume rndc, zvichingodaro
midzi @ dns: ~ # inonzi -v SUNGIRA 9.9.5-9 + deb8u1-Debian (Yakawedzerwa Rutsigiro Shanduro) midzi @ dns: ~ # inonzi -V SUNGIRA 9.9.5-9 + deb8u1-Debian (Yakawedzerwa Rutsigiro Shanduro) yakavakwa nekugadzira ne '--prefix = / usr' '--mandir = / usr / share / murume' \ --infodir = / usr / share / info '' --sysconfdir = / etc / bind '\' - -localstatedir = / var '' - inogonesa-tambo '' - inogonesa-hombe '' --with-libtool '' - inogoneswa-yakagovaniswa '' --enable-static '\' --with-openssl = / usr '' -with-gssapi = / usr '' -with-gnu-ld '\ --with-geoip = / usr' '-with-atf = kwete' '- inogonesa-ipv9' ' - inogoneka-rrl '\' - inogonesa-firita-aaaa '\' CFLAGS = -fno-solid-aliasing -fno-Dele-null-pointer-cheki -DDIG_SIGCHASE -O8 'yakanyorwa neGCC 50 ichishandisa shanduro yeOpenSSL : OpenSSL 6k 2 Jan 4.9.2 uchishandisa libxml1.0.1 vhezheni: 8 midzi @ dns: ~ # ps -e | grep anonzi 408? 00:00:00 anonzi midzi @ dns: ~ # ps -e | grep kusunga 339? 00:00:00 rpcbind midzi @ dns: ~ # ps -e | grep kusunga9 midzi @ dns: ~ # midzi @ dns: ~ # ls / var / run / named / anonzi.pid chikamu.key midzi @ dns: ~ # ls -l /var/run/named/named.pid -rw-r-r- 1 kusunga kusunga 4 Feb 4 13: 20 /var/run/named/named.pid midzi @ dns: ~ # rndc chinzvimbo shanduro: 9.9.5-9 + deb8u1-Debian CPUs dzawanikwa: 9 mushandi tambo: 8 UDP vateereri pa interface: 50 nhamba yenzvimbo: 1 dhigeji nhanho: 1 xfers inomhanya: 1 xfers yakadzoserwa: 100 soa mibvunzo iri kuenderera: vatengi: 0/0 server yakwira uye iri kushanda
- Iko kukosha kwekubvunza iro Gwaro rakaiswa pamwe neBIND9 pakeji hakurambike. pamberi peumwe.
bind9-doc
midzi @ dns: ~ # aptitude yekuisa bind9-doc zvinongedzo2 midzi @ dns: ~ # dpkg -L bind9-doc
Package bind9-doc inoisa, pakati perimwe ruzivo rwakakosha, BATI 9 Administrator Referensi Yekushandisa.
midzi @ dns: ~ # link2 faira: ///usr/share/doc/bind9-doc/arm/Bv9ARM.html
SUNGIRA 9 Administrator Referensi Manual Copyright (c) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (c) 2000-2003 Internet Software Consortium.
Tinovimba unonakidzwa nekuiverenga.
- Pasina kubva pamba, isu tave pedyo neAkawanda Mahwendefa Ezvinyorwa nezve ZVINOSUNGWA uye nezve iyo DNS sevhisi mune zvese.
Isu tinogadzirisa BIND muDebian maitiro
/etc/bind/named.conf "mukuru"
midzi @ dns: ~ # nano /etc/bind/named.conf // Iyi ndiyo yekutanga faira yekumisikidza yeSED DNS server inonzi. // // Ndokumbirawo kuti muverenge /usr/share/doc/bind9/README.Debian.gz neruzivo pane // chimiro cheSUNGIRA mafaira ekumisikidza muDebian, * PASI * paunogadzirisa // iyi faira yekumisikidza. // // Kana iwe uri kungo wedzera nzvimbo, ndapota ita izvozvo mu /etc/bind/named.conf.local sanganisira "/etc/bind/named.conf.options"; sanganisira "/etc/bind/named.conf.local"; inosanganisira "/etc/bind/named.conf.default-zones";
Musoro wataurwa unoda kushandurwa here?
/etc/bind/named.conf.options
midzi @ dns: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original
midzi @ dns: ~ # nano /etc/bind/named.conf.options
sarudzo {dhairekitori "/ var / cache / bind"; // Kana paine firewall pakati pako nemazita mazita aunoda // kutaura nawo, ungangoda kugadzirisa iyo firewall kubvumidza akawanda // madoko kuti ataure. Ona http://www.kb.cert.org/vuls/id/800113 // Kana yako ISP yakapa imwe kana anopfuura IP kero kune akatsiga // nameservers, iwe ungangoda kuvashandisa sevatambi. // Uncomment inotevera block, uye isa maadress anotsiva // iyo yese-0 chinobata. // vanotungamira {// 0.0.0.0; //}; // ============================================== = ==================== $ // Kana BUNGISA matanda ekukanganisa mameseji nezve iyo kiyi yemidzi iri kupera, // iwe uchafanirwa kugadzirisa makiyi ako. Ona https://www.isc.org/bind-keys // ================================= ================================== $
// Hatidi DNSSEC
dnssec-inogonesa kwete;
//dnssec-yekusimbisa auto;
auth-nxdomain kwete; # tevedzera RFC1035
// Hatidi kuteerera IPv6 kero
// teerera-pa-v6 {chero; };
teerera-pa-v6 {hapana; };
// Zvekutarisa kubva kune localhost uye sysadmin
// kuburikidza nekuchera desdelinux.fan axfr // Hatina Muranda DNS... kusvika zvino
tendera-chinja {localhost; 192.168.10.1; };
};
midzi @ dns: ~ # inonzi-checkconf
midzi @ dns: ~ #
/etc/bind/named.conf.local
Mune yakataurwa musoro wefaira iri, vanokurudzira kusanganisira maZones anoratidzwa mune RFC-1918 inotsanangurwa mufaira /etc/bind/zones.rfc1918. Kuiswa kwenzvimbo idzi munharaunda kunopa kuti chero mubvunzo maererano navo hauendi kunze kwenetiweki yemuno kumaseva emidzi, ayo ane zvikomborero zviviri zvakakosha:
- Kurumidza kugadzirisa kwenzvimbo kune vashandisi vemuno
- Izvo hazvigadzi zvisina basa - kana zvisirizvo - traffic kune iyo midzi maseva.
Ini pachangu handina Internet yekubatanidza kuyedza Kudzokororwa kana Kuendesa. Nekudaro, uye sezvo tisina kudzikamisa iyo Kudzokorodza mune inonzi.conf.options faira -nzira dzekudzokorodza kwete; - tinogona kusanganisira nzvimbo dzambotaurwa uye dzimwe dzandinotsanangudza pazasi.
Paunenge uchiisa BIND 9.9.7 pane iyo FreeBSD 10.0 Inoshanda Sisitimu, iri zvakare -uye zvinonzwisisika- Mahara Software, iyo yekumisikidza faira /usr/local/etc/namedb/named.conf.sample iine akateedzana matunhu anokurudzira kushandira imomo ku - zvakare- uwane izvo zvambotaurwa.
Kuti usachinje iyo yekutanga BIND kumisikidza muDebian, tinokurudzira kugadzira iyo faira /etc/bind/zones.rfcFreeBSD uye uzviise mu /etc/bind/named.conf.local nezviri mukati zvinoratidzwa pazasi, uye nenzira - nzira kumafaira akatochinjirwa kuDebian:
midzi @ dns: ~ # nano /etc/bind/zones.rfcFreeBSD
// Yakagovaniswa Kero Nzvimbo (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Unganidzo-yemuno / APIPA (RFCs 3927, 5735 uye 6303)
nzvimbo "254.169.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IETF protocol inopihwa (RFCs 5735 uye 5736)
nzvimbo "0.0.192.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// TEST-NET- [1-3] yeChinyorwa (RFCs 5735, 5737 uye 6303)
nzvimbo "2.0.192.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "100.51.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "113.0.203.in-addr.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Semuenzaniso Range reGwaro (RFCs 3849 uye 6303)
nzvimbo "8.bd0.1.0.0.2.ip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// Mazita eDomain eDhipatimendi uye Kuedza (BCP 32)
zone "test" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "muenzaniso" {mhando tenzi; faira "/etc/bind/db.empty"; }; zone "invalid" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.com" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.net" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "example.org" {type master; faira "/etc/bind/db.empty"; };
// Router Benchmark Kuedza (RFCs 2544 uye 5735)
nzvimbo "18.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "19.198.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IANA Yakachengetedzwa - Old Class E Space (RFC 5735)
nzvimbo "240.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "241.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "242.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "243.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "244.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "245.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "246.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "247.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "248.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "249.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "250.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "251.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "252.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "253.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "254.in-addr.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IPv6 Isina Kero Kero (RFC 4291)
nzvimbo "1.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "3.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "4.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "8.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "a.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "b.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "c.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "d.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "e.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "0.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "1.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "2.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "3.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "4.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "8.f.ip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.f.ip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "afip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "bfip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "0.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "1.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "2.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "3.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "4.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "5.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "6.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "7.efip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 uye 6303)
nzvimbo "cfip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "dfip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Link Yemunharaunda (RFCs 4291 uye 6303)
nzvimbo "8.efip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "9.efip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "aefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "befip6.arpa" {type master; faira "/etc/bind/db.empty"; };
// IPv6 Yakadzingwa Saiti-Yemunharaunda Kero (RFCs 3879 uye 6303)
nzvimbo "cefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "defip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; }; nzvimbo "eefip6.arpa" {type master; faira "/etc/bind/db.empty"; }; nzvimbo "fefip6.arpa" {mhando tenzi; faira "/etc/bind/db.empty"; };
// IP6.INT yakabviswa (RFC 4159)
nzvimbo "ip6.int" {type master; faira "/etc/bind/db.empty"; };
Kunyangwe isu takabvisa mukana wekuteerera zvikumbiro zve IPv6 mumuenzaniso wedu, zvakakodzera kuti ubatanidze nzvimbo dze IPv6 mufaira rapfuura kune avo vanozvida.
Zvekupedzisira zvemukati zve /etc/bind/named.conf.local es:
midzi @ dns: ~ # nano /etc/bind/named.conf.local
// // Ita chero gadziriso yemuno pano // // Funga kuwedzera iyo 1918 nzvimbo pano, kana dzisina kushandiswa mune yako // sangano
sanganisira "/etc/bind/zones.rfc1918"; inosanganisira "/etc/bind/zones.rfcFreeBSD";
// Kuzivisa kwezita, mhando, nzvimbo, uye kugadzirisa mvumo
// yeiyo DNS Marekodhi Nzvimbo Dzese // Dzese Nzvimbo Dziri MASTERS
nzvimbo"desdelinux.fani" {
mhando tenzi;
faira"/var/lib/bind/db.desdelinux.fani";
};
nzvimbo "10.168.192.in-addr.arpa" {
mhando tenzi;
faira "/var/lib/bind/db.10.168.192.in-addr.arpa";
};
midzi @ dns: ~ # inonzi-checkconf midzi @ dns: ~ #
Isu tinogadzira mafaera eZoni yega yega
Izvo zvirimo mumafaira munzvimbo yega yega zvinogona kutevedzwa sezvazviri kubva kuchinyorwa «DNS uye DHCP pane CentOS 7«, Chero bedzi isu tichingwarira kushandura dhairekitori rekuenda ku / var / lib / kusunga:
[mudzi @ dns ~] # nano /var/lib/bind/db.desdelinux.fan $TTL 3H @ IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. ( 1 ; serial 1D ; refresh 1H ; edzazve 1W ; expire 3H ); Minimum or ; Negative caching nguva yekurarama; @ IN NS dns.desdelinux.fan. @ IN MX 10 email.desdelinux.fan. @ IN TXT "DesdeLinux, blog yake yakatsaurirwa kune software yemahara "; Sysadmin in A 192.168.10.1 AD-DC IN A 192.168.10.3 FILESERVER IN A 192.168.10.4 DNS IN A 192.168.10.5 PROXYWEB IN A 192.168.10.6 BVERSER IN A 192.168.10.7 mail IN A 192.168.10.8 [midzi @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa $TTL 3H @ IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. ( 1 ; serial 1D ; refresh 1H ; edzazve 1W ; expire 3H ); Minimum or ; Negative caching nguva yekurarama; @ IN NS dns.desdelinux.fan. ; 1 IN PTR sysadmin.desdelinux.fan. 3 IN PTR ad-dc.desdelinux.fan. 4 IN PTR fileserver.desdelinux.fan. 5 IN PTR dns.desdelinux.fan. 6 IN PTR proxyweb.desdelinux.fan. 7 IN PTR blog.desdelinux.fan. 8 IN PTR ftpserver.desdelinux.fan. 9 IN PTR tsamba.desdelinux.fan.
Isu tinotarisa syntax yedunhu rega rega
midzi @ dns: ~ # inonzi-checkzone desdelinux.fan /var/lib/bind/db.desdelinux.fan mapazi desdelinux.fan/IN: loaded serial 1 OK midzi @ dns: ~ # inonzi-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa nzvimbo 10.168.192.in-addr.arpa/IN: yakatakura serial 1 OK
Kutarisa yakajairika BIND marongero
midzi @ dns: ~ # inonzi-checkconf -zp
- Kutevera maitiro ekugadzirisa iyo anonzi.conf Zvinoenderana nezvatinoda uye tarisa, uye gadzira yega zone zone uye woitarisa, isu tinopokana kuti isu tichafanirwa kutarisana nematambudziko makuru ekugadzirisa. Mukupedzisira tinoona kuti mutambo wemukomana, une pfungwa zhinji uye syntax yekukakavara. 😉
Iwo macheki akadzosa zvinogutsa mhedzisiro, saka tinogona kutangazve iyo BIND - ainzi.
Isu tinotangazve CHINHU uye tarisa mamiriro ayo
[midzi @ dns ~] # systemctl kutangazve bind9.service [midzi @ dns ~] # systemctl chimiro bind9.service ● bind9.service - BIND Domain Name Server Yakaremerwa: yakatakura (/lib/systemd/system/bind9.service; yakagoneswa) Kudonhedza-mukati: / run / sisitimu / generator / bind9.service.d └─50-insserv.conf- $ named.conf Inoshanda: inoshanda (inomhanya) kubvira Sun 2017-02-05 07:45:03 EST; 5s apfuura Docs: murume: akatumidzwa (8) Maitiro: 1345 ExecStop = / usr / sbin / rndc kumira (kodhi = yakabuda, chinzvimbo = 0 / KUSVIRA) Main PID: 1350 (inonzi) CGroup: /system.slice/bind9.service └─1350 / usr / sbin / anonzi -f -u kusunga Feb 05 07: 45: 03 dns inonzi [1350]: zone 1.f.ip6.arpa/IN: yakatakura serial 1 Feb 05 07:45:03 dns inonzi [1350]: zone afip6.arpa/IN: yakatakura serial 1 Kukadzi 05 07:45:03 dns inonzi [1350]: zone localhost / IN: yakatakura serial 2 Feb 05 07: 45: 03 dns inonzi [1350]: zone test / IN: akatakura serial 1 Feb 05 07:45:03 dns inonzi [1350]: zone example / IN: yakatakurwa serial 1 Feb 05 07:45:03 dns inonzi [1350]: zone 5.efip6.arpa/IN: yakatakura serial 1 Feb 05 07:45:03 dns inonzi [1350]: zone bfip6.arpa/IN: rakaremerwa serial 1 Feb 05 07:45:03 dns inonzi [1350]: zone ip6.int/IN: yakatakura serial 1 Kukadzi 05 07:45:03 dns inonzi [1350]: nzvimbo dzese dzakatakurwa Feb 05 07: 45: 03 dns inonzi [1350]: kumhanya
Kana isu tikawana chero rudzi rwemhosho mukubuda kwemutemo wekupedzisira, isu tinofanirwa kutangazve iyo named.basa uye tarisa yako chinzvimbo. Kana zvikanganiso zvikashaikwa, sevhisi yakatanga zvinobudirira. Zvikasadaro, isu tinofanirwa kuita ongororo yakakwana yemafaira ese akagadziridzwa uye akagadzirwa, uye dzokorora maitiro
Macheki
Iwo macheki anogona kumhanyisa pane imwechete server kana pamushini wakabatana neLAN. Isu tinosarudza kuzviita kubva kuchikwata sysadmin.desdelinux.fan kwatakapa mvumo yakajeka yekuita Zone Transfers. Iyo faira /etc/resolv.conf yechikwata icho chinotevera:
buzz @ sysadmin: ~ $ katsi /etc/resolv.conf # Yakagadzirwa neNetworkManager kutsvaga desdelinux.fan nameserver 192.168.10.5 buzz@sysadmin:~$ dig desdelinux.fan axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; sarudzo dzepasi rose: +cmd desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 desdelinux.fan. 10800 IN NS dns.desdelinux.fan. desdelinux.fan. 10800 IN MX 10 email.desdelinux.fan. desdelinux.fan. 10800 IN TXT"DesdeLinux, Blog rako rakatsaurirwa kuMahara Software" ad-dc.desdelinux.fan. 10800 IN A 192.168.10.3 blog.desdelinux.fan. 10800 IN A 192.168.10.7 dns.desdelinux.fan. 10800 IN TO 192.168.10.5 fileserver.desdelinux.fan. 10800 IN A 192.168.10.4 ftpserver.desdelinux.fan. 10800 IN A 192.168.10.8 mail.desdelinux.fan. 10800 IN A 192.168.10.9 proxyweb.desdelinux.fan. 10800 IN A 192.168.10.6 sysadmin.desdelinux.fan. 10800 IN TO 192.168.10.1 desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Nguva yekubvunza: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5);; LINI: Sun Feb 05 07:49:01 EST 2017 ;; XFR saizi: 13 zvinyorwa (mameseji 1, mabheti 385) buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr ;; pasi rose zvingasarudzwa: +cmd 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 IN NS dns.desdelinux.fan. 1.10.168.192.in-addr.arpa. 10800 IN PTR sysadmin.desdelinux.fan. 3.10.168.192.in-addr.arpa. 10800 IN PTR ad-dc.desdelinux.fan. 4.10.168.192.in-addr.arpa. 10800 IN PTR fileserver.desdelinux.fan. 5.10.168.192.in-addr.arpa. 10800 IN PTR dns.desdelinux.fan. 6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux.fan. 7.10.168.192.in-addr.arpa. 10800 IN PTR blog.desdelinux.fan. 8.10.168.192.in-addr.arpa. 10800 IN PTR ftpserver.desdelinux.fan. 9.10.168.192.in-addr.arpa. 10800 IN PTR tsamba.desdelinux.fan. 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Nguva yekubvunza: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5);; LINI: Sun Feb 05 07:49:47 EST 2017 ;; XFR saizi: 11 zvinyorwa (mameseji 1, mabheti 333) buzz@sysadmin:~$ dig IN SOA desdelinux.fan buzz@sysadmin:~$ dig IN MX desdelinux.fan buzz@sysadmin:~$ dig IN TXT desdelinux.fan buzz @ sysadmin: ~ $ inomiririra proxyweb proxyweb.desdelinux.fan has address 192.168.10.6 buzz @ sysadmin: ~ $ host ftpserver ftpserver.desdelinux.fan has address 192.168.10.8 buzz @ sysadmin: ~ $ inomiririra 192.168.10.9 9.10.168.192.in-addr.arpa domain name pointer mail.desdelinux.fan.
… Uye chero mamwe macheki atinoda.
Isu tinoisa uye tinogadzirisa DHCP
PaDebian, iyo DHCP sevhisi inopihwa nepakeji isc-dhcp-server:
midzi @ dns: ~ # aptitude yekutsvaga isc-dhcp i-isc-dhcp-mutengi - DHCP mutengi wekutsvaga otomatiki IP kero p isc-dhcp-mutengi-dbg - ISC DHCP server ye otomatiki IP kero kupihwa (mutengi debug) iisc-dhcp-yakajairika - mafaira akajairika anoshandiswa neese isc-dhcp mapakeji p isc-dhcp-dbg - ISC DHCP server ye otomatiki IP kero yekupihwa (kubvisa chiratidzo p. daemon p isc-dhcp-relay-dbg - ISC DHCP server ye otomatiki IP kero yekupihwa (relay debug) p isc-dhcp-server - ISC DHCP server ye otomatiki IP kero kupihwa basa p isc-dhcp-server-dbg - ISC DHCP server ye otomatiki IP kero yekupihwa (server debug) p isc-dhcp-server-ldap - DHCP server inoshandisa LDAP seyayo backend midzi @ dns: ~ # aptitude yekuisa isc-dhcp-server
Mushure mekumisikidzwa kwepakeji, iyo -omnipresent- systemd inogunun'una kuti haina kukwanisa kutanga sevhisi. MuDebian, isu tinofanirwa kuzivisa zvakajeka pamusoro peiyo network network iyo ichabhadharisa IP kero uye kupindura kune zvikumbiro, iyo isc-dhcp-server:
midzi @ dns: ~ # nano / etc / default / isc-dhcp-server .... # Pane nzvimbo dzipi dzinofanirwa kuseva DHCP (dhcpd) kushandira zvikumbiro zveDHCP? # Patsanura nzvimbo dzakawanda dzine nzvimbo, semuenzaniso "eth0 eth1". INTERFACES = "eth0"
Akaisa zvinyorwa
midzi @ dns: ~ # ls -l / usr / share / doc / isc-dhcp-server / Yakazara 44 -rw-r - r-- 1 midzi midzi 1235 Dec 14 2014 copyright -rw-r - r-- 1 mudzi midzi 26031 Feb 13 2015 changelog.Debian.gz drwxr-xr-x 2 midzi midzi 4096 Feb 5 08 : 10 mienzaniso -rw-r-r-- 1 midzi midzi 592 Dec 14 2014 NEWS.Debian.gz -rw-r - r-- 1 mudzi mudzi 1099 Dec 14 2014 README.Debian
TSIG kiyi "dhcp-kiyi"
Chizvarwa cheiyi kiyi chinokurudzirwa TSIG o Chiitiko Siginecha - Transaction SIGmuzvarirwo, yekusimbiswa kwesimba reDNS kugadzirisa neDHCP. Sezvatakaona muchinyorwa chakapfuura «DNS uye DHCP pane CentOS 7«, Isu tinofunga kuti chizvarwa cheiyi kiyi hachina kukosha, kunyanya kana ese masevhisi akaiswa pane imwechete server. Nekudaro, isu tinopa maitiro akajairwa echizvarwa chayo otomatiki:
midzi @ dns: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -nUSER dhcp-kiyi
Kdhcp-kiyi. + 157 + 11088
midzi @ dns: ~ # kati Kdhcp-key. + 157 + 11088
Yakavanzika-kiyi-fomati: v1.3 Algorithm: 157 (HMAC_MD5) Kiyi: TEqfcx2FUMYBQ1hA1ZGelA == Bits: AAA = Yakagadzirwa: 20170205121618 Tsikisa: 20170205121618 Activate: 20170205121618
midzi @ dns: ~ # nano dhcp.key
kiyi dhcp-kiyi {
algorithm hmac-md5;
chakavanzika "TEqfcx2FUMYBQ1hA1ZGelA ==";
};
midzi @ dns: ~ # gadza -o mudzi -g kusunga -m 0640 dhcp.key /etc/bind/dhcp.key (email yakachengetedzwa): ~ # gadza -o mudzi -g mudzi -m 0640 dhcp.key / etc / dhcp /dhcp.key (email yakachengetedzwa): ~ # ls -l /etc/bind/*.key
-rw-r ----- 1 mudzi unosunga 78 Feb 5 08: 21 /etc/bind/dhcp.key -rw-r ----- 1 sunga kusunga 77 Kukadzi 4 11:47 / etc / bind / rndc .key
midzi @ dns: ~ # ls -l /etc/dhcp/dhcp.key
-rw-r ----- 1 mudzi midzi 78 Feb 5 08: 21 /etc/dhcp/dhcp.key
Kugadziridza ZVEKUSUNGWA Zones uchishandisa dhcp-kiyi
midzi @ dns: ~ # nano /etc/bind/named.conf.local
// // Ita chero zvigadziriso zvepanzvimbo pano // // Funga kuwedzera nzvimbo dze1918 pano, kana dzisina kushandiswa musangano rako // dzinosanganisira "/etc/bind/zones.rfc1918"; sanganisira "/etc/bind/zones.rfcFreeBSD"; sanganisira "/etc/bind/dhcp.key"; // Kuziviswa kwezita, mhando, nzvimbo, uye mvumo yekuvandudza // yeDNS Record Zone // MaZoni ese ari MASTER zone "desdelinux.fan" {type master; faira "/var/lib/bind/db.desdelinux.fani";
tendera-gadziriso {kiyi dhcp-kiyi; };
}; nzvimbo "10.168.192.in-addr.arpa" {mhando tenzi; faira "/var/lib/bind/db.10.168.192.in-addr.arpa";
tendera-gadziriso {kiyi dhcp-kiyi; };
};
midzi @ dns: ~ # inonzi-checkconf midzi @ dns: ~ #
Isu tinogadzirisa iyo isc-dhcp-server
midzi @ dns: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
midzi @ dns: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style interim; ddns-updates on; ddns-domainname "desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; authoritative; option ip-forwarding off; option domain-name "desdelinux.fan"; sanganisira "/etc/dhcp/dhcp.key"; zone desdelinux.fan. {yekutanga 127.0.0.1; kiyi dhcp-kiyi; } nzvimbo 10.168.192.in-addr.arpa. {yekutanga 127.0.0.1; kiyi dhcp-kiyi; } yakagovaniswa-network redlocal { subnet 192.168.10.0 netmask 255.255.255.0 { sarudzo routers 192.168.10.1; sarudzo subnet-mask 255.255.255.0; sarudzo nhepfenyuro-kero 192.168.10.255; sarudzo domain-zita-servers 192.168.10.5; sarudzo netbios-zita-servers 192.168.10.5; range 192.168.10.30 192.168.10.250; } } # END dhcpd.conf
Isu tinotarisa iyo dhcpd.conf faira
midzi @ dns: ~ # dhcpd -t Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Kodzero dzose dzakachengetedzwa. Zveruzivo, ndokumbira ushanyire https://www.isc.org/software/dhcp/ Config faira: /etc/dhcp/dhcpd.conf Dhatabhesi faira: /var/lib/dhcp/dhcpd.leases PID faira: / var / run /dhcpd.pid
Isu tinotangazve CHINHU uye kutanga iyo isc-dhcp-server
midzi @ dns: ~ # systemctl restart bind9.service midzi @ dns: ~ # systemctl chimiro bind9.service midzi @ dns: ~ # systemctl kutanga isc-dhcp-server.service midzi @ dns: ~ # systemctl chimiro isc-dhcp-server.service ● isc-dhcp-server.service - LSB: DHCP server Yakatakurwa: yakatakura (/etc/init.d/isc-dhcp-server) Inoshanda: inoshanda (inomhanya) kubvira Sun 2017-02-05 08:41:45 EST; 6s apfuura Maitiro: 2039 ExecStop = / etc / init.d / isc-dhcp-server stop (code = exited, status = 0 / SUCCESS) Maitiro: 2049 ExecStart = / etc / init.d / isc-dhcp-server start ( kodhi = yakabuda, chinzvimbo = 0 / KUSVIRA) CGroup: /system.slice/isc-dhcp-server.service -2057 / usr / sbin / dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf / var / run / dhcpd.pid eth0 Feb 05 08: 41: 43 dns dhcpd [2056]: Akanyora 0 leases kune lease faira. Feb 05 08: 41: 43 dns dhcpd [2057]: Server kutanga sevhisi. Feb 05 08: 41: 45 dns isc-dhcp-server [2049]: Kutanga ISC DHCP server: dhcpd.
Cheki nevatengi
Takatanga mutengi neWindows 7 operating system, iine zita rekuti «LAGER».
buzz @ sysadmin: ~ $ inomiririra lager LAGER.desdelinux.fan has address 192.168.10.30 buzz@sysadmin:~$ dig in txt lager.desdelinux.fan
Isu tinoshandura zita remutengi iyeye "manomwe" tobva tatangazve mutengi
buzz @ sysadmin: ~ $ inomiririra lager ;; kubatana kwakapera; hapana maseva aigona kusvikwa Buzz@sysadmin: ~ $ inomiririra manomwe minomwe.desdelinux.fan has address 192.168.10.30 buzz @ sysadmin: ~ $ inomiririra 192.168.10.30 30.10.168.192.in-addr.arpa domain name pointer seven.desdelinux.fan. buzz@sysadmin:~$ dig in txt seven.desdelinux.fan
Isu takachinja zita remutengi neWindows 7 kudzokera ku "win7"
buzz @ sysadmin: ~ $ inomiririra manomwe ;; kubatana kwakapera; hapana maseva aigona kusvikwa buzz @ sysadmin: ~ $ inomiririra win7 win7.desdelinux.fan has address 192.168.10.30 buzz @ sysadmin: ~ $ inomiririra 192.168.10.30 30.10.168.192.in-addr.arpa domain name pointer win7.desdelinux.fan. buzz@sysadmin:~$ dig in txt win7.desdelinux.fan ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> mu txt win7.desdelinux.fan ;; sarudzo dzepasi rose: +cmd ;; Ndawana mhinduro: ;; ->> HEADER <<- opcode: QUERY, chimiro: NOERROR, id: 11218 ;; mireza: qr aa rd ra; MUBVUNZO: 1, MHINDURO: 1, SIMBA: 1, ZVIMWE: 2 ;; OPT PSEUDOSECTION:; EDNS: vhezheni: 0, mireza:; udp: 4096 ;; CHIKAMU CHEMUBVUNZO:;win7.desdelinux.fan. IN TXT ;; MHINDURO CHIKAMU: win7.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" ;; CHIKAMU CHIKAMU: desdelinux.fan. 10800 IN NS dns.desdelinux.fan. ;; CHIKAMU CHIKAMU: dns.desdelinux.fan. 10800 IN A 192.168.10.5 ;; Nguva yekubvunza: 0 msec ;; SERVER: 192.168.10.5#53(192.168.10.5);; KANA: Zuva Feb 05 09:13:20 EST 2017 ;; MSG SIZE rcvd: 129 buzz@sysadmin:~$ dig desdelinux.fan axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; sarudzo dzepasi rose: +cmd desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800 desdelinux.fan. 10800 IN NS dns.desdelinux.fan. desdelinux.fan. 10800 IN MX 10 email.desdelinux.fan. desdelinux.fan. 10800 IN TXT"DesdeLinux, Blog rako rakatsaurirwa kuMahara Software" ad-dc.desdelinux.fan. 10800 IN A 192.168.10.3 blog.desdelinux.fan. 10800 IN A 192.168.10.7 dns.desdelinux.fan. 10800 IN TO 192.168.10.5 fileserver.desdelinux.fan. 10800 IN A 192.168.10.4 ftpserver.desdelinux.fan. 10800 IN A 192.168.10.8 mail.desdelinux.fan. 10800 IN A 192.168.10.9 proxyweb.desdelinux.fan. 10800 IN A 192.168.10.6 sysadmin.desdelinux.fan. 10800 IN TO 192.168.10.1 win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" win7.desdelinux.fan. 3600 IN A 192.168.10.30 desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800 ;; Nguva yekubvunza: 2 msec ;; SERVER: 192.168.10.5#53(192.168.10.5);; KANA: Zuva Feb 05 09:15:13 EST 2017 ;; XFR saizi: 15 zvinyorwa (mameseji 1, bytes 453)
Mukubuda pamusoro, isu takasimbisa pa ushingi ari TTL - mumasekondi- emakomputa ane IP kero dzakapihwa neDHCP sevhisi avo vane chirevo chakajeka cheTTL 3600 chakapihwa neDHCP. Fixed IPs inotungamirwa neiyo $ TTL ye3H -3 maawa = 10800 masekondi- yakaziviswa mune iyo SOA rekodhi yeiyo yega zone faira.
Ivo vanogona kutarisa iyo reverse zone nenzira imwecheteyo.
[midzi @ dns ~] # chera 10.168.192.in-addr.arpa axfr
Mimwe mirairo inonakidza kwazvo ndeiyi:
[midzi @ dns ~] # yakanzi-journalprint /var/lib/bind/db.desdelinux.fan.jnl Del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 wedzera LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 wedzera LAGER.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" kubva desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 ye LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 ye LAGER.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 wedzera manomwe.desdelinux.fan. 3600 IN A 192.168.10.30 wedzera nomwe.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" kubva desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 yevanomwe.desdelinux.fan. 3600 IN A 192.168.10.30 wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 yevanomwe.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800 wedzera desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800 wedzera win7.desdelinux.fan. 3600 IN A 192.168.10.30 wedzera win7.desdelinux.fan. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" [midzi @ dns ~] # yakatumidzwa-journalprint /var/lib/bind/db.10.168.192.in-addr.arpa.jnl kubva 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. kubva 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR nomwe.desdelinux.fan. kubva 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR nomwe.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR win7.desdelinux.fan. [midzi @ dns ~] # journalctl -f
Manual modification yeZones mafaira
Mushure mekunge DHCP yapinda mumutambo wekuvandudza zvine simba BIND zone mafaera, kana tikazomboda kushandura manzwi faira renzvimbo, isu tinofanirwa kuita zvinotevera maitiro, asi kwete tisati taziva zvishoma nezve kushanda kwenzvimbo. rndc -murume rndc- yekutonga kwe ainzi.
- rndc yakaoma [nzvimbo [kirasi [maonero]]], inomisa iyo yekuvandudza ine simba yenzvimbo. Kana imwe isina kutaurwa, ese anotonhora. Iwo wekuraira unobvumidza manyorerwo ekugadzirisa enzvimbo yakaoma nechando kana nzvimbo dzese. Chero chipi chinogadziridza chine simba chinorambwa chichigwamba.
- rndc nyungudika [nzvimbo [kirasi [maonero]]], inogonesa inogadziridza ane simba pane yaimbove chando nzvimbo. Iyo DNS server inodzoreredza iyo zone faira kubva ku disk, uye zvine simba zvinowedzerwazve zvinogoneswa mushure mekuregedza kwapera.
Chenjedzo dzinotorwa kana isu tichigadzirisa faira renzvimbo? Zvakafanana nekunge taive tichigadzira iyo, tisingakanganwe kuwedzera serial nhamba na1 kana Serial usati wachengeta iyo faira neshanduko dzekupedzisira.
Isu tinomisa nzvimbo
Sezvo isu tichaenda kuita shanduko kuPamberi neReverse Zones nepo DNS neDHCP zvichimhanya, chinhu chine hutano pane zvese kuita kuita kuomesa nzvimbo dzeDNS:
[midzi @ dns ~] # rndc inotonhora
Nzvimbo desdelinux.fan ine zvinyorwa zvinotevera:
[mudzi @ dns ~] # katsi /var/lib/bind/db.desdelinux.fan
$ORIGIN . $TTL 10800 ; 3 maawa
desdelinux.fan IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
8; serial
86400 ; zorodza (zuva rimwe) 1; edzazve (3600 awa) 1 ; kupera (vhiki 604800) 1; zvishoma (10800 maawa) ) NS dns.desdelinux.fan. MX 10 email.desdelinux.fan. TXT"DesdeLinux, Blog rako rakatsaurirwa kuMahara Software" $ORIGIN desdelinux.fan. ad-dc Ku 192.168.10.3 blog Ku 192.168.10.7 dns Ku 192.168.10.5 fileserver Ku 192.168.10.4 ftpserver Ku 192.168.10.8 mail Ku 192.168.10.9 192.168.10.6. Ku 192.168.10.1 3600 $TTL 1 ; 7 awa win192.168.10.30 A 31 TXT "7228b3dd3a73b2be9fda09e601e3f9eXNUMX"
Ngatitorei sevha «shore wall»Iine IP 192.168.10.10:
mudzi@dns:~# nano /var/lib/bind/db.desdelinux.fan
$ORIGIN . $TTL 10800 ; 3 maawa
desdelinux.fan IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
9; serial
86400 ; zorodza (zuva rimwe) 1; edzazve (3600 awa) 1 ; kupera (vhiki 604800) 1; zvishoma (10800 maawa) ) NS dns.desdelinux.fan. MX 10 email.desdelinux.fan. TXT"DesdeLinux, Blog rako rakatsaurirwa kuMahara Software" $ORIGIN desdelinux.fan. ad-dc Ku 192.168.10.3 blog Ku 192.168.10.7 dns Ku 192.168.10.5 fileserver Ku 192.168.10.4 ftpserver Ku 192.168.10.8 mail Ku 192.168.10.9 To 192.168.10.6 proxy.
shorewall A 192.168.10.10
sysadmin A 192.168.10.1 $ TTL 3600; 1 awa win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
Isu tinofanirwa zvakare kugadzirisa iyo reverse zone:
midzi @ dns: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN . $TTL 10800 ; 3 maawa 10.168.192.in-addr.arpa IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
7; serial
86400 ; zorodza (zuva rimwe) 1; edzazve (3600 awa) 1 ; kupera (vhiki 604800) 1; zvishoma (10800 maawa) ) NS dns.desdelinux.fan. $ORIGIN 10.168.192.in-addr.arpa. 1 PTR sysadmin.desdelinux.fan. 3 PTR ad-dc.desdelinux.fan. $TTL 3600 ; 1 awa 30 PTR win7.desdelinux.fan. $TTL 10800 ; 3 maawa 4 PTR fileserver.desdelinux.fan. 5 PTR dns.desdelinux.fan. 6 PTR proxyweb.desdelinux.fan. 7 PTR blog.desdelinux.fan. 8 PTR ftpserver.desdelinux.fan. 9 PTR tsamba.desdelinux.fan.
10 PTR shorewall.desdelinux.fan.
Isu tinodzora uye tinowedzerazve nzvimbo
[midzi @ dns ~] # rndc nyungudika midzi @ dns: ~ # journalctl -f -- matanda anotanga neSun 2017-02-05 06:27:10 EST. -- Feb 05 12:00:29 dns yakatumidzwa[1996]: yakagamuchira control channel command 'thaw' Feb 05 12:00:29 dns yakatumidzwa[1996]: kunyungudusa nzvimbo dzose: kubudirira Feb 05 12:00:29 dns zita[ 1996]: zone 10.168.192.in-addr.arpa/IN: rejenari faira rapera: kubvisa rejenari faira Feb 05 12:00:29 dns zita[1996]: zone 10.168.192.in-addr.arpa/ IN: yakarodha seriyori 7 Kukadzi 05 12:00:29 dns yakanzi[1996]: nzvimbo desdelinux.fan/IN: rejenari faira rapera: kubvisa rejenari faira Feb 05 12:00:29 dns zita[1996]: zone desdelinux.fan/IN: loaded serial 9 buzz @ sysadmin: ~ $ inomiririra shorewall shorewall.desdelinux.fan has address 192.168.10.10 buzz @ sysadmin: ~ $ inomiririra 192.168.10.10 10.10.168.192.in-addr.arpa domain name pointer shorewall.desdelinux.fan. buzz@sysadmin:~$ dig desdelinux.fan axfr buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr midzi @ dns: ~ # journalctl -f .... Feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): kuchinjisa kwe 'desdelinux.fan/IN': AXFR yakatanga Kukadzi 05 12:03:05 dns yakatumidzwa[1996]: mutengi 192.168.10.1#37835 (desdelinux.fan): kuchinjisa kwe 'desdelinux.fan/IN': AXFR yakapera Kukadzi 05 12:03:20 dns zita[1996]: mutengi 192.168.10.1#46905 (10.168.192.in-addr.arpa): kuendeswa kwe '10.168.192.in-add.in-add. arpa/IN': AXFR yakatanga Kukadzi 05 12:03:20 dns zita[1996]: mutengi 192.168.10.1#46905 (10.168.192.in-addr.arpa): kuendeswa kwe '10.168.192.ar-add. /IN': AXFR yapera
Resumen
Parizvino tine Caché DNS server iri kushanda, iyo inotsigira Kudzokorodza, inova Authoritarian yeZoni desdelinux.fan, uye izvo zvinobvumidza DHCP kugadzirisa iyo Forward uye Reverse Zones nemazita emakomputa neIP iyo yainopa.
Ichi chinyorwa uye zvakapfuura zviviri «DNS uye DHCP mune yakavhurikaSUSE 13.2 'Harlequin'"uye"DNS uye DHCP pane CentOS 7»Ari kuita imwe chete. Iwe unowana akajairika mazano pamusoro peDNS uye DHCP, uye zvakasarudzika zvekugoverwa kwega kwega mune yega yega. Ivo vari Pinda yekupinda kune iyo nyaya, uye hwaro hwekuwedzera kuomarara.
Hatife kuzeza kuomerera - kamwe zvakare - pane kukosha kwekuverenga zvinyorwa zvehunyanzvi izvo zvakaiswa nekusarongeka nepakeji imwe neimwe, KUSVIRA kugadzirisa chero ruzivo. Tinozvitaura kubva pane zvatinoona isu pachedu.
Kunotevera kuendesa
Zvichida "Microsoft® Active Directory + BATA"
Icho chidimbu chedzidziso chawakatumira mudiwa, ini handizive kuti kwakawanda sei kugona kwemashoko uye kurongeka mumisoro yakaoma seiya inobva.
Makorokoto angu epachokwadi, kukudzwa kugona kukuverenga iwe
Ndinofanira kukuudza kuti iyo HOSTIA ndidzo dzidziso dzaunoburitsa, ndinovada.
Ndiri kugara ndakamirira chitsauko chako chinotevera.
Paunenge wapedza, uchaiisa mu pdf? Icho chinyorwa icho mumaonero angu chakakosha kwazvo, chakakodzera kuchengetwa zvakanaka.
Ndinokutendai zvikuru uye kukwazisa kukuru.
Bafo.
Bafo: Maita basa chaizvo nekuongorora uye nekutaura. Mubairo wakanakisa wenguva, basa, uye kushanda nesimba kwandinozvipira kumudzidzisi wega wega ndewekutaura. Zvingave zvakanaka kana zvisina kunaka, asi ndicho chiratidzo chekuti hazviendi zvisingaonekwe. Ini ndinofungidzira yakawanda yevaverengi ingo dhawunirodha uye chengeta, kana kuimaka. Asi ini ndinogona kungofungidzira kuti zvinoenderana nenhamba yekushanya. Zvinosuruvarisa kuti havasi vazhinji vanotaura, kunyange ini ndichiziva kuti iwo nyaya dzandinokurukura ndedzechokwadi kune maSysadmins. Kwazisai nemiwo uye ini ndichakumirirai mune zvinyorwa zvangu zvinotevera.
Lagarto: Ndatenda nekuongorora kwako kwechokwadi kwandichagara ndichifunga.
Kugadziridza kwacho kungave sei kana ini ndiine maviri maratidziro emukati mune yekusunga
Kutenda uye makorokoto pane izvo zvinhu.
Artus: Ndatenda nekutaura uye makorokoto ako.
Mhinduro kumubvunzo wako inokodzera chinyorwa chakaparadzaniswa pakushandiswa kwemaonero - Views MUCHISUNGWA.
Kana iwe uine Nzvimbo Yakatumirwa pasi pebasa rako, uye iwe uchida kuve neYAKASUNGWA imwe yekupinda mukati memibvunzo kubva kuLAN yako uye nekunze mibvunzo kubva paInternet -IYO BIND inodzivirirwa neFirewall zvechokwadi- zvinokurudzirwa kushandisa Maonero .
Maonero, semuenzaniso, anotendera iwe kuti upe kumisikidza kweSME Network yako uye imwe yeInternet. Kana isu tisingagadzirise chero View zvakajeka, iyo BIND inonyatso gadzira imwe chete inoratidza ese makomputa anoitarisa.
Sekushandisa kweMaonero ini ndinoiona sehurukuro yepamusoro anogona uye nyora chinyorwa nezvazvo, usati kana mushure mechipikirwa chakaziviswa pakupera kwayo.
Ikozvino, kana iwe uine maviri maumboni maseru anotarisana neako SME Network-yakagadziridzwa nemaPrivate Networks- chero chikonzero chekugadzira, mutoro chiyero, nhamba yemidziyo kana imwe, uye iwe uchida kuendesa nzvimbo dzako dzese kumataneti ese ari maviri, unogona gadzirisa nechirevo:
teerera-on {
127.0.0.1;
IP-Yakavanzika-Interface1;
IP-interface-Yakavanzika2;
};
Nenzira iyi, BIND anoteerera zvikumbiro pane ese maviri maficha.
Kana makomputa ako ese ari paClass C Yakavanzika Network 192.168.10.0/255.255.240.0 -kusvika kune 4094 mauto- semuenzaniso, unogona zvakare kushandisa chirevo:
teerera-pa {127.0.0.1; 192.168.10.0/20; };
Uye iwe unoramba uchiratidza kutaridzika kumwe kumakomputa ese akabatana neako wega LAN.
Ndinovimba mhinduro yangu pfupi inokubatsira. Kwaziso nekubudirira.
Kutenda nemhinduro nekukurumidza. Iwe unoona ndiri kuseta iyo Debian Server ine vhezheni 9 (Strech), iine DNS, dhcp uye squid sevamiriri, kune maficha maficha andichashandisa e2guardian.
Iyo komputa ine maviri network maficha, ayo anotendera makomputa ari paLAN kuenda kuInternet.
router: 192.168.1.1
eth0: 192.168.1.55 (kuburikidza neiyi interface ichaenda kune iyo Internet)
eth1:192.168.100.1 (LAN)
Pfungwa ndeyekuti makomputa anogona kuenda kuInternet kuburikidza neiyo proxy server, iyo zvakare ichapa ips uye dns kumakomputa pane yemukati network.
Mune ino kesi, ini handidi server kuti ndipinde dns zvikumbiro kuburikidza neeth0 interface (ini handidi kuratidza nzvimbo dzangu kumatunhu ese ari maviri, chete kune yangu LAN); saka kana ndikabvisa yakavanzika-interface-IP1, zvingave zvakakwana here?
Thanks zvekare uye kwaziso.
Chinyorwa chakanaka kwazvo shamwari yangu
Une CHISUNGO mumatsinga ako, kunyangwe ukataura uye uchifunga neimwe nzira 🙂
Felicidades
Artus: Bvisa iyo 192.168.1.55 interface kubva kune yekuteerera-pane chirevo uye enda. Kana kuzivisa ingo teerera-pa {127.0.0.1; 192.168.100.1; }; uye ndizvozvo. KUSUNGWA kunoteerera chete pane izvo zvinongedzo.
Zvakanaka ndatenda.
Eduardo: shamwari yangu, ini ndichiri kusarudza dnsmasq ye "madiki" maratidziro, uye isu tichafanirwa kuona kuti "makuru" angave sei. 😉 Kunyangwe ini ndichiziva kuti Bhandi + isc-dhcp-server ndiyo BIND + isc-dhcp-server. 😉
Eduardo: Ndanga ndakanganwa kukuudza kuti BINGA Nyanzvi ndiwe, Mudzidzisi.
Makore ndichishandisa BATA uye ini ndinoramba ndichidzidza kubva mukunyora kwako, ndinokutendai zvikuru Federico, neiyi nhevedzano yedzidziso sysadmin yabviswa. Ini ndinodzoka uye ndinodzokorora, iyo pfungwa yekusanganisa ruzivo rwese mune yepamutemo inotakurika fomati haina kushata zvachose, ipe iyo musoro kuti chimwe chinhu chakanakisa chinogona kubuda. Kwaziso.
Dhunter shamwari: Makomenti ako anogara achigamuchirwa zvakanaka. Kusanganisira zvese zvakaoma uye zvinenge zvisingaite, nekuti musoro mutsva unogara uchiuya. Nezvitsauko, zvinoenda uye zvinogoneka. Chimwe chinyorwa chingatofanira kunyorwazve kuti chiwane kuenderana mukugadzirisa. Hapana chandinovimbisa, asi tichaona.
Mhoro federico, heino mhinduro dzangu:
1) Iko kusimbisa iwe kwaunoisa pa «... verenga usati wagadzirisa iyo BIND uye kunyangwe usati watanga kutsvaga paInternet zvinyorwa zvine chekuita neBIND uye DNS ...» uchizvitsvaga pakombuta yedu nezvose izvi «... tisingabve pamba ... »kushandisa mazwi ako pachako.
2) Mune ino posvo tinowana imwe dzidziso pamusoro peDNS inozadzisa iyo yakapihwa mune maviri apfuura zvinyorwa uye inogara ichikosheswa; semuyenzaniso: iyo DNSSEC (Domain Name System Security Extensions) uye zvazvinoshandiswa; pamwe neBIND Configuration Scheme ine Static Configuration Files, Zone Mafaira eMidzi Maseva, uye Nzvimbo Dzinotungamira uye Dzinodzoserwa dzenharaunda muDebian.
3) CHIKURU chidimbu chekusaremadza kudzokororazve (uchishandisa mutsetse "kudzokorodza kwete;") wobva waisa mune yekumisikidza faira /etc/bind/named.conf.local, iyo zone mafaera / etc / bind / zones. Rfc1918 uye / etc /bind/zones.rfcFreeBSD kudzivirira chero mibvunzo ine chekuita navo kubva kusiya network yemuno kune midzi midzi.
4) Kusiyana neyemberi posvo nezve CentOS 7, mune ino posvo kana iyo TSIG Kiyi "dhcp-kiyi" inogadzirwa kune inesimba DNS yekugadzirisa kubva kuDHCP; kuibvumira mu /etc/bind/named.conf.local faira, inosanganisira "tendera-kugadzirisa {kiyi dhcp-kiyi; }; » mukugadziriswa kwenzvimbo dzakananga uye dzinodzosera kumashure dunhu redu.
5) Ruzivo rukuru (rwakaenzana neshure rapfuura muCentOS 7) yezvose zvine chekuita nekutarisa kwekushanda kweDNS, DHCP uye nevatengi.
6) CHIKURU chidimbu chekushandisa iyo "gadza" rairo (kana uchinyora sei, handireve sarudzo yezita rimwe chete iro rinoshandiswa mune mimwe mirairo), ini ndaisazviziva, nekuti ichokwadi " 3 mu1 "nekuti mapoka anoteedzera (cp), kumisikidzwa kwevaridzi (chown) uye mvumo (chmod).
. Chekupedzisira, mhinduro yako kuna Artus nezve mashandisiro amaVonero muBIND yakanaka kwazvo, imwe yeLAN (yakazvimirira network) uye imwe yeInternet kuitira kuti chete masevhisi eruzhinji anogona kubvunzwa. Ndinovimba gare gare iwe une nguva yekugadzirira posvo sezvo iri inoshanda kwazvo musoro wenyaya weazhinji sysadmin.
Hapana kana Federico chandinoramba ndichiwedzera kuve nechido nezve iyo PYMES nhepfenyuro uye ndinotarisira kunotevera inotevera "Microsoft Active Directory + BIND"
Wong: Shamwari uye shamwari, zvaunotaura zvinotsigira zvinyorwa zvangu uye zvinoratidza kuti zvinonzwisisika. Iwo "gadza" rairo ine zvimwe zvakawanda sarudzo. Mubvunzo murume gadza. Ndatenda churu nekupindura !!!
Ini handisati ndaverenga zvakataurwa, ndichazviita mushure mekutaura maitiro angu.
Iwe waita uye wagona zvakawanda, iwe watipa mwenje asi kwete iyo inoonekwa ku "kumagumo kwetangi" kana pasisina tariro sezvatinowanzo taura; kwete izvo kwete pasina, iwe wakapa mwenje wakakwana kuti ugone kuti "Pakupedzisira tinoona kuti mutambo wemukomana, une pfungwa zhinji uye fussy syntax" sekutsanangura kwaunoita muchinyorwa.
POST TRUNK uye pamwe neakapfuura iwo akati wandei ane mukurumbira distros. Iwe wakateerera nekuwedzera kwemifungo uye dzidziso iyo pane dzakawanda nguva inotora maitiro ayo patiri. Ndakaverenga zvakadzama, zvakadzikama uye hazvigoneke kuti utaure uye unzwe ZVAKANAKA KUTENDA nekuzvipira kwakadai uye kuzvipira.
Pasina imwezve kurira, tinokushuvira iwe hutano hwese uye kuti urambe uchipa; Tinokutendai uye rombo rakanaka, hupfumi, hutano (tinokushuvirai zvakapetwa) uye rudo rwuperekedze iwe (naSandra kuitira kuti zvimwe, hahaha).
Ndinoziva kuti chirevo ichi chinoenda zvishoma kupfuura izvo zvemukati, zvinoenda kune wega nekuti tiri shamwari uye ndinoyemura kuzvipira kwako kwekuzvipira. Hapana munhu HAPANA anoita zvaunoitira isu vedu vanoda kudzidza zvakawanda uye nekuwedzera uye isu tine basa rekutarisira mameseji eSME pamafudzi edu, kwete basa riri nyore.
Sl2 munhu wese.
crespo88: Ndatenda zvikuru nekuyera kwako nezve izvi uye nezvimwe zvakaburitswa zvinyorwa. Vamwe vaverengi vanogona kufunga kuti ndinozvipa zvese zvangu, kana zvisiri zvechokwadi. Ini ndinogara ndichireva iyo Yekupinda Pfungwa, kunyangwe iyo mienzaniso ichinyatso shanda. SUNGIRA ndiyo Indasitiri Yemagetsi uye DHCP haisi kumashure kumashure. Kuti uvazive pamusoro pevhareji, iwe unofanirwa kupasa degree rekupedza kudzidza kuYunivhesiti yeHelsinki, 😉
Ini ndinoona uyu musoro unonakidza uye wakakosha kwazvo. Ndiri kufarira kudzidza uku kweizvo zvese zviri pamusoro pekutungamira kwe linux network uye kunyanya maseva: dns, simba uye static dhcp uye chaiwo network, bin9, samba, anodhinda maseva, ldap, network yekutarisa nezvishandiso, makomo edhatabhesi eva programmers ' kunyorera uye vlan, nezvimwe. Ndosaka zvichikosha uye aya matipi akanaka kwazvo uye nemaitiro uye mienzaniso.
Mhoro Miguel !!!
Ndatenda nekupindura uye ndinovimba iwo akateedzana anokubatsira mune zvaunofarira. Kwaziso.
Ndatenda kwazvo nechinyorwa Federico, zvinoratidza kuti iwe unoziva nezve debian. Kumbundira.
Ndatenda chaizvo Jorge, nekutaura kwako. Ndinovimba zvinyorwa zvangu zvinokubatsira.
Ndatenda zvikuru kwazvo nezve posvo iyo yakanyorwa zvakanaka uye inotikurudzira kuverenga, kuverenga nekuverenga zvakare. Zvino nechinotevera chinyorwa chauri kuzoburitsa, ndinoda kuti iwe utarise iwo mapoinzi ekubatana aingave nawo:
Microsoft Active Directory ine Samba4 se Active Directory
Kunze kwezvo ndaida kubvunza zvinotevera:
Kuitwa kweBind + Isc-dhcp kwaizove sei mune iyo FW mune dmz uko iyo domain controller ichave iri mu dmz ine samba 4 AD