NSD Server Server DNS + Shorewall - Shabakadaha SME

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Maqaalkani waa sii wadida:

Waad salaaman tihiin asxaabta iyo asxaabta!

Kooxda Xamaasad iibsaday magaca domainka internetka desdelinux. taageere Adeeg bixiyahaaga Internetka ama ISP. Iyada oo qayb ka ah helitaankan, waxay weydiisteen ISP inay ku daraan dhammaan diiwaanada DNS ee lagama maarmaanka u ah su'aalaha ku habboon ee la xiriira cinwaankooda in laga xalliyo internetka.

Waxay sidoo kale codsadeen in diiwaanka SRV lagu daro arrimaha XMPP maxaa yeelay waxay qorsheynayaan inay rakibaan server fariin deg deg ah salka ku haya Daawasho Taasi waxay ku biiri doontaa federaaliga jira ee isku xirka server-yada XMMP ee internetka.

  • Ujeedada ugu weyn ee maqaalkani waa in aan muujino sida aan uga tarjumi karno diiwaanada SRV ee la xiriira adeegga Fariimaha degdegga ah ee XMPP-ka ah ee ku habboon faylka aagga DNS..
  • Rakibaadda ee Dhufeys Iyada oo la adeegsado hal shey oo shabakad ah, waxay u adeegi kartaa kuwa go'aansada inay rakibaan server sidan oo kale ah si ay u maareeyaan aag loo wakiishay DNS Zone. Haddii adeegahaasi uu ku xirnaado LAN-ka Enterprise-ka marka lagu daro internetka, dejinta lagama maarmaanka ah waa in loo sameeyaa si loo isticmaalo laba isku-xirnaanta shabakadda.

Server aasaasi ah

Waxaan ku rakibeynaa adeege DNS awood leh NSD Debian "Jessie". Kani waa adeegaha asalka u ah bogga "fan". Xuduudaha ugu muhiimsan ee adeegaha waa:

Magaca: ns.fan Cinwaanka IP: 172.16.10.30 xididka @ ns: ~ # hostname
ns

xididka @ ns: ~ # magaca martida loo yahay --fqdn
ns.fan

xididka @ ns: ~ # ip addr show
1: waa maxay: mtu 65536 qdisc noqueue state UNKNOWN group default link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 baaxada martida lo ansax_lft weligiis doorbidaa_lft weligiis inet6 :: 1/128 baaxada martigeliyaha ansax_lft weligiis doorbiday_lft weligiis 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link / ether 00: 0c: 29: dc: d7: 1b brd ff: ff: ff: ff: ff: ff inet 172.16.10.30/24 brd 172.16.10.255 baaxad caalami ah eth0 ansax_lft weligiis doorbid_lft weligiis inet6 fe80 :: 20c: 29ff: fedc: d71b / 64 iskuxirka baaxada ansax_lft weligiis doorbiday_lft weligiis

Dhufeys

Kahor intaadan adeeg uga bixin Tuulada WWW, waa wax aad u wanaagsan in la ilaaliyo serverka iyo adeegyada ay ku bixiso Firewall - Router awood badan Shorewall waa sahlan tahay in la qaabeeyo waana ikhtiyaar badbaado leh oo ilaalin ah.

  • Qaab dhismeedka saxda ah ee dhammaystiran ee Firewall waa hawsha aqoonyahannada ama khubarada, oo aynaan ahayn. Waxaan kaliya bixinnaa hage loogu talagalay qaabeynta ugu yar iyo shaqeyn.

Waxaan rakibnaa xirmada shooga iyo dukumiintiyadeeda.

xididka @ ns: ~ # muujinta muujinta shorewall
Xidhmada: shorewall Cusub: haa Xaaladda: lama rakibin
Nooca: 4.6.4.3-2

xididka @ ns: ~ # aptitude rakib shorewall shorewall-doc

Dukumentiyada

Waxaad ka heli doontaa dukumiinti fara badan fayllada:

  • / usr / share / doc / shorewall
  • / usr / share / doc / shorewall / tusaalooyin
  • / usr / share / doc / shorewall-doc / html

Waxaan u qaabeyneynaa isku xirnaanta shabakadda

xididka @ ns: ~ # cp / usr / share / doc / shorewall / tusaalooyin / one-interface / interfaces \
/ iwm / shorewall /

xididka @ ns: ~ # nano / iwm / shorewall / interfaces
XULASHADA SHARCIYADA GOBOLKA net eth0 tcpflags, logmartians, nosmurfs, sourceroute = 0

Waxaan ku dhawaaqeynaa aagagga firewall-ka

xididka @ ns: ~ # cp / usr / share / doc / shorewall / tusaalooyin / one-interface / zones \
/ iwm / shorewall /

xididka @ ns: ~ # nano / iwm / shorewall / zones
XULASHADA NOOCYADA AAGA LAGU XULO # XULASHADA XULASHADA fw firewall net ipv4

Siyaasadaha asalka u ah helitaanka gidaarka

xididka @ ns: ~ # cp / usr / share / doc / shorewall / tusaalooyin / hal-interface / siyaasad \
/ iwm / shorewall /

xididka @ ns: ~ # nano / iwm / shorewall / policy
XUDUUDDA Heerka Heerka LIISKA SHARCIGA SURURKA: BURST $ FW net ACCEPT
net dhammaan macluumaadka 'DROP'
# SIYAASADA SOO SOCOTA WAA INAY DHAMMAATAA dhamaantiis DIIDO info

Xeerarka marin-u-helidda gidaarka

xididka @ ns: ~ # cp / usr / share / doc / shorewall / tusaalooyin / hal-interface / xeerar \
/ iwm / shorewall /

xididka @ ns: ~ # nano / iwm / shorewall / xeerarka
#ACTION SOURCE DEST PROTO DEST SOURCE ASALKA ASALKA SALAMKA / MARK CON $ # PORT PORT (S) DEST LIMIT GROUP? QAYBTA DHAMMAAN? QAYBTA LA SAMEEYAY? QAYBTA LA XIDHIIDHAY? baakado ku jira xaalad aan ansax ahayn Invalid (DROP) net $ FW tcp # Drop Ping from the "bad" net aagga .. oo ka ilaali in looxaaga daadku ku fataho .. # Ka tuur Ping aagga "xun". # Kahortag daadadka nidaamka diiwaan gelinta (/ var / log / syslog) Ping (DROP) net $ FW # Oggolow dhamaan taraafikada ICMP LAGA SOO DHAWEYNO firewall-ka ilaa aagga saafiga ah # U oggolow dhammaan taraafikada ICMP LAGA SOO DHAWEEYEY darbiga dabka illaa aagga net. AQBAL $ FW net icmp

# Xeerar u gaar ah # Ka helitaanka SSH laba kumbuyuutar
SSH / ACCEPT shabaqa: 172.16.10.1,172.16.10.10 $ FW tcp 22

# U oggolow taraafikada marinnada 53 / tcp iyo 53 / udp
ACCEPT net $ FW tcp 53
ACCEPT net $ FW udp 53

Waxaan hubineynaa qaabeynta feylasha qaabeynta

xididka @ ns: ~ # jeega shorewall
Hubinta ... Ku shaqeynta / iwm / shorewall / params ... Processing /etc/shorewall/shorewall.conf ... Module Loading ... Hubinta / iwm / shorewall / zones ... Hubinta / iwm / shorewall / interfaces .. Go'aaminta Martida aagagga ... Helitaanka Faylasha Waxqabadka ... Hubinta / iwm / shorewall / siyaasad ... Ku darista Xeerarka Anti-smurf Hubinta Calaamadaha TCP ... Hubinta Kala Bixinta Kernel ... Hubinta Martian Gudaheeda ... Hubinta Aqbal Hubinta / Hubinta / iwm / shorewall / xeerarka ... Hubinta / iwm / shorewall / conntrack ... Hubinta Filtration MAC - Wejiga 1 ... Dalbashada Xeerarka ... Hubinta / usr / share / shorewall / action.Drop for silsilad Drop ... Hubinta /usr/share/shorewall/action.Broadcast for silsiladda Broadcast ... Qaab dhismeedka Shorewall ayaa la xaqiijiyay

xididka @ ns: ~ # nano / iwm / default / shorewall
# Kahortaga bilowga qaabeynta asalka ah # deji isbeddelka soo socda ee 1 si aad ugu oggolaato Shorewall inuu bilaabo
bilaabid =1
------

xididka @ ns: ~ # adeegga bilowgiisa
xididka @ ns: ~ # adeegga dib u bilaabista shorewall
xididka @ ns: ~ # xaalada shorewall adeeg
● shorewall.service - LSB: U habeew digaaga markii la soo xidho Loload: load (/etc/init.d/shorewall) Active: active (exited) since Sun 2017-04-30 16:02:24 EDT; 31min kahor Nidaam: 2707 ExecStop = / etc / init.d / shorewall stop (koodh = kabax, status = 0 / SUCCESS) Nidaamka: 2777 ExecStart = / etc / init.d / shorewall start (koodh = kabax, xaalad = 0 / GUUL)

Waa waxbaris badan in si taxaddar leh loo akhriyo soo saarista amarka iptables -L gaar ahaan arrimaha ku saabsan siyaasadaha asalka u ah INPUT, FORWARD, OUTPUT, iyo kuwa ay diido - diido Firewall si looga ilaaliyo weerarada dibada. Ugu yaraan, waxay ku socotaa internetka iyadoo wax yar la ilaalinayo, sax? 😉

xididka @ ns: ~ # iptables -L

NSD

xididka @ ns: ~ # muujinta muuqaalka nsd
Xidhmada: nsd Cusub: haa Xaaladda: rakibay Si toos ah ayaa loo rakibay: maya
Nooca: 4.1.0-3

xididka @ ns: ~ # aptitude rakib nsd
xididka @ ns: ~ # ls / usr / share / doc / nsd /
ku dar wax ka beddelista.Debian.gz NSD-DIFFFILE SHURUUDAHA.gz tusaalooyinka changelog.gz NSD-FOR-BIND-USERS.gz TODO.gz khilaafaadka xuquuqda daabacaadda.pdf.gz README.gz UCCRADING CRITITS NSD-DATABASE RELNOTES.gz

xididka @ ns: ~ # nano /etc/nsd/nsd.conf
# Faylka qaabeynta NSD ee Debian. # Eeg nsd.conf (5) bogga nin.
# Eeg /usr/share/doc/nsd/examples/nsd.conf wixii faallo ah
# tixraaca faylka
# Khadadka soo socda waxaa kujira feylasha qaabeynta oo dheeri ah oo kujira galka # /etc/nsd/nsd.conf.d. # DIGNIIN: Qaabka adduunka wali ma shaqeynayo ... # ku dar: "/etc/nsd/nsd.conf.d/*.conf" server: logfile: "/var/log/nsd.log" ip-address : 172.16.10.30 # dhageyso iskuxirka IPv4 do-ip4: haa # dhageyso iskuxirka IPv6 do-ip6: maya # dekedda si aad uga jawaabto weydiimaha. default waa 53. dekedda: 53 username: nsd # Aagagga, ikhtiyaarka-xfr waxaa loogu talagalay # axfr jeegagga aagga: magaca: fan zonefile: /etc/nsd/fan.zone zone: name: desdelinux. taageere
    zonefile: /etc/nsd/desdelinux.fan.zone
    provide-xfr: 172.16.10.250 NOKEY

zone:
    name: 10.16.172.in-adr.arpa
    zonefile: /etc/nsd/10.16.172.arpa.zone provide-xfr: 172.16.10.250 NOKEY zone: name: swl.fan zonefile: /etc/nsd/swl.fan.zone zone: name: debian.fan zonefile: /etc/nsd/debian.fan.zone zone: name: centos.fan zonefile: /etc/nsd/centos.fan.zone zone: name: freebsd.fan zonefile: /etc/nsd/freebsd.fan.zone


xididka @ ns: ~ # nsd-checkconf /etc/nsd/nsd.conf
xididka @ ns: ~ #

Waxaan abuureynaa faylasha aagagga

Aagga Xididka «taageere»Hoos ku qoran waxaa loogu talagalay TIJAABIN KELIYA mana ahan in tusaale loo soo qaato. Annagu ma nihin Maamulayaasha Adeegyada Magaca Dhismooyinka. 😉

xididka @ ns: ~ # nano /etc/nsd/fan.zone
$ ASAL AH fan. $ TTL 3H @ IN SOA ns.fan. xididka.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS ns.fan. @ IN A 172.16.10.30; ns IN A 172.16.10.30

root@ns:~# nano /etc/nsd/desdelinux.fan.zone
$ORIGIN desdelinux.fan.
$TTL 3H
@       IN      SOA     ns.desdelinux.fan.      root.desdelinux.fan. (
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum or
                                                ; Negative caching time to live
;
@       IN      NS      ns.desdelinux.fan.
@       IN      MX      10 mail.desdelinux.fan.
@       IN      TXT     "v=spf1 a:mail.desdelinux.fan -all"
;
; Registro para resolver consultas dig desdelinux.fan
@       IN      A       172.16.10.10
;
ns      IN      A       172.16.10.30
mail    IN      CNAME   desdelinux.fan.
chat    IN      CNAME   desdelinux.fan.
www     IN      CNAME   desdelinux.fan.
;
; Registros SRV relativos al XMPP
_xmpp-server._tcp  IN SRV  0 0 5269 desdelinux. taageere.
_xmpp-client._tcp    IN SRV  0 0 5222 desdelinux. taageere.
_jabber._tcp     IN SRV  0 0 5269 desdelinux. taageere.

xididka @ ns: ~ # nano /etc/nsd/10.16.172.arpa.zone
$ ASAL 10.16.172.in-addr.arpa.
$TTL 3H
@       IN      SOA     ns.desdelinux.fan.      root.desdelinux.fan. (
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum or
                                                ; Negative caching time to live
;
@       IN      NS      ns.desdelinux.fan.
;
30      IN      PTR     ns.desdelinux.fan.
10      IN      PTR     desdelinux. taageere.

root@ns:~# nsd-checkzone desdelinux.fan /etc/nsd/desdelinux.fan.zone
zone desdelinux.fan is ok
xididka @ ns: ~ # nsd-hubinta 10.16.172.in-addr.arpa /etc/nsd/10.16.172.arpa.zone
aagga 10.16.172.in-addr.arpa waa ok # On Debian, NSD waxay joojineysaa rakibideeda awood ahaan
xididka @ ns: ~ # systemctl dib u bilaw nsd
xididka @ ns: ~ # systemctl status nsd
D nsd.service - Magaca Server Daemon Loaded: load (/lib/systemd/system/nsd.service; firfircoonaan) Firfircoon: firfircoon (socda) ilaa Sun 2017-04-30 09:42:19 EDT; 21min ago Main PID: 1230 (nsd) CGroup: /system.slice/nsd.service ├─1230 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf ├─1235 / usr / sbin / nsd - d -c /etc/nsd/nsd.conf └─1249 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf

Wuxuu ka hubiyaa adeegaha ns.fan laftiisa

root@ns:~# host desdelinux. taageere
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

root@ns:~# host mail.desdelinux. taageere
email.desdelinux.fan is an alias for desdelinux. taageere.
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

root@ns:~# host chat.desdelinux. taageere
sheekeysi.desdelinux.fan is an alias for desdelinux. taageere.
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

root@ns:~# host www.desdelinux. taageere
www.desdelinux.fan is an alias for desdelinux. taageere.
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

root@ns:~# host ns.desdelinux. taageere
anaga.desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.30

xididka @ ns: ~ # martigeliyaha 172.16.10.30
30.10.16.172.in-addr.arpa domain name pointer ns.desdelinux. taageere.

xididka @ ns: ~ # martigeliyaha 172.16.10.10
10.10.16.172.in-addr.arpa domain name pointer desdelinux. taageere.

xididka @ ns: ~ # martigeliyaha ns.fan
ns.fan wuxuu leeyahay cinwaan 172.16.10.30

Magacaaga hubinta qaraarka ee internetka

  • Su'aalaha faahfaahsan ee DNS weligood aad uma badna, maxaa yeelay hawlgalka saxda ah ee Magaca Magaca Xallintu wuxuu ku xirnaan doonaa in badan oo ku saabsan hawlgalka saxda ah ee shabakadda.

Si loo fuliyo weydiimaha DNS waxaan ku xirmay badalkayga - biiro tijaabin, laptop oo leh IP 172.16.10.250 iyo marinka 172.16.10.1, Cinwaanka IP ee u dhigma goobteyda shaqada sysadmin.desdelinux. taageere sida lagu yaqaan maqaaladi hore.

sandra @ laptop: ~ $ sudo ip addr show
1: waa maxay: mtu 16436 qdisc noqueue state UNKNOWN link / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 weligiis doorbid_lft weligiis 127.0.0.1: eth8: mtu 6 qdisc pfifo_fast state UP qlen 1 link / ether 128: 2: 0: 1500e: 1000: 00 brd ff: ff: ff: ff: ff: ff inet 17/42 brd 8 baaxada aduunka eth85 inet54 fe172.16.10.250: : 24: 172.16.10.255ff: fe0e: 6/80 iskuxirka baaxada ansax_lft weligiis doorbidid_lft waligiis 217: wlan42: mtu 8 qdisc noop state DOWN qlen 8554 link / ether 64: 3d: e0: 1500: 1000: d00 brd ff: ff: ff: ff: ff: ff 1: pan0: mtu 88 qdisc noop state DOWN link / ether de: 09b: 5: 4: 0: ad brd ff: ff: ff: ff: ff: ff


sandra @ laptop: ~ $ sudo route -n
Miiska wadista Kernel IP Wadada loo maro Goobaha loo yaqaan 'Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 0 eth0 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

sandra @ laptop: ~ $ bisad /etc/resolv.conf
xawaalad 172.16.10.30

sandra@laptop:~$ host desdelinux. taageere
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

sandra @ laptop:~$ host mail.desdelinux. taageere
email.desdelinux.fan is an alias for desdelinux. taageere.
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinux.fan mail is handled by 10 mail.desdelinux. taageere.

sandra @ laptop:~$  host ns.desdelinux. taageere
anaga.desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.30

sandra @ laptop: ~ $ host 172.16.10.30
30.10.16.172.in-addr.arpa domain name pointer ns.desdelinux. taageere.

sandra @ laptop: ~ $ martigelinta 172.16.10.10
10.10.16.172.in-addr.arpa domain name pointer desdelinux. taageere.

sandra@laptop:~$ host -t SRV _xmpp-server._tcp.desdelinux. taageere
_xmpp-server._tcp.desdelinux.fan has SRV record 0 0 5269 desdelinux. taageere.

sandra @ laptop:~$ host -t SRV _xmpp-client._tcp.desdelinux. taageere
_xmpp-client._tcp.desdelinux.fan has SRV record 0 0 5222 desdelinux. taageere.

sandra @ laptop:~$ host -t SRV _jabber._tcp.desdelinux. taageere
_jabber._tcp.desdelinux.fan has SRV record 0 0 5269 desdelinux. taageere.

sandra @ laptop: ~ $ marti-taageere.
Isku dayga "fan" ;; - >> MADAXA << - opcode: QUERY, status: NOERROR, id: 57542 ;; calamada: qr aa rd; SU'AAL: 1, JAWAAB: 3, AWOODDA: 0, KU DARNAAN: 1 ;; QAYBTA SU'AASHA :; fan. WAX KASTA ;; QAYBTA JAWAABTA: fan. 10800 SOA ns.fan. xidid.fan. 1 86400 3600 604800 10800 taageere. 10800 IN NS ns.fan. taageere 10800 IN A 172.16.10.30 ;; QAYBTA DHEERAAD AH: ns.fan. 10800 IN 172.16.10.30 Laga helay 111 bytes laga bilaabo 172.16.10.30 # 53 gudaha 0 ms
  • Waxaan si ula kac ah u dhignay cinwaanka 172.16.10.250  On laptop-ka, si aad wax walba uga hubiso adoo adeegsanaya su'aal ah DNS AXFR, maaddaama aagagga loo qaabeeyey inay u oggolaadaan - oo aan lahayn lambarka sirta ah - weydiinta noocan ah ee IP.
sandra@laptop:~$ dig desdelinux.fanaan axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> desdelinux.fan axfr;; fursadaha caalamiga ah: +cmd
desdelinux.fan.     10800   IN  SOA ns.desdelinux.fan. root.desdelinux. taageere. 1 86400 3600 604800 10800
desdelinux.fan.     10800   IN  NS  ns.desdelinux. taageere.
desdelinux. taageere. 10800 IN MX 10 iimaylka.desdelinux. taageere.
desdelinux.fan.     10800   IN  TXT "v=spf1 a:mail.desdelinux.fan -all"
desdelinux.fan.     10800   IN  A   172.16.10.10
_jabber._tcp.desdelinux.fan. 10800 IN   SRV 0 0 5269 desdelinux.fan.
_xmpp-client._tcp.desdelinux.fan. 10800 IN SRV  0 0 5222 desdelinux.fan.
_xmpp-server._tcp.desdelinux.fan. 10800 IN SRV  0 0 5269 desdelinux.fan.
chat.desdelinux.fan.    10800   IN  CNAME   desdelinux.fan.
mail.desdelinux.fan.    10800   IN  CNAME   desdelinux.fan.
ns.desdelinux.fan.  10800   IN  A   172.16.10.30
www.desdelinux.fan. 10800   IN  CNAME   desdelinux. taageere.
desdelinux.fan.     10800   IN  SOA ns.desdelinux.fan. root.desdelinux.fan. 1 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.16.10.30#53(172.16.10.30)
;; WHEN: Sun Apr 30 10:37:10 EDT 2017
;; XFR size: 13 records (messages 1, bytes 428)

sandra @ laptop: ~ $ qodo 10.16.172.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> 10.16.172.in-addr.arpa axfr
;; global options: +cmd
10.16.172.in-addr.arpa. 10800   IN  SOA ns.desdelinux.fan. root.desdelinux.fan. 1 86400 3600 604800 10800
10.16.172.in-addr.arpa. 10800   IN  NS  ns.desdelinux.fan.
10.10.16.172.in-addr.arpa. 10800 IN PTR desdelinux.fan.
30.10.16.172.in-addr.arpa. 10800 IN PTR ns.desdelinux.fan.
10.16.172.in-addr.arpa. 10800   IN  SOA ns.desdelinux.fan. root.desdelinux.fan. 1 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.16.10.30#53(172.16.10.30)
;; WHEN: Sun Apr 30 10:37:27 EDT 2017
;; XFR size: 5 records (messages 1, bytes 193)

sandra @ laptop:~$ ping ns.desdelinux. taageere
PING ns.desdelinux.fan (172.16.10.30) 56(84) bytes of data.

Su'aalaha lagama maarmaanka ah ee DNS ayaa si sax ah looga jawaabey. Waxaan sidoo kale hubineynaa in Shorewall uu si sax ah u shaqeynayo iyo in uusan aqbalin ping kombiyuutarada ku xiran internetka.

Resumen

  • Waxaan aragnay sida loo rakibo oo loo qaabeeyo - ikhtiyaarrada aasaasiga ah iyo kuwa ugu yar - server-ka DNS oo ku dhisan NSD. Waxaan xaqiijineynaa in qaabeynta feylasha aagga ay aad ula mid tahay tan BIND. Internetka waxaa ku jira suugaan aad u wanaagsan oo dhameystiran oo ku saabsan NSD.
  • Waxaan la kulanay hadafka ah inaan soo bandhigno cadeynta diiwaanada SRV ee laxiriira XMPP.
  • Waxaan kaa caawinaa rakibidda iyo qaabeynta ugu yar ee gidaar-ku-saleysan Showerall.

Gaarsiinta xigta

IM Prosody iyo isticmaaleyaasha maxalliga ah.


8 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   jajab dijo

    Subax wanaagsan saaxiibo ka mid ah bulshada Linux cashar aad u wanaagsan waxaan isku dayay inaan rakibo dns laakiin waxay sheeganeysaa in amarkan aan la helin haddii ay jirto bedel kale oo loogu mahadcelinayo macluumaadka

  2.   Alberto dijo

    Su'aal? Miyaadan u adeegsan doonin SAMBA maamul ahaan shabakadaha SME?

  3.   federico dijo

    fracielarevalo: Ogsoonow in maqaalka uu ku saleysan yahay ku rakibida NSD nidaamka qalliinka ee Debian "Jessie", ee ma ahan CentOS.

    Alberto: Waa inaad ka gudubtaa mid fudud uguna ekaataa dhismaha. Marka dambe waxaan arki doonnaa Samba 4 oo ah AD-DC, taas oo ah, Tusaha Firfircoon - Qaan-sheegashada Domain. Dulqaad. Waxaan kugula talinayaa inaad akhriso maqaalkii hore, gaar ahaan sadarka oranaya: Miyuu ahaa habka aqoonsiga dhalashada ARPANET, Internetka, iyo shabakadaha kale ee Wide Aagga hore ama Shabakadaha Maxalliga ah ee ku saleysan LDAP, Adeegga Tusaha, ama Microsoft LSASS, ama Tusaha Firfircoon, ama Kerberos?

    Xusuusnow in qoraalada oo dhami ay xidhiidh leeyihiin oo ay tahay taxane. Uma maleynayo inay waxtar leedahay gabi ahaanba in laga bilaabo dhinaca kale, taas oo ah, laga soo qaato Diiwaanka Firfircoon oo dib loogu noqdo PAM. Sida aad arki doonto, noocyo badan oo xaqiijin ah ayaa ku dhammaanaya PAM kombuyuutarkaaga Linux. Xalka fudud sida kan aan ku daboolno PAM wuxuu mudan yahay in la qoro. Haddii ujeedka la fahmo, waa in la akhriyaa oo la darsaa.

    Salaan kadib aad iyo aad ayaad ugu mahadsan tihiin labadiinaba inaad faallo bixiseen.

  4.   IWO dijo

    Maqaal kale oo weyn oo uu qoray qoraagu, sidii caadada u ahayd marwalba wax cusub baa jira oo waxtar weyn u leh kuweena u maleeya nafteena "sysadmins".
    Waa kuwan qoraalladaydu:
    1-U adeegsiga NSD halkii aad ka xiri lahayd SID oo loo adeegsan lahaa serverka DNS.
    2- Geli galka aaga DNS diiwaanka SRV ee laxiriira adeegga Fariimaha degdega ah ee la jaan qaada XMPP.
    3- Adeegsiga Showall Firewall-ka oo leh shebekad isku xirta.
    Qoraalkani wuxuu ii yahay "saldhig" aniga (sida uu isagu u qunyar u sheegay oo waa hamiga qoraaga dhammaan taxanaha SME) haddii mustaqbalka aan arko baahida loo qabo in la hirgeliyo xal la mid ah.

  5.   qorraxda dijo

    Kooxda xiisaha lihi waxay mar kale naga caawinayaan inaan kordhino aqoonteena ku saabsan aagagga shabakadaha ee SMEs. Aad baad ugu mahadsan tihiin sida wanaagsan ee wax u taray, bulshada, naftayda iyo aniga waxaan u maleynayaa in tiro aad u wanaagsan oo sysadmin ah ay kuugu mahadsantahay wax ku biirintan qiimaha leh ... Waagii hore waxaan xiriir kale la lahaa shabaqa, laakiin waxaan ku dhex galay kiis ficil ah sida aan ku sameeyay waa adag tahay, taxanahan shabakadaha SMEs waxay hormuud u yihiin dukumintiyada aagag kala duwan oo sysadmin ay tahay inay wax ka qabato, iyadoo la fahamsan yahay in dukumiintiyada badankood ee ku saabsan arintan ay ku qoran yihiin luqadda caalamiga ah ee Ingiriiska. ..

    Ha istaagin, hambalyo waan ku dhaqaaqeynaa !!!

  6.   federico dijo

    Lagarto: Aad baad ugu mahadsantahay faalladaada iyo mahadnaqaaga. Waxaan isku dayaa inaan taxanaha ka siiyo saldhigga ugu yar ee Sysadmin u baahan yahay. Dabcan, is-barasho iyo xiisaha shaqsiyeed ee mid kasta oo ka mid ah mowduucyada laga hadlay waxay ku xirnaan doonaan darajo.

    Hore ayaan usoconaa !!!

  7.   GhostXxX dijo

    Waad salaaman tihiin bulshada linx; Waxaan ku cusubaa OS.opte po ka tago daaqadaha waagii hore waxaanan jecelahay inaan barto inta aan awoodo..maqaal kasta oo wanaagsan .. salaan wacan

  8.   federico dijo

    Waad ku mahadsantahay Ghost ku soo biirida Bulshada iyo faallooyinka