DNS iyo DHCP ee Debian 8 "Jessie" - Shabakadaha SMB

fico

Daqiiqado 42

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Saaxiibbo waad salaaman tihiin !. Kadib labadii lamaane ee hore ee maqaalka ahaa Domain Name System iyo Nidaamka Aqoonsiga Nabadgelyada Aqalka Guud lagu daabacay «DNS iyo DHCP ee furanSUSE 13.2 'Harlequin'"iyo"DNS iyo DHCP ee CentOS 7«, Labadaba taxanaha Shabakadaha SME, waa inaan ku qaabeynaa adeegyadaas Debian.

Waxaan ku celcelineynaa bar bilow wanaagsan in laga barto fikradaha aragtida guud ee DNS iyo DHCP waa Wikipedia.

Ku rakibidda nidaamka hawlgalka

Waxaan ka bilaabi doonnaa rakibaadda aasaasiga ah ee server-ka Debian 8 "Jessie" oo aan ku rakibayn jawi garaaf ama barnaamij kale. Mashiin dalwad ah oo wata 512 megabyte oo RAM ah iyo 20 gigabyte oo adag ayaa ka badan inta ku filan.

Intii lagu gudajiray hawsha rakibida - doorbid qaabka qoraalka - iyo raacitaanka amarka shaashadaha, waxaan dooranay xuduudaha soo socda:

  • Idioma: Isbaanish - Isbaanish
  • Dal, dhul ama deegaan: Mareykanka
  • Keymap si aad u isticmaasho: Ingiriis Mareykan ah
  • Ku xir shabakada gacanta:
    • Cinwaanka IP: 192.168.10.5
    • Bangiga netka: 255.255.255.0
    • Albaabka: 192.168.10.1
    • Cinwaanada Magaca-bixiyaha: 127.0.0.1
    • Magaca mishiinka: dns
    • Magaca domain: desdelinux. taageere
  • Furaha Isticmaalaha Super: SuClave (markaa weydiiso xaqiijin)
  • Magaca buuxa ee isticmaaleha cusub: Debian First OS Buzz
  • Magaca isticmaalaha koontada: buuq
  • U dooro erey sir ah isticmaaleha cusub: SuClave (markaa weydiiso xaqiijin)
  • Xulo aaggaaga waqtiga: Bariga
  • Habka qaybinta: Hanuuniyey - isticmaal diskka oo dhan
    • Dooro disk si aad u kala qaybiso: disk Virtual 1 (vda) - 21.5 GB Virto Block Device
    • Nidaamka Qeybinta: Dhammaan faylasha ku jira hal xijaab (waxaa loogu talinayaa dadka cusub).
    • Dhamee kala qaybsanaanta iyo qor isbadalada ku dhaca diskiga
    • Ma rabtaa inaad u qorto isbeddelada ku soo dhaca diskiga?
  • Ma rabtaa inaad falanqeyso CD ama DVD kale?:
  • Ma rabtaa inaad isticmaasho nuqul ka mid ahd?:
  • Ma rabtaa inaad qaadato sahanka isticmaalka xirmada?:
  • Xulo barnaamijyada si aad u rakibto:
    [] Debian desktop desktop
    [*] Adeegyada nidaamka caadiga ah
  • Ma rabtaa inaad ku rakibto qalabka wax lagu rakibo ee 'GRUB boot loader' diiwaanka ugu weyn ee boot-ka?
    • / dev / vda
  • "Rakiibtii waa la dhammaystiray":

Fikradayda suubban, Ku rakibida Debian waa fududahay. Waxaa loo baahan yahay oo keliya in laga jawaabo su'aalaha xulashooyinka horay loo sii cayimay iyo macluumaad kale. Xitaa waan ku dhiiran karaa inaan dhaho way fududahay in la raaco talaabooyinkii hore marka loo fiiriyo fiidiyow, tusaale ahaan. Markaan wax akhriyo ma dhumiyo feejignaanta. Arrin kale ayaa ah in la daawado, la akhriyo, la fasiro, lana siiyo fiidiyaha gadaal iyo gadaal, markaan lumiyo ama aanan fahmin si fiican macno muhiim ah. Xaashida gacanta lagu qoray, ama feyl qoraal fudud ah oo loo guuriyey mobilada, ayaa u noqon doona hage wax ku ool ah si hufan

Dejinta bilowga ah

Ka dib markaan dhammeyno rakibaadda aasaasiga ah iyo dib-u-soo-celinta ugu horreysa, waxaan sii wadaynaa inaan ku dhawaaqno Keydadka Barnaamijka.

Markaad tafatirayso feylka liiska, waxaan ka faalloonnaa dhammaan wixii jira ee jira si aan caadi ahayn maxaa yeelay waxaan kaliya la shaqeyn doonnaa bakhaarrada maxalliga ah. Nuxurka ugu dambeeya ee faylka-oo ay ku jiraan khadadka faallooyinka- wuxuu noqon lahaa:

xididka @ dns: ~ # nano /etc/apt/sources.list
deynta http://192.168.10.1/repos/jessie/debian/ jessie main contributor deb http://192.168.10.1/repos/jessie/debian-security/ jessie / cusboonaysiinta ugu muhiimsan

Waxaan cusbooneysiineynaa nidaamka

xididka @ dns: ~ # cusbooneysiinta aqoonta
xididka @ dns: ~ # kor u qaadista aqoonta
xididka @ dns: ~ # reboot

Waxaan rakibnay SSH si aan uga fogaanno

xididka @ dns: ~ # karti u rakib ssh

Si loogu oggolaado adeegsadaha inuu ku bilaabo kalfadhi fog iyadoo loo marayo SSH xidid - laga bilaabo Shirkada LAN oo keliya - waxaan wax ka badalnaa feylkeeda qaabeynta:

xididka @ dns: ~ # nano / iwm / ssh / sshd_config
.... PermitRootLogin haa ....

xididka @ dns: ~ # systemctl dib u bilaabi ssh.service
xididka @ dns: ~ # systemctl status ssh.service

Waxaan ku bilaabaynaa kalfadhi fog iyada oo loo marayo SSH gudaha «dns» mashiinka «sysadmin»

buzz @ sysadmin: ~ $ rm .ssh / known_hosts buzz @ sysadmin: ~ $ ssh root@192.168.10.5 ... root@192.168.10.5's password: ... root @ dns: ~ #

Faylasha qaabeynta ugu weyn

Faylasha ugu muhiimsan ee qaabeynta nidaamka waxay ku xirnaan doontaa xulashooyinkayada inta lagu jiro rakibidda:

xididka @ dns: ~ # bisad / iwm / martigeliyayaal
127.0.0.1 localhost 192.168.10.5 dns.desdelinux.fan dns # Khadadka soo socdaa waa kuwo loogu talagalay IPv6 martigeliyaha awooda leh :: 1 localhost ip6-localhost ip6-loopback ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouters

xididka @ dns: ~ # bisad /etc/resolv.conf 
search desdelinux.magacaye taageere 127.0.0.1

xididka @ dns: ~ # magaca martida
dns

xididka @ dns: ~ # magaca martida -f
DNS.desdelinux. taageere

xididka @ dns: ~ # cat / etc / network / interfaces
# Faylkaani wuxuu sharxayaa isku xirka shabakadaha laga heli karo nidaamkaaga # iyo sida loo dhaqaajiyo. Macluumaad intaas ka badan, eeg interfaces(5). source /etc/network/interfaces.d/* # Isku xirka shabakada loopback auto lo iface lo inet loopback # Isku xirka shabakada aasaasiga ah allow-hotplug eth0 iface eth0 inet static address 192.168.10.5 gateway 255.255.255.0 # dns-* xulashooyinka waxaa fuliyaa xirmada resolvconf, haddii lagu rakibo dns-nameservers 192.168.10.0 dns-search desdelinux. taageere

Waxaan rakibnaa xirmooyinka khibrada sare

xididka @ dns: ~ # aptitude rakibi htop mc deborphan

Nadiifinta xirmooyinka la soo dejiyey, haddii ay jiraan

xididka @ dns: ~ # aptitude rakibi -f xididka @ dns: ~ # aptitude purge ~ c root @ dns: ~ # root aptitude nadiifa @ dns: ~ # aptitude autoclean

Waxaan rakibnaa BIND9

  • INTA AADAN rakibin dahaarka waxaan aad ugu talinaynaa booqo bogga Noocyada diiwaanka DNS on Wikipedia, labadaba noocyadiisa Isbaanishka iyo Ingiriiska. Noocyada diiwaangelinta ayaa ah kuwa aan u adeegsan doonno qaabeynta feylasha aagagga, labadaba Direct iyo Reverse. Waa waxbarasho aad u wanaagsan in la ogaado waxa aan la macaamilayno.
  • Sidoo kale waxaan soo jeedinaynaa akhriso waxyaabaha soo socda Codsiga Faallooyinka RFC - Codsiyada Faallooyinka, kuwaas oo xiriir dhow la leh shaqeynta caafimaadka leh ee adeegga DNS, gaar ahaan marka loo fiiriyo ku noqoshada adeegayaasha xididka:
    • RFCs 1912, 5735, 6303, iyo BCP 32: la xiriira localhost
    • RFC -yada 1912, 6303: Aagga qaabka ee cinwaanka IPhost-ka localhost IPv6
    • RFCs 1912, 5735 iyo 6303: La Xiriira Shabakadda Maxalliga ah - Shabakadan
    • RFCs 1918, 5735 iyo 6303: Shabakadaha Isticmaalka Gaarka ah
    • RFC 6598: Booska Cinwaanka La Wadaago
    • RFCs 3927, 5735 iyo 6303: Link-local / APIPA
    • RFCs 5735 iyo 5736: Meeleynta borotokoolka Hawsha Injineernimada Internetka
    • RFCs 5735, 5737 iyo 6303: TEST-NET- [1-3] Dukumiinti ahaan
    • RFCs 3849 iyo 6303: IPv6 Tusaale Range Dukumiinti
    • BCP 32: Magacyada Domain ee Dukumintiga iyo Imtixaanka
    • RFCs 2544 iyo 5735: Tijaabinta Qaabdhismeedka Router
    • RFC 5735: IANA Reserved - Old Class E Space
    • RFC 4291: IPv6 Cinwaanada Aan Loo Qorneyn
    • RFCs 4193 iyo 6303: IPV6 ULA
    • RFCs 4291 iyo 6303: IPv6 Link Local
    • RFCs 3879 iyo 6303: Cinwaanada Goobta-Deegaanka ee IPv6 oo Hoos udhacay
    • RFC 4159: IP6.INT waa Hoos u dhac

Ku rakibida

xididka @ dns: ~ # aptitude search bind9
p bind9 - Internet Domain Name Server p bind9-doc - Documentation for BIND i bind9-host - Nooca 'host' oo lagu xiray BIND 9.X p bind9utils - Utiliyadaha BIND p gforge-dns-bind9 - aaladda horumarinta iskaashiga - maamulka DNS (adoo adeegsanaya Bind9) i A libbind9-90 - BIND9 Maktabada La Wadaago oo ay adeegsadaan BIND

Sidoo kale isku day orod aptitude search ~ dbind9

xididka @ dns: ~ # aptitude rakibi bind9

xididka @ dns: ~ # systemctl dib u bilaabi bind9.service

xididka @ dns: ~ # systemctl status bind9.service
Bind9.service - KU Xidhnow Server Name Name Server Load: raran (/lib/systemd/system/bind9.service; karti leh) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf
   Hawl: firfircoon (ordaya) laga soo bilaabo Fri 2017-02-03 10:33:11 EST; 1s kahor Docs: man: magacaabay (8) Nidaamka: 1460 ExecStop = / usr / sbin / rndc stop (koodh = kabax, xaalad = 0 / SUCCESS) Main PID: 1465 (magacaabay) CGroup: /system.slice/bind9.service └─1465 / usr / sbin / magacaabay -f -u bind Feb 03 10:33:11 dns magacaabay [1465]: aag maran oo otomaatig ah: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns magacaabay [1465]: dhageysiga amarka channel 127.0.0.1 # 953 Feb 03 10:33:11 dns magacaabay [1465]: channel channel dhageysiga on :: 1 # 953 Feb 03 10:33:11 dns magacaabay [1465]: waa la maareeyay -keys-zone: load serial 2 Feb 03 10:33:11 dns magacaabay [1465]: zone 0.in-addr.arpa/IN: serial load 1 Feb 03 10:33:11 dns magacaabay [1465]: zone localhost / IN: rar xamuul ah Feb 2 03 10:33:11 dns magacaabay [1465]: zone 127.in-addr.arpa/IN: taxane xamuul ah Feb 1 03 10:33:11 dns magacaabay [1465]: zone 255.in -addr.arpa/IN: xamuul taxan 1 Feb 03 10:33:11 dns magacaabay [1465]: dhamaan aaggaga la raray Feb 03 10:33:11 dns la magacaabay [1465]: socda Tilmaam: Khadadka qaar ayaa ellipsized, isticmaal -l si buuxda loo muujiyo.

Faylasha qaabeynta ee ay rakibtay BIND9

In yar oo ka duwan qaabeynta adeegga DNS ee CentOS iyo openSUSE, ee Debian ah feylasha soo socda ayaa lagu abuuray buugga. / iwm / xirid:

xididka @ dns: ~ # ls -l / etc / bind /
wadarta 52 -rw-r - r-- 1 xidid xidid 2389 Jun 30 2015 bind.keys -rw-r - r-- 1 xidid xidid 237 Jun 30 2015 db.0 -rw-r - r-- 1 xididka xididka 271 Jun 30 2015 db.127 -rw-r - r-- 1 xididka xididka 237 Jun 30 2015 db.255 -rw-r - r-- 1 xidid xidid 353 Jun 30 2015 db.empty -rw- r - r-- 1 xidid xidid 270 Jun 30 2015 db.local -rw-r - r - 1 xidid xidid 3048 Jun 30 2015 db.root -rw-r - r - 1 xidid xidho 463 Jun 30 2015 magacaabay.conf -rw-r - r-- 1 xidid xidho 490 Jun 30 2015 named.conf.default-zones -rw-r - 1 xidid xidho 165 Jun 30 2015 named.conf.local -rw -r - r-- 1 xidid xidido 890 Feb 3 10:32 magacaabay.conf.options -rw-r ----- 1 xidho xidho 77 Feb 3 10:32 rndc.key -rw-r - r- - 1 xididka xididka 1317 Jun 30 2015 zones.rfc1918

Dhammaan faylasha kor ku xusan waxay ku jiraan qoraal cad. Haddii aan dooneyno inaan ogaanno macnaha iyo nuxurka mid kasta oo ka mid ah, waxaan ku sameyn karnaa innagoo isticmaaleyna amarrada yar o cat, taas oo ah dhaqan wanaagsan.

Dukumiintiyada lasocda

Buugga cinwaanka / usr / share / doc / bind9 waxaan yeelan doonaa:

xididka @ dns: ~ # ls -l / usr / share / doc / bind9
wadarta 56 -rw-r - r-- 1 xididka xididka 5927 Jun 30 2015 copyright -rw-r - r-- 1 xididka 19428 30 Jun 2015 1 changelog.Debian.gz -rw-r - r-- 11790 xididka xididkiisu yahay 27 Jan 2014 1 FAQ.gz -rw-r - r-- 396 xididka xididka 30 Jun 2015 1 WARKA.Debian.gz -rw-r - r-- 3362 xididka xididka 30 Jun 2015 1 README.Debian. gz -rw-r - r-- 5840 xididka xididka 27 Jan 2014 XNUMX README.gz

Dukumiintiyadii hore waxaan kaheli doonnaa Agab Daraasad Farabadan oo aan kugula talineyno inaad aqriso KAhor intaanad habeynin BIND, iyo xitaa KA HOR inta aanad ka raadin internetka qormooyinka la xiriira BIND iyo DNS guud ahaan. Waxaan akhrin doonnaa waxyaabaha ku jira qaar ka mid ah feylashaas:

FAQs o Flooga baahan yahay Ala jeexjeexay Qsu'aalaha ku saabsan XIRIN 9

  1. Isku Aruurinta iyo Rakibaadda Su'aalaha - Su'aalaha ku saabsan isku duwidda iyo rakibaadda
  2. Qaabeynta iyo Su'aalaha Dejinta - Su'aalaha ku saabsan qaabeynta iyo habeynta
  3. Su'aalaha Hawlaha - Su’aalaha ku saabsan Howlgalka
  4. Su'aalaha Guud - weydiimaha guud
  5. Su'aalaha Gaarka ah ee Nidaamka Howlgalka - Su'aalo gaar ah oo ku saabsan Nidaam kasta oo Hawlgal
    1. HPUX
    2. Linux
    3. Windows
    4. FreeBSD
    5. Solaris
    6. Apple Mac OS X

WARARKA Debian.gz

WARARKA Debian soo koobitaanku wuxuu inoo sheegayaa in xuduudaha allow-weydiin-cache y ogolaasho-ku noqosho waxaa awoodi kara marka loo eego ACL-yada ku duuban BIND -dhisay- 'maxalliga ah'iyo'localhost'. Waxay sidoo kale na ogeysiineysaa in isbeddelada isbeddelka ah loo sameeyay si ay uga dhigaan server-yada khasnadaha wax soo jiidasho leh in lagu soo weeraro Is xoqin shabakadaha dibada.

Si loo hubiyo waxa ku qoran tuduca hore, haddii laga helo mashiinka shabakadda lafteeda 192.168.10.0/24 kaas oo ah midka tusaalahayaga, waxaan ku samaynaa codsi DNS ah domainka desdelinux.net, iyo isla mar ahaantaana server-ka laftiisa DNS.desdelinux. taageere waan fulinaa dabada -f / var / log / syslog waxaan heli doonaa waxyaabaha soo socda:

buzz @ sysadmin: ~ $ qodo localhost
.... ;; FUDUD FUDUD :; EDNS: nooca: 0, calamada :; udp: 4096 ;; QAYBTA SU'AASHA :; localhost. IN A ;; QAYBTA Jawaabta: localhost. 604800 IN A 127.0.0.1 ;; QAYBTA AWOODDA: localhost. 604800 IN NS localhost. ;; QAYBTA DHEERAADA: localhost. 604800 AAAA :: 1

buzz@sysadmin:~$ qod desdelinux.net
....
;; OPT PSEUDOSECTION:; EDNS: nooca: 0, calanka:; udp: 4096;; QAYBTA SU'AAL:;desdelinux.net. IN A
....
xididka @ dns: ~ # dabada -f / var / log / syslog ....
Feb 4 13:04:31 dns la magacaabay[1602]: qalad (shabakad aan la gaari karin) xallinta 'desdelinux.net/A/IN': 2001:7fd:: 1#53 Feb 4 13:04:31 dns la magacaabay[1602]: khalad (shabakad aan la gaadhi karin) xallinta 'desdelinux.net/A/IN': 2001:503:c27::2:30#53
....

Wax soo saarkii syslog aad ayey uga sii dheertahay sababtoo ah raadinta serverka xididka ah ee XASAN. Dabcan feylka /etc/resolv.conf kooxda sysadmin.desdelinux. taageere wuxuu tilmaamayaa DNS 192.168.10.5.

Laga soo bilaabo fulinta amarradii hore waxaan ka soo saari karnaa dhowr gabagabo mudnaanta:

  • BIND-da waxaa loo qaabeeyey qaab ahaan sidii Server Cache Server oo shaqeynaya iyada oo aan loo baahnayn qaabeyn dambe, waxayna ka jawaabtaa weydiimaha DNS ee loogu talagalay maxalliga ah iyo localhost
  • Ku noqoshada - Dib u noqoshada waa loo kartiyey maxalliga ah iyo localhost
  • Weli maahan server maamule
  • Si ka duwan CentOS, halkaas oo ay ahayd inaan ku dhawaaqno halbeegga «Dhegeyso-on dekedda 53 {127.0.0.1; 192.168.10.5; }, » si cad u dhegeyso codsiyada DNS ee ku saabsan isku xirka shabakadda 192.168.10.5 DNS lafteeda, Debian muhiim maahan maxaa yeelay waxay taageertaa codsiyada DNS maxalliga ah iyo localhost ugu talagal Dib u eeg waxa ku jira faylka /etc/bind/named.conf.options oo waxay arki doonaan inaanay jirin wax hadal ah dhagayso.
  • IPv4 iyo IPv6 weydiimaha waa la awoodsiiyay

Hadday aqriyaan oo u fasiraan - daasad sida aan ku dhahno Cuba - arjiga WARARKA Debian.gz Waxaan gaarnay gabagabo xiisa leh oo noo ogolaaneysa inaan wax yar ka ogaanno Falsafada Qaabdhismeedka Default ee Kooxda Debian marka loo eego BIND, maxay yihiin dhinacyada kale ee xiisaha leh ee aan ka baran karno inaan sii wadno akhrinta feylasha Dukumintiyada la socda?.

AKHRISO.Debian.gz

AKHRISO.Debian wuxuu na ogeysiinayaa - dhinacyo kale oo badan - in Kordhinta Amniga ee Nidaamka Magaca Domain - Kordhinta Amniga Magaca Nidaamka Nidaamka o DNSSEC, waa la karti yeelay; oo wuxuu mar kale xaqiijinayaa in qaabeynta qaabeynta ah ay u shaqeyso inta badan server-yada (server servers - server caleenta isagoo tixraacaya caleemaha geedka bogga) iyadoon loo baahnayn faragelin isticmaale.

  • DNSSEC sida laga soo xigtay Wikipedia: Kordhinta Nidaamka Nidaamka Magaca Nidaamka (DNSSEC) waa qeexitaanno qeexan oo ka socda Kooxda Hawlgallada Injineernimada Internetka (IETF) si loo sugo noocyada macluumaadka qaarkood ee ay bixiyaan nidaamka magaca. magaca domain (DNS) ee loo isticmaalo hab maamuuska internetka (IP). Waa nooc kordhin loo fidinayo DNS-ka oo bixiya macaamiisha DNS (ama xalliyayaal) oo leh xaqiijinta ilaha xogta DNS, diidmada la xaqiijiyey ee jiritaanka iyo hufnaanta xogta, laakiin ma ahan helitaan ama qarsoodi.

Ku saabsan isaga Qorshaha Qaabeynta wuxuu noo sheegayaa in dhammaan Faylasha Qaabdhismeedka Xaaladaha ah, Faylasha Aaga ee Adeegyada Root-ka, iyo Aagagga Hore iyo Dib u-celinta ee localhost ay ku jiraan / iwm / xirid.

Tusaha Shaqada Jinniga magacaabay es / var / khasnado / xirid si fayl kasta oo ku meel gaadh ah oo ay soosaaraan magacaabay sida keydka macluumaadka ee ay u adeegto sidii Server Addoon ah, ayaa ku qoran Nidaamka Faylka / var, taas oo ah halka ay ka tirsan yihiin.

Si ka duwan noocyadii hore ee xirmada XIRIIRKA loogu talagalay Debian, faylka magacaabay.conf iyo db. * la siiyay, waxay ku suntan yihiin feylasha qaabeynta. Qaabkaas oo ah haddii aan u baahanno Server Server oo inta badan u shaqeeya sidii Cache Server oo aan awood u lahayn cid kale, waxaan u adeegsan karnaa sidii loogu rakibay oo loo qaabeeyey si aan caadi ahayn

Haddii aad u baahato inaad hirgeliso DNS Awood leh, waxay soo jeedinayaan inaad geliso faylasha aagagga Master-ka isla galka / iwm / xirid. Haddii kakanaanta meelaha loogu talagalay taas oo ah magacaabay wuxuu noqon doonaa Awood-bixiye u baahan, waxaa lagugula talinayaa in la abuuro qaab-hoosaad hoosaad, tixraaca faylalka aagga gabi ahaanba faylka magacaabay.conf.

Kasta Faylka Aag ee loogu talagalay magacaabay u dhaqmo sidii Server Addoon waa inuu ku yaal / var / khasnado / xirid.

Faylasha Aaga oo ku xiran Cusbooneysiinta Dhaqdhaqaaqa ee DHCP ama amarka nuqulka, waa in lagu keydiyaa / var / lib / xira.

Haddii nidaamka qalliinka adeegsado hubka. Isbedelada soo socda ee qaabeynta ah magacaabay Waxay u baahan karaan isbeddello ku saabsan astaanta hubka. Booqday https://wiki.ubuntu.com/DebuggingApparmor intaadan buuxin foom eedeynaya a cayayaanka adeeggaas.

Waxaa jira dhowr arrimood oo la xiriira socodsiinta Debian BIND ee Chroot Cage - xabsiga chroot. Booqo http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html wixii macluumaad dheeraad ah.

Macluumaadka kale

nin magaciisu yahay, nin magaciisu yahay.conf, nin magaciisu yahay-checkconf, nin magaciisu yahay-jeeg, nin rndc, iyo wixii la mid ah

xididka @ dns: ~ # magacaabay -v
XIRI 9.9.5-9 + deb8u1-Debian (Nooca Taageerada La Kordhiyay)

xididka @ dns: ~ # magacaabay -V
XIRI 9.9.5-9 + deb8u1-Debian (Nooca Taageerada La Kordhiyay) waxaa lagu dhisay samee '--prefix = / usr' '-mandir = / usr / share / man' \ '-infodir = / usr / share / info' '--sysconfdir = / etc / bind' '' - -localstatedir = / var '' -enable-threads '' -enable-bigfile '\' --with-libtool '' --enable-wadaag '' --enable-static '\' --with-openssl = / usr '' -with-gssapi = / usr '' --with-gnu-ld '\' --with-geoip = / usr '' --with-atf = maya '' - suurtagal-ipv9 '' --enable-rrl '\' --enable-filter-aaaa '\' CFLAGS = -fno-adag-aliasing -fno-tirtir-null-tilmaame-hubin -DDIG_SIGCHASE -O8 'oo ay soo diyaarisay GCC 50 iyadoo la isticmaalayo nooca OpenSSL : OpenSSL 6k 2 Jan 4.9.2 adoo adeegsanaya nooca libxml1.0.1: 8

xididka @ dns: ~ # ps -e | grep magacaabay
  408? 00:00:00 magacaabay

xididka @ dns: ~ # ps -e | xarkaan xir
  339? 00:00:00 rpcbind

xididka @ dns: ~ # ps -e | grep bind9
xididka @ dns: ~ #

xididka @ dns: ~ # ls / var / run / magacaabay /
loo magacaabay.fadhiga pid.key  
xididka @ dns: ~ # ls -l /var/run/named/named.pid 
-rw-r - r-- 1 xidh xidho 4 Feb 4 13:20 /var/run/named/named.pid

xididka @ dns: ~ # rndc status
nooca: 9.9.5-9 + deb8u1-Debian Kombuyuutarrada la helay: 9 mawduucyada shaqaalaha: 8 dhagaystayaasha UDP halkii interface: 50 tirada aagagga: 1 heer qalad ah: 1 xfers soconaya: 1 xfers ayaa dib loo dhigay: 100 weydiimaha soa ee socda: 0 geedaha su'aalaha waa lajoojiyaa macaamiisha soo noqnoqda: 0/0/0 tcp macaamiisha: 0/0 server ayaa socda oo socda
  • Muhiimadda ay leedahay la-tashiga Dukumiintiyada lagu rakibay xirmada BIND9 waa mid aan la dafiri karin. mid kale ka hor.

xidh9-doc

xididka @ dns: ~ # aptitude rakibi iskuxirka bind9-doc2
xididka @ dns: ~ # dpkg -L bind9-doc

Xidhmada xidh9-doc Ku rakib, oo ay ku jiraan macluumaad kale oo faa'iido leh, Buugga Tixraaca Maamulaha BIND 9. Si aad u hesho buug-gacmeedka-ku qoran Ingiriis- waxaan fulineynaa:

xididka @ dns: ~ # file2: ///usr/share/doc/bind9-doc/arm/Bv9ARM.html
BIND 9 Buugga Tixraaca Maamulaha Xuquuqda daabacaadda (c) 2004-2013 Dalladda Nidaamyada Internetka ee Daladda, Inc. ("ISC") Xuquuqda daabacaadda (c) 2000-2003 Dalladda Software-ka Internetka.

Waxaan rajeyneynaa inaad ka heshay aqrinteeda.

  • Adigoon guriga ka tegin, waxaan gacanta ku haynaa Dukumiinti rasmi ah oo badan oo ku saabsan BIND iyo guud ahaan adeegga DNS.

Waxaan ku xirnaa BIND qaabka Debian-ka

/etc/bind/named.conf "maamulaha"

xididka @ dns: ~ # nano /etc/bind/named.conf
// Kani waa feylka qaabeynta aasaasiga ah ee loo yaqaan 'BIND DNS server' oo la magacaabay.
//
// Fadlan akhri /usr/share/doc/bind9/README.Debian.gz wixii macluumaad ah ee ku saabsan
// qaabdhismeedka faylasha qaabeynta XIRIIRKA ee Debian, * KA HOR * inaad adigu habeysid
// feylkaan qaabeynta.
//
// Haddii aad kaliya kudareyso aagag, fadlan ku samee taas gudaha /etc/bind/named.conf.local

ku dar "/etc/bind/named.conf.options";
ku dar "/etc/bind/named.conf.local";
ka mid ah "/etc/bind/named.conf.default-zones";

Cinwaanka faallooyinka miyuu u baahan yahay tarjumaad?

/etc/bind/named.conf.options

xididka @ dns: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

xididka @ dns: ~ # nano /etc/bind/named.conf.options
xulashooyinka {directory "/ var / cache / bind"; // Haddii uu jiro gidaar u dhexeeya adiga iyo magac-qofeedyada aad rabto // inaad la hadasho, waxaa laga yaabaa inaad u baahato hagaajinta gidaarka si aad ugu oggolaato dhowr dekedood inay la hadlaan. Eeg http://www.kb.cert.org/vuls/id/800113 // Haddii shirkaddaada ISP ay bixisay hal ama in ka badan cinwaanada IP ee xasilloon // magac bixiyaasha, waxaad u baahan tahay inaad u isticmaasho sidii gudbin ahaan. // Faahfaahin boodhka soo socda, oo geli cinwaannada beddelaya // meeleeyaha dhammaan-0. // gudbiyeyaasha {// 0.0.0.0; //}; // ============================================== ===================== $ // Haddii BIND uu qoro farriimo khalad ah oo ku saabsan furaha xididku uu dhacay, // waxaad u baahan doontaa inaad cusboonaysiiso furayaashaada. Eeg https://www.isc.org/bind-keys // ================================= =================================== $

    // Dooni meyno DNSSEC
        dnssec-karti maya;
        //dnssec-xaqiijinta auto;

        qor-nxdomain no; # raacsan RFC1035

 // Uma baahnin inaan dhageysano cinwaanada IPv6
        // dhagayso-on-v6 {kasta; };
    dhagayso-on-v6 {midna; };

 // Jeegaga ka imanaya localhost iyo sysadmin
    // iyada oo qod desdelinux.fan axfr // Ma hayno Slave DNS... ilaa hadda
 ogolaansho-wareejin {localhost; 192.168.10.1; };
};

xididka @ dns: ~ # magacaabay-jeegga 
xididka @ dns: ~ #

/etc/bind/named.conf.local

Cinwaanka faallooyinka feylkaan, waxay kugula talinayaan in lagu daro aagagga lagu tilmaamay RFC-1918 lagu sharaxay faylka /etc/bind/zones.rfc1918. Ka mid noqoshada aagagani waxay muujinayaan in wixii su'aal ah ee iyaga khuseeya aanu ka baxsanayn shabakada maxalliga ah ee loo maro server-yada, taas oo leh laba faa'iidooyin oo muhiim ah:

  • Xallinta maxalliga ah ee degdegga ah ee isticmaalayaasha maxalliga ah
  • Uma abuurayso taraafikada aan loo baahnayn - ama khiyaamo - taraafikada server-yada.

Shakhsiyan ma lihi xiriir internet si aan u tijaabiyo Soo noqoshada ama u gudbinta. Si kastaba ha noqotee, iyo sida aynaan u baabi'in Dib-u-celinta ee magacyada.conf.options feyl -oo macnaheedu yahay dib-u-noqosho aan;.

Markaad rakibayso XARIIR 9.9.7 Nidaamka Howlgalka ee FreeBSD 10.0, oo sidoo kale - iyo si kadis ah- Software Bilaash ah, feylka qaabeynta /usr/local/etc/namedb/named.conf.sample waxay ka kooban tahay aagag taxane ah oo kugula talinaya u adeegida gudaha si aad u hesho-faa'iidooyinka aan soo sheegnay.

Si aan loo badalin qaabeynta asalka ah ee isku xirnaanta Debian, waxaan kuu soo jeedineynaa sameynta feylka /etc/bind/zones.rfcFreeBSD oo ku dar /etc/bind/named.conf.local leh waxyaabaha hoos ku xusan, iyo waddooyinka - waddooyinka faylalka horey loogu waafajiyay Debian:

xididka @ dns: ~ # nano /etc/bind/zones.rfcFreeBSD
// Meesha Cinwaanka La Wadaago (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Link-local / APIPA (RFCs 3927, 5735 and 6303)
aagga "254.169.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// Meeleynta borotokoolka IETF (RFCs 5735 iyo 5736)
aagga "0.0.192.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// TEST-NET- [1-3] Dukumintiga (RFCs 5735, 5737 iyo 6303)
soone "2.0.192.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "100.51.198.in-addr.arpa" {type master; faylka "/etc/bind/db.empty"; }; aagga "113.0.203.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 Tusaale Range Dukumiintiyeed (RFCs 3849 iyo 6303)
soonaha "8.bd0.1.0.0.2.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// Magacyada Domain ee Dukumintiga iyo Imtixaanka (BCP 32)
soonaha "tijaabada" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "tusaale" {nooca sayidkiisa; faylka "/etc/bind/db.empty"; }; soonaha "aan ansax ahayn" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "example.com" {type master; faylka "/etc/bind/db.empty"; }; soonaha "example.net" {type master; faylka "/etc/bind/db.empty"; }; aagga "example.org" {type master; faylka "/etc/bind/db.empty"; };

// Tijaabinta Qaamuuska 'Router Benchmark' (RFCs 2544 iyo 5735)
soone "18.198.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "19.198.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IANA waa la keydiyay - Meesha Old Class E Space (RFC 5735)
aagga "240.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "241.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "242.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "243.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "244.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "245.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "246.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "247.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "248.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "249.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "250.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "251.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "252.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "253.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "254.in-addr.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 Cinwaanada Aan Loo Qorneyn (RFC 4291)
soonaha "1.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "3.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "5.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "6.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "7.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "8.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "a.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "b.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "c.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "d.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "e.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "0.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "1.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "2.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; aagga "3.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "5.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "6.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "7.f.ip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "8.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.f.ip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soone "afip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "bfip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "0.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "1.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "2.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "3.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "4.efip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "5.efip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "6.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; aagga "7.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 iyo 6303)
soonaha "cfip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "dfip6.arpa" {type master; faylka "/etc/bind/db.empty"; };

// IPv6 Link Local (RFCs 4291 iyo 6303)
soonaha "8.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "9.efip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "aefip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "befip6.arpa" {type master; faylka "/etc/bind/db.empty"; };

// IPv6 Cinwaanada Goobta-Deegaanka ee Hoos udhaca (RFCs 3879 iyo 6303)
soone "cefip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "defip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; }; soonaha "eefip6.arpa" {type master; faylka "/etc/bind/db.empty"; }; soonaha "fefip6.arpa" {nooca sayidka; faylka "/etc/bind/db.empty"; };

// IP6.INT waa Hoos u dhac (RFC 4159)
soonaha "ip6.int" {nooca sayidka; faylka "/etc/bind/db.empty"; };

In kasta oo aan tirtirnay suurtagalnimada dhageysiga codsiyada IPv6 tusaalaheenna, haddana waxaa habboon in lagu daro aagagga IPv6 ee faylkii hore loogu talagalay kuwa u baahan.

Nuxurka ugu dambeeya ee /etc/bind/named.conf.local es:

xididka @ dns: ~ # nano /etc/bind/named.conf.local
// // Wax kasta oo qaab dhismeed ah halkan ku samee // // Tixgeli inaad ku darto aagagga 1918 halkan, haddii aan loo isticmaalin hay'addaada // urur
ka mid ah "/etc/bind/zones.rfc1918"; ku dar "/etc/bind/zones.rfcFreeBSD";

// Bayaanka magaca, nooca, goobta, iyo cusboonaysiinta rukhsadda
// ee Aagagga Diiwaanada DNS // Labada Aag waa MASTERS
aagga"desdelinux.fan" {
 nooca master;
 faylka "/var/lib/bind/db.desdelinux.fan";
};

aagga "10.168.192.in-addr.arpa" {
 nooca master;
 faylka "/var/lib/bind/db.10.168.192.in-addr.arpa";
};

xididka @ dns: ~ # magacaabay-jeegga xididka @ dns: ~ #

Waxaan u abuureynaa feylasha Aag walba

Waxyaabaha ay ka kooban yihiin faylasha ku jira aag kasta ayaa si toos ah looga soo guurin karaa qodobka «DNS iyo DHCP ee CentOS 7«, Ilaa iyo inta aan ka taxaddarayno inaan u beddelno galka aagga / var / lib / xira:

[xidid @ dns ~] # nano /var/lib/bind/db.desdelinux. taageere
$TTL 3H @ SOA dnsdesdelinux. taageere. xidid.dns.desdelinux. taageere. ( 1 ; taxane 1D ; dib u cusboonaysii 1H ; isku day 1W ; dhacayso 3H ) ; ugu yar ama; Waqtiga kaydinta xun ee nolosha; @ gudaha NS DNSdesdelinux. taageere. @ IN MX 10 iimaylka.desdelinux. taageere. @ TXT"DesdeLinux, Blog uu u hibeeyay software bilaash ah "; Sysadmin in A 192.168.10.1 AD-DC IN A 192.168.10.3 FILESERVER IN A 192.168.10.4 DNS IN A 192.168.10.5 PROXYWEB IN A 192.168.10.6 A 192.168.10.7 FTPSERVER gudaha A 192.168.10.8 mail IN A 192.168.10.9

[xididka @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$TTL 3H @ SOA dnsdesdelinux. taageere. xidid.dns.desdelinux. taageere. ( 1 ; taxane 1D ; dib u cusboonaysii 1H ; isku day 1W ; dhacayso 3H ) ; ugu yar ama; Waqtiga kaydinta xun ee nolosha; @ gudaha NS DNSdesdelinux. taageere. ; 1 IN PTR sysadmin.desdelinux. taageere. 3 gudaha PTR ad-dc.desdelinux. taageere. 4 gudaha PTR fileserver.desdelinux. taageere. 5 gudaha PTR dns.desdelinux. taageere. 6 IN PTR proxyweb.desdelinux. taageere. 7 gudaha PTR blog.desdelinux. taageere. 8 gudaha PTR ftpserver.desdelinux. taageere. 9 Boostada PTR.desdelinux. taageere.

Waxaan hubineynaa qaabeynta aag kasta

root@dns:~# magacaabay-checkzone desdelinux.fan /var/lib/bind/db.desdelinux. taageere 
zone desdelinuxtaageere/IN: taxanayaal raran 1 OK

xididka @ dns: ~ # magacaabay-jeeg 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa 
aagga 10.168.192.in-addr.arpa/IN: taxane xamuul ah 1 Ok

Hubinta guud ee goobaha BIND

xididka @ dns: ~ # magacaabay-hubinta -zp
  • Iyadoo la raacayo nidaamka wax ka beddelka magacaabay.conf Iyadoo loo eegayo baahiyahayaga iyo hubinta, oo aan abuureyno aag walba oo aan hubinno, waxaan ka shakisanahay inay tahay inaan wajahno dhibaatooyinka ugu weyn ee qaabeynta. Ugu dambayntii waxaan garwaaqsan nahay inay tahay ciyaar wiil, oo leh fikrado badan iyo isku xirnaan xanaf leh. 😉

Jeegaantu waxay soo celisay natiijooyin lagu qanco, sidaa darteed waxaan dib u bilaabi karnaa BIND - magacaabay.

Waxaan dib u bilaabi BIND-ga oo hubinaa sida uu yahay

[xididka @ dns ~] # systemctl dib u bilaabi bind9.service
[xididka @ dns ~] # systemctl status bind9.service
Bind9.service - Xidhmee Magaca Domain Server Server Load: raran (/lib/systemd/system/bind9.service; firfircoonaan) Drop-In: /run/systemd/generator/bind9.service.d -50-insserv.conf- $ named.conf Firfircoon: firfircoon (socda) ilaa Sun 2017-02-05 07:45:03 EST; 5s kahor Docs: man: magacaabay (8) Geedi socodka: 1345 ExecStop = / usr / sbin / rndc stop (koodh = kabax, status = 0 / SUCCESS) Main PID: 1350 (magacaabay) CGroup: /system.slice/bind9.service 1350 / usr / sbin / magacaabay -f -u bind Feb 05 07:45:03 dns magacaabay [1350]: aagga 1.f.ip6.arpa/IN: taxane xamuul ah 1 Feb 05 07:45:03 dns magacaabay [1350]: zone afip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns magacaabay [1350]: zone localhost / IN: load serial 2 Feb 05 07:45:03 dns magacaabay [1350]: zone test / IN: load serial 1 Feb 05 07:45:03 dns named [1350]: zone example / IN: load serial 1 Feb 05 07:45:03 dns magacaabay [1350]: aagga 5.efip6.arpa/IN: la rariyey serial 1 Feb 05 07:45:03 dns magacaabay [1350]: zone bfip6.arpa/IN: load serial 1 Feb 05 07:45:03 dns magacaabay [1350]: zone ip6.int/IN: taxane rar 1 Feb 05 07:45:03 dns magacaabay [1350]: dhammaan aagagga la raray Feb 05 07:45:03 dns la magacaabay [1350]: socda

Haddii aan helno nooc kasta oo khalad ah oo ka soo baxa amarka ugu dambeeya, waa inaan dib u bilownaa magacaabay. adeeg oo dib u hubi adiga xaaladda. Haddii khaladaadku dhammaadaan, adeeggu wuxuu ku bilaabmay si guul leh. Haddii kale, waa inaan dib u eegis dhameystiran ku sameynaa dhammaan feylasha wax laga beddelay iyo kuwa la abuuray, oo aan ku soo celino nidaamka.

Hubinta

Jeegaga waxaa lagu mari karaa isla server-ka ama mashiin ku xiran LAN-ka. Waxaan door bidnay inaan iyaga ka qabano kooxda sysadmin.desdelinux. taageere kaas oo aan siinay ogolaansho deg deg ah oo lagu sameeyo Wareejinta Aaga. Faylka /etc/resolv.conf kooxdaas waa kuwan soo socda:

buzz @ sysadmin: ~ $ bisad /etc/resolv.conf 
# Waxaa keenay raadinta NetworkManager desdelinux.magacaye taageere 192.168.10.5

buzz@sysadmin:~$ qod desdelinux.fanaan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr;; fursadaha caalamiga ah: +cmd
desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800
desdelinux. taageere. 10800 IN NS dns.desdelinux. taageere.
desdelinux. taageere. 10800 IN MX 10 iimaylka.desdelinux. taageere.
desdelinux. taageere. 10800 gudaha TXT"DesdeLinux, Blog kaaga u heellan Software-ka Bilaashka ah" ad-dc.desdelinux. taageere. 10800 gudaha 192.168.10.3 blog.desdelinux. taageere. 10800 IN A 192.168.10.7 dns.desdelinux. taageere. 10800 IN TO 192.168.10.5 fileserver.desdelinux. taageere. 10800 IN A 192.168.10.4 ftpserver.desdelinux. taageere. 10800 IN A 192.168.10.8 boostada.desdelinux. taageere. 10800 IN A 192.168.10.9 proxyweb.desdelinux. taageere. 10800 IN A 192.168.10.6 sysadmin.desdelinux. taageere. 10800 ILAA 192.168.10.1
desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800;; Waqtiga weydiinta: 1 msc;; ADEEGA: 192.168.10.5#53(192.168.10.5) ;; Goorma: Sun Feb 05 07:49:01 EST 2017
;; Xajmiga XFR: 13 diiwaanka (farriimaha 1, bytes 385)

buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr ;; fursadaha caalamiga ah: + cmd 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 IN NS dns.desdelinux. taageere. 1.10.168.192.in-addr.arpa. 10800 IN PTR sysadmin.desdelinux. taageere. 3.10.168.192.in-addr.arpa. 10800 IN PTR ad-dc.desdelinux. taageere. 4.10.168.192.in-addr.arpa. 10800 IN PTR fileserver.desdelinux. taageere. 5.10.168.192.in-addr.arpa. 10800 IN PTR dns.desdelinux. taageere. 6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux. taageere. 7.10.168.192.in-addr.arpa. 10800 IN PTR blog.desdelinux. taageere. 8.10.168.192.in-addr.arpa. 10800 gudaha PTR ftpserver.desdelinux. taageere. 9.10.168.192.in-addr.arpa. 10800 Boostada PTR.desdelinux. taageere. 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800;; Waqtiga weydiinta: 1 msc;; ADEEGA: 192.168.10.5#53(192.168.10.5) ;; Goorma: Sun Feb 05 07:49:47 EST 2017
;; Xajmiga XFR: 11 diiwaanka (farriimaha 1, bytes 333)

buzz@sysadmin:~$ qod SOA desdelinux. taageere
buzz@sysadmin:~$ qod MX desdelinux.fan buzz@sysadmin:~$ qod TXT desdelinux. taageere

buzz @ sysadmin: ~ $ host proxyweb
proxyweb.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.6

buzz @ sysadmin: ~ $ martigeliyaha ftpserver
ftpserver.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.8

buzz @ sysadmin: ~ $ host 192.168.10.9
9.10.168.192.in-addr.arpa boostada tilmaame magac domain.desdelinux. taageere.

… Iyo xaqiijin kasta oo kale oo aan u baahanahay.

Waxaan rakibnaa oo aan qaabeynaa DHCP

On Debian, adeegga DHCP waxaa bixiya xirmada isc-dhcp-server:

xididka @ dns: ~ # raadinta caqli-gal isc-dhcp
i isc-dhcp-macmiil - macmiilka DHCP si otomaatig ah u helo cinwaanka IP p isc-dhcp-client-dbg - ISC DHCP server loogu talagalay meeleynta cinwaanka IP otomaatiga ah (debug macmiilka) i isc-dhcp-caadi - faylalka guud ee ay wada isticmaalaan dhammaan baakadaha isc-dhcp p isc-dhcp-dbg - server ISC DHCP oo loogu talagalay meeleynta cinwaanka IP-da si otomaatig ah (calaamadeynta calaamadda p isc-dhcp-dev - API ee helitaanka iyo wax ka beddelka serverka DHCP iyo gobolka macmiilka p isc-dhcp-relay - ISC DHCP relay daemon p isc-dhcp-relay-dbg - server ISC DHCP oo loogu talagalay meelaynta cinwaanka IP otomaatiga ah (gudbinta gudbinta) p isc-dhcp-server - ISC DHCP server oo loogu talagalay cinwaanka IP-da ee otomaatiga ah isc-dhcp-server-dbg - ISC DHCP server loogu talagalay otomaatiga cinwaanka IP-ga ee loo qoondeeyey

xididka @ dns: ~ # aptitude rakibi isc-dhcp-server

Kadib rakibida xirmada, -mnipresent- systemd waxay ka cabaneysaa inaysan bilaabi karin adeegga. Debian ahaan, waa inaan si cad u sheegnaa iskuxirka shabakada ay kireyneyso cinwaanada IP-ga kana jawaabeyso codsiyada, isc-dhcp-server:

xididka @ dns: ~ # nano / iwm / default / isc-dhcp-server
.... # Waa kuwee isweydaarsiyeyaashu ay tahay inuu adeegaha DHCP (dhcpd) u adeego codsiyada DHCP? # Kala sooc farabadan oo fara badan, tusaale "eth0 eth1".
ISGUDUB = "eth0"

Dukumiintiyada rakibay

xididka @ dns: ~ # ls -l / usr / share / doc / isc-dhcp-server /
wadarta 44 -rw-r - r-- 1 xidid xidid 1235 Dec 14 2014 copyright -rw-r - r - 1 xidid xidid 26031 Feb 13 2015 changelog.Debian.gz drwxr-xr-x 2 xidid xidid 4096 Feb 5 08:10 tusaalooyin -rw-r - r-- 1 xidid xidid 592 Dec 14 2014 NEWS.Debian.gz -rw-r - r-- 1 xididka 1099 Dec 14 2014 README.Debian

Furaha TSIG "dhcp-key"

Jiilka furaha ayaa lagula talinayaa TSIG o Saxeexa Macaamil - Tdhaqasho SIGdabeecadda, si loo xaqiijiyo cusbooneysiinta cusbooneysiinta DNS ee DHCP. Sidaan ku aragnay qormadii hore «DNS iyo DHCP ee CentOS 7“Waxaan tixgelinaynaa in jiilka furahan uusan muhiim ahayn, gaar ahaan marka labada adeegba lagu rakibo hal server. Si kastaba ha noqotee, waxaan bixinaa nidaamka guud ee jiilkiisa otomaatiga ah:

xididka @ dns: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
Kdhcp-fure. + 157 + 11088

xididka @ dns: ~ # cat Kdhcp-key. +157 + 11088. gaar ah 
Qaab-furaha gaarka loo leeyahay: v1.3 Algorithm: 157 (HMAC_MD5) Furaha: TEqfcx2FUMYBQ1hA1ZGelA == Bits: AAA = Abuurtay: 20170205121618 Daabac: 20170205121618 Dhaqdhaqaaq: 20170205121618

xididka @ dns: ~ # nano dhcp.key
fure dhcp-key {
        algorithm hmac-md5;
        qarsoodi ah "TEqfcx2FUMYBQ1hA1ZGelA ==";
};

xididka @ dns: ~ # rakib -o xididka -g xidho -m 0640 dhcp.key /etc/bind/dhcp.key xididka @ dns: ~ # rakib -o xididka -g xididka -m 0640 dhcp.key / iwm / dhcp /dhcp.key xididka @ dns: ~ # ls -l /etc/bind/*.key
-rw-r ----- 1 xidid xidid 78 Feb 5 08:21 /etc/bind/dhcp.key -rw-r ----- 1 xidho xidho 77 Feb 4 11:47 / etc / bind / rndc .key
xididka @ dns: ~ # ls -l /etc/dhcp/dhcp.key 
-rw-r ----- 1 xididka xididka 78 Feb 5 08:21 /etc/dhcp/dhcp.key

Cusbooneysiinta AAGA BIND iyadoo la isticmaalayo dhcp-key

xididka @ dns: ~ # nano /etc/bind/named.conf.local
// // Samee qaabeynta gudaha halkan // // Tixgeli inaad ku darto aagagga 1918 halkan, haddii aan lagu isticmaalin // ururkaaga waxaa ka mid ah "/etc/bind/zones.rfc1918"; waxaa ka mid ah "/etc/bind/zones.rfcFreeBSD"; ka mid ah "/etc/bind/dhcp.key"; // Ku dhawaaqida magaca, nooca, goobta, iyo ogolaanshaha cusbooneysiinta // Aagagga Diiwaanka DNS // Labada Aag waa aagga MASTER"desdelinux.fan" {nooca master-ka; faylka"/var/lib/bind/db.desdelinux.fan";
 u oggolow-cusbooneysiin {fure dhcp-key; };
}; soonaha "10.168.192.in-addr.arpa" {type master; faylka "/var/lib/bind/db.10.168.192.in-addr.arpa";
 u oggolow-cusbooneysiin {fure dhcp-key; };
};
xididka @ dns: ~ # magacaabay-jeegga 
xididka @ dns: ~ #

Waxaan u qaabeyneynaa isc-dhcp-server

xididka @ dns: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
xididka @ dns: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style ku meel gaar ah; ddns-updates on; ddns-domainname"desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; iska illow cusboonaysiinta macmiilka; awood leh; ikhtiyaarka ip-gudbinta off; magaca domain-door doorashada "desdelinux.fan"; ka mid ah "/etc/dhcp/dhcp.key"; aagga desdelinux. taageere. { aasaasiga 127.0.0.1; furaha dhcp-key; } aagga 10.168.192.in-addr.arpa. { aasaasiga 127.0.0.1; furaha dhcp-key; } la wadaago-network redlocal {subnet 192.168.10.0 netmask 255.255.255.0 {ikhtiyaarka router 192.168.10.1; ikhtiyaarka subnet-mask 255.255.255.0; ciwaanka-baahinta ikhtiyaariga ah 192.168.10.255; ikhtiyaarka domain-name-servers 192.168.10.5; ikhtiyaarka netbios-name-servers 192.168.10.5; kala duwan 192.168.10.30 192.168.10.250; } } # DHAMMAAD dhcpd.conf

Waxaan hubinaynaa faylka dhcpd.conf

xididka @ dns: ~ # dhcpd -t
Dalada Nidaamyada Internetka Serverka DHCP 4.3.1 Xuquuqda daabacaadda 2004-2014 Dalladda Nidaamyada Internetka. Xuquuqda daabacaadu way xifdisan. Macluumaad ahaan, fadlan booqo https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Faylka Database: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

Waxaan dib u bilaabi doonaa BIND oo waxaan bilownaa isc-dhcp-server

xididka @ dns: ~ # systemctl dib u bilaabi bind9.service 
xididka @ dns: ~ # systemctl status bind9.service 

xididka @ dns: ~ # systemctl bilaw isc-dhcp-server.service
xididka @ dns: ~ # systemctl status isc-dhcp-server.service 
Isc-dhcp-server.service - LSB: server DHCP Loaded: raran (/etc/init.d/isc-dhcp-server) Firfircoon: firfircoon (socda) ilaa Sun 2017-02-05 08:41:45 EST; 6s kahor Hannaanka: 2039 ExecStop = / etc / init.d / isc-dhcp-server stop (koodh = kabax, xaalad = 0 / GUUL) Geedi socodka: 2049 ExecStart = / etc / init.d / isc-dhcp-server bilow ( koodh = kabax, xaalad = 0 / GUUL) CGroup: /system.slice/isc-dhcp-server.service └─2057 / usr / sbin / dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf / var / run / dhcpd.pid eth0 Feb 05 08:41:43 dns dhcpd [2056]: Waxa loo qoray 0 heshiisyo kirooyinka kirada. Feb 05 08: 41: 43 dns dhcpd [2057]: Adeeg bilawga adeegga. Feb 05 08: 41: 45 dns isc-dhcp-server [2049]: Bilaabida serverka ISC DHCP: dhcpd.

Hubinta macaamiisha

Waxaan ku bilownay macmiil ku shaqeeya nidaamka Windows 7, oo leh magaca «LAGER».

buzz @ sysadmin: ~ $ host lager
LAGER.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.30

buzz@sysadmin:~$ qod txt lager.desdelinux. taageere

Waxaan magaca macmiilka u bedeleynaa "toddobo" oo waxaan dib ugu bilaabi doonnaa macmiilka

buzz @ sysadmin: ~ $ host lager
;; isku xirnaanta waqtigeedii; wax server ah lama helin

buzz@sysadmin: ~ $ martigaliya toddobo
toddobo.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa tilmaame magac domain todoba.desdelinux. taageere.

buzz@sysadmin:~$ qod txt todoba.desdelinux. taageere

Waxaan magaca macmiilka Windows 7 u badalnay "win7"

buzz @ sysadmin: ~ $ martigaliya toddobo
;; isku xirnaanta waqtigeedii; wax server ah lama helin

buzz @ sysadmin: ~ $ host win7
guul7.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa tilmaame magac domain win7.desdelinux. taageere.

buzz@sysadmin:~$ qod txt win7.desdelinux. taageere
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> gudaha txt win7.desdelinuxtaageere;; fursadaha caalamiga ah: +cmd ;; Waxaan helay jawaab:; ->> MADAXA<<- opcode: QUERY, heerka: NOERROR, id: 11218;; calanka: qr aa rd ra; SU'AAL: 1, JAWAAB: 1, MAAMULKA: 1, DHEERAAD AH: 2;; OPT PSEUDOSECTION:; EDNS: nooca: 0, calanka:; udp: 4096;; QAYBTA SU'AAL: ;guul7.desdelinux. taageere. IN TXT;; QAYBTA JAWAAB: guul7.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"; QAYBTA MAAMULKA:
desdelinux. taageere. 10800 IN NS dns.desdelinux. taageere. ;; QAYB DHEERAAD AH: dns.desdelinux. taageere. 10800 IN A 192.168.10.5;; Waqtiga su'aasha: 0 msc;; ADEEGA: 192.168.10.5#53(192.168.10.5) ;; GOORTA: Axad Feb 05 09:13:20 EST 2017;; MSG SIZE rcvd: 129

buzz@sysadmin:~$ qod desdelinux.fanaan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr;; fursadaha caalamiga ah: +cmd
desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 8 86400 3600 604800 10800
desdelinux. taageere. 10800 IN NS dns.desdelinux. taageere.
desdelinux. taageere. 10800 IN MX 10 iimaylka.desdelinux. taageere.
desdelinux. taageere. 10800 gudaha TXT"DesdeLinux, Blog kaaga u heellan Software-ka Bilaashka ah" ad-dc.desdelinux. taageere. 10800 gudaha 192.168.10.3 blog.desdelinux. taageere. 10800 IN A 192.168.10.7 dns.desdelinux. taageere. 10800 IN TO 192.168.10.5 fileserver.desdelinux. taageere. 10800 IN A 192.168.10.4 ftpserver.desdelinux. taageere. 10800 IN A 192.168.10.8 boostada.desdelinux. taageere. 10800 IN A 192.168.10.9 proxyweb.desdelinux. taageere. 10800 IN A 192.168.10.6 sysadmin.desdelinux. taageere. 10800 ILAA 192.168.10.1
guul7.desdelinux. taageere. 3600 IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
guul7.desdelinux. taageere. 3600 ILAA 192.168.10.30
desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 8 86400 3600 604800 10800;; Waqtiga su'aasha: 2 msc;; ADEEGA: 192.168.10.5#53(192.168.10.5) ;; GOORTA: Axad Feb 05 09:15:13 EST 2017;; Cabbirka XFR: 15 diiwaan (farimaha 1, bytes 453)

Soo saarida kore, waxaan ku iftiiminay geesi ka TTL - ilbiriqsiyo - kumbuyuutarrada leh cinwaanada IP-ga ee ay bixiso adeegga DHCP kuwa leh caddeyn cad oo ah TTL 3600 oo ay bixiso DHCP. IPs go'an waxaa haga $ TTL ee 3H -3 saacadood = 10800 ilbiriqsiyo- oo lagu caddeeyay diiwaanka SOA ee feyl kasta aag.

Waxay ku hubin karaan aaga gadaal si isku mid ah.

[xididka @ dns ~] # qod 10.168.192.in-addr.arpa axfr

Amarada kale ee aadka u xiisaha badan waa:

[root@dns ~] # magaceedu yahay-journalprint /var/lib/bind/db.desdelinux.fan.jnl
del desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800 ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 2 86400 3600 604800 10800 ku dar LAGER.desdelinux. taageere. 3600 IN A 192.168.10.30 ku dar LAGER.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ka desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 2 86400 3600 604800 10800 ee LAGER.desdelinux. taageere. 3600 IN A 192.168.10.30 ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 3 86400 3600 604800 10800 del desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 3 86400 3600 604800 10800 ee LAGER.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 4 86400 3600 604800 10800 del desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 4 86400 3600 604800 10800 ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 5 86400 3600 604800 10800 ku dar todoba.desdelinux. taageere. 3600 IN A 192.168.10.30 ku dar todoba.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ka desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 5 86400 3600 604800 10800 ee todobada.desdelinux. taageere. 3600 IN A 192.168.10.30 ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 6 86400 3600 604800 10800 del desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 6 86400 3600 604800 10800 ee todobada.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 7 86400 3600 604800 10800 del desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 7 86400 3600 604800 10800 ku dar desdelinux. taageere. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 8 86400 3600 604800 10800 ku dar guul7.desdelinux. taageere. 3600 IN A 192.168.10.30 dar guul7.desdelinux. taageere. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

[xididka @ dns ~] # magacaabay-journalprint /var/lib/bind/db.10.168.192.in-addr.arpa.jnl
laga bilaabo 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 1 86400 3600 604800 10800 ku dar 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 2 86400 3600 604800 10800 ku dar 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux. taageere. laga bilaabo 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 2 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux. taageere. ku dar 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 3 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 3 86400 3600 604800 10800 ku dar 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 4 86400 3600 604800 10800 ku dar 30.10.168.192.in-addr.arpa. 3600 gudaha PTR todoba.desdelinux. taageere. laga bilaabo 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 4 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 gudaha PTR todoba.desdelinux. taageere. ku dar 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 5 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 5 86400 3600 604800 10800 ku dar 10.168.192.in-addr.arpa. 10800 gudaha SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. 6 86400 3600 604800 10800 ku dar 30.10.168.192.in-addr.arpa. 3600 IN PTR guul7.desdelinux. taageere.

[xididka @ dns ~] # journalctl -f

Wax ka beddelka gacanta ee faylasha Aagagga

Ka dib markay DHCP gaarto ciyaarta si firfircoon u cusbooneysiinta faylalka AAGA BIND, haddii aan waligeen u baahanahay inaan gacan wax ka beddelno aag feyl, waa inaan fulinno nidaamka soo socda, laakiin ka hor inta aan wax yar ka ogaanno howlaha aagga. utility rdc -nin rndc- xakamaynta magacaabay.

  • qaboojiyaha rndc [aaga [fasalka [aragtida]]], wuxuu hakiyaa cusbooneysiinta firfircoonaanta aagga. Haddii midkoodna aan la cayimin, dhammaantood waa la qaboojin doonaa. Amarku wuxuu u oggolaanayaa tafatirka gacanta ee aagga la qaboojiyey ama dhammaan aagagga. Wixii cusbooneysiin firfircoon ayaa la diidi doonaa inta la qaboojinayo.
  • rndc dhalaal [aag [fasal [aragti]]], wuxuu awood u siinayaa cusbooneysiinta firfircoon ee aag hore loo qaboojiyey. Server-ka DNS-ka wuxuu dib uga soo buuxiyaa faylka aagga disk-ka, cusbooneysiinta firfircoonina dib ayaa loo shaqeysiiyaa kadib markii dib u buuxinta ay dhammaato.

Digtoonno in la qaado marka aan gacanta ku saxno faylka aag? La mid ah haddii aan abuureyno, annaga oo aan ilaawin inaan ku kordhinno tirada taxanaha ah 1 ama serial ka hor intaadan kaydin feylka oo leh isbeddelada ugu dambeeya.

Waxaan qaboojineynaa aagagga

Maaddaama aan isbeddello ku sameyn doonno Aagagga horay iyo gadaal inta DNS iyo DHCP ay socdaan, waxa ugu caafimaad qaba ee la sameeyo waa in la xayiro aagagga DNS:

[xididka @ dns ~] # rndc xayiray

Aagga desdelinux. taageere wuxuu ka kooban yahay diiwaanka soo socda:

[xidid @ dns ~ # bisad /var/lib/bind/db.desdelinux. taageere
$ORIGIN . $TTL 10800; 3 saacadood
desdelinux. taageere IN SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. (
                                8; taxane ah
                                86400; dib u cusbooneysiin (1 maalin) 3600; isku day (1 saac) 604800 ; dhacayo (1 todobaad) 10800; ugu yaraan (3 saacadood) ) NS dns.desdelinux. taageere. MX 10 iimaylkadesdelinux. taageere. QORAAL"DesdeLinux, Blog kaaga u heellan Software-ka Bilaashka ah" $ORIGIN desdelinux. taageere. ad-dc Ku socota 192.168.10.3 baloog ilaa 192.168.10.7 dns ilaa 192.168.10.5 fileserver To 192.168.10.4 ftpserver Ku 192.168.10.8 ku dir 192.168.10.9 min ilaa 192.168.10.6 192.168.10.1 $TTL 3600; 1 saac guul7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

Aynu ku darno adeegaha «shoolaad»Iyada oo IP ah 192.168.10.10:

root@dns:~# nano /var/lib/bind/db.desdelinux. taageere
$ORIGIN . $TTL 10800; 3 saacadood
desdelinux. taageere IN SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. (
                9; taxane ah
                86400; dib u cusbooneysiin (1 maalin) 3600; isku day (1 saac) 604800 ; dhacayo (1 todobaad) 10800; ugu yaraan (3 saacadood) ) NS dns.desdelinux. taageere. MX 10 email.desdelinux. taageere. QORAAL"DesdeLinux, Blog kaaga u heellan Software-ka Bilaashka ah" $ORIGIN desdelinux. taageere. ad-dc Ku socota 192.168.10.3 baloog ilaa 192.168.10.7 dns ilaa 192.168.10.5 fileserver To 192.168.10.4 ftpserver Ku 192.168.10.8 ku dir 192.168.10.9
shorewall A 192.168.10.10
sysadmin A 192.168.10.1 $ TTL 3600; 1 saac guul7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

Waxaan u maleyneynaa inaan sidoo kale wax ka bedelno aagga gadaal:

xididka @ dns: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN . $TTL 10800; 3 saacadood 10.168.192.in-addr.arpa IN SOA dns.desdelinux. taageere. xidid.dns.desdelinux. taageere. (
                                7; taxane ah
                                86400; dib u cusbooneysiin (1 maalin) 3600; isku day (1 saac) 604800 ; dhacayo (1 todobaad) 10800; ugu yaraan (3 saacadood) ) NS dns.desdelinux. taageere. $ORIGIN 10.168.192.in-addr.arpa. 1 PTR sysadmin.desdelinux. taageere. 3 PTR ad-dc.desdelinux. taageere. $TTL 3600; 1 saac 30 PTR guul7.desdelinux. taageere. $TTL 10800; 3 saacadood 4 PTR fileserver.desdelinux. taageere. 5 PTR dnsdesdelinux. taageere. 6 PTR proxyweb.desdelinux. taageere. 7 PTR blog.desdelinux. taageere. 8 PTR ftpserver.desdelinux. taageere. 9 Boostada PTR.desdelinux. taageere.
10 PTR xeebta.desdelinux. taageere.

Waxaan dhalaalineynaa oo aan dib u buuxineynaa aagagga

[xididka @ dns ~] # rndc dhalaal

xididka @ dns: ~ # journalctl -f
--Loggu wuxuu bilaabmaa Axadda 2017-02-05 06:27:10 EST. --February 05 12:00:29 dns oo la magacaabay[1996]: waxa la helay taliska kanaalka kanaalka 'thaw' Feb 05 12:00:29 dns oo la magacaabay[1996]: dhalaalay dhammaan aagagga: guusha Feb 05 12:00:29 dns la magacaabay[ 1996]: aagga 10.168.192.in-addr.arpa/IN: faylka joornaalku waa dhacay: ka saarida faylka joornaalka Feb 05 12:00:29 dns oo la magacaabay[1996]: zone 10.168.192.in-addr.arpa/ Gudaha: la raray taxane 7 Feb 05 12:00:29 dns la magacaabay[1996]: aagga desdelinux.fan/IN: faylka joornaalku waa dhacay: ka saarida faylka joornaalka Feb 05 12:00:29 dns la magacaabay[1996]: zone desdelinuxtaageere/IN: taxanayaal raran 9

buzz @ sysadmin: ~ $ host shorewall
darbiga xeebta.desdelinux.fanku wuxuu leeyahay ciwaanka 192.168.10.10

buzz @ sysadmin: ~ $ host 192.168.10.10
10.10.168.192.in-addr.arpa magac domain tilmaame shorewall.desdelinux. taageere.

buzz@sysadmin:~$ qod desdelinux.fanaan axfr

buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr

xididka @ dns: ~ # journalctl -f
.... Feb 05 12:03:05 dns la magacaabay[1996]: macmiilka 192.168.10.1#37835 (desdelinux.fan): wareejinta 'desdelinux.fan/IN': AXFR bilaabay Feb 05 12:03:05 dns la magacaabay[1996]: macmiilka 192.168.10.1#37835 (desdelinux.fan): wareejinta 'desdelinux.fan/IN': AXFR dhammaatay Feb 05 12:03:20 dns magacaabay[1996]: macmiilka 192.168.10.1#46905 (10.168.192.in-addr.arpa): wareejinta '10.168.192.in-addr. arpa/IN': AXFR bilaabay Feb 05 12:03:20 dns magacaabay[1996]: macmiilka 192.168.10.1#46905 (10.168.192.in-addr.arpa): wareejinta '10.168.192.in-addr.arpa /IN': AXFR wuu dhamaaday

Resumen

Ilaa hadda waxaan haynaa Caché DNS server oo shaqeynaya, kaas oo taageera Dib-u-Celinta, taas oo Awood u leh Aagga desdelinux. taageere, iyo taasi waxay u oggolaaneysaa DHCP inay cusbooneysiiso Aagagga Forward iyo Reverse ee ay la socdaan magacyada kombuyuutarrada iyo IP-ga ay siiso.

Maqaalkan iyo labadii hore «DNS iyo DHCP ee furanSUSE 13.2 'Harlequin'"iyo"DNS iyo DHCP ee CentOS 7»Ficil ahaan waa mid. Waxaad ka heli doontaa fikradaha guud ee ku saabsan DNS iyo DHCP, iyo waxyaabo u gaar ah qaybinta kasta oo ka mid ah. Waxay yihiin a Barta gelitaanka mawduuca, iyo aasaaska horumarka ka sii adag.

Kama waaban doonno inaan ku adkeyno - mar kale - muhiimadda ay leedahay aqrinta dukumiintiyada farsamada ee lagu rakibay qaab ahaan xirmo kasta, KA HOR inta aan la habeynin wax faahfaahin ah. Waxaan ka niri waayo aragnimadeena.

Gaarsiinta xigta

Waxay u badan tahay inay tahay "Microsoft® Active Directory + BIND"


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   qorraxda dijo
    samee 7 sano

    Waa maxay qayb ka mid ah casharrada aad u dirtay lammaane, anigu garan maayo meesha awoodda intaa le'eg ee faahfaahsan iyo kala dambaynta ay ka timaaddo maadooyinka sida tan u adag.

    Hambalyadayda ugu daacadsan, sharaf ii ah inaan kuu aqriyo

    Ka jawaab jawaabta
  2.   bafo dijo
    samee 7 sano

    Waa inaan kuu sheegaa in casharrada aad soo saarto ay yihiin HOSTIA, waan jeclahay iyaga.
    Waxaan had iyo jeer sugayaa cutubkaaga xiga.
    Markaad dhamaysid miyaad dhigaysaa pdf? Waa dukumiinti feker ahaanteyda ah mid aad u qiimo badan, una qalma in si wanaagsan loo ilaaliyo.
    Aad baad u mahadsantahay iyo salaan weyn.
    Bafo.

    Jawaab Bafo
  3.   federico dijo
    samee 7 sano

    Bafo: Aad baad ugu mahadsantahay qiimeyntaada iyo faallooyinkaaga. Abaalmarinta ugu fiican ee waqtiga, shaqada, iyo dadaalka aan ugu deeqo macallin kasta waa faallooyinka. Ha ahaato mid togan ama mid taban, laakiin waa astaan ​​muujineysa in aan la dareemin. Waxaan u maleynayaa in akhristayaal badani ay soo dejistaan ​​oo keydiyaan, ama calaamadeeyaan. Laakiin waxaan u qaadan karaa oo kaliya marka loo eego tirada booqashooyinka. Aad ayey u xun tahay in faallooyin badani aysan jirin, in kasta oo aan ogahay in arrimaha aan wax ka qabanayaa ay aasaas u yihiin Sysadmins. Adigana waad salaaman tahay waana kugu sugi doonaa maqaaladayda soo socda.

    Ku jawaab feederico
  4.   federico dijo
    samee 7 sano

    Lizard: Waad ku mahadsan tahay qiimeyntaada runta ah oo aan had iyo jeer maskaxda ku hayn doono

    Ku jawaab feederico
  5.   farshaxan dijo
    samee 7 sano

    Sidee qaabku u ahaan lahaa haddii aan haysto laba shabakad oo isku xidha kiiska isku xidhka
    Mahadsanid iyo bogaadin maadada.

    Ku jawaab artus
  6.   federico dijo
    samee 7 sano

    Farshaxan: Waad ku mahadsan tahay faalladaada iyo hambalyeyntaada.
    Jawaabta su'aashaadu waxay mudan tahay maqaal gooni ah oo ku saabsan isticmaalka Aragtida - Views ku jira XIDHIIDHKA.

    Haddii ay dhacdo inaad haysato Aag loo xilsaaray oo aad adigu masuul ka tahay, oo aad rabto inaad yeelato hal BIND oo aad uga soo qayb gasho weydiimaha gudaha ee ka socda LAN-kaaga iyo weydiimaha dibedda ee internetka - iyada oo BIND-ga ay difaac ka tahay Dab-damis dabcan - waxaa lagugula talinayaa inaad isticmaasho Aragtiyo

    Aragtida, tusaale ahaan, waxay kuu oggolaaneysaa inaad soo bandhigto qaabeynta shabakaddaada SME iyo mid kale oo loogu talagalay internetka. Marka aynaan si toos ah u habaynin wax Muuqaal ah, BIND-ku wuxuu si maldahan u abuuraa hal mid oo muujinaya dhammaan kombiyuutarada la tashanaya.

    Sida isticmaalka Aragtida waxaan u arkaa inay tahay mowduuc horumarsan awooddo oo qor maqaal ku saabsan, ka hor ama ka dib qoraalkii ballanqaadka ahaa ee lagu dhawaaqay dhammaadkiisa.

    Hadda, haddii aad leedahay laba shebekadood oo shabakad ah oo ku wajahan Shabakadaada SME oo ay sameeyeen labo Shabakado gaar loo leeyahay- sabab kasta ha noqotee naqshadeynta, dheelitirka culeyska, tirada qalabka ama wixii kale, oo aad rabto inaad u soo bandhigto dhammaan aagaggaaga labada shabakadood, waad awoodi kartaa ku xallin bayaan:

    dhagayso {
    127.0.0.1;
    IP-Gaarka-Wajahadda1;
    IP-interface-Gaar loo leeyahay2;
    };

    Qaabkan, BIND-ga ayaa dhagaysta codsiyada labada waji.

    Haddii kombiyuutaradaada oo dhami ay kujiraan Shabakada gaarka loo leeyahay ee Class C 192.168.10.0/255.255.240.0 --kusaleyn ilaa 4094 martigaliyeyaal- sidoo kale waxaad adeegsan kartaa bayaanka:

    dhagayso {127.0.0.1; 192.168.10.0/20; };

    Adiguna waxaad hal aragti u wada haysaa dhammaan kombiyuutarada ku xiran LAN-gaaga Gaarka ah.

    Waxaan rajeynayaa in jawaabteyda gaaban ay ku caawin doonto. Salaan iyo guul.

    Ku jawaab feederico
    1.    farshaxan dijo
      samee 7 sano

      Waad ku mahadsantahay jawaabta goor dhow. Waad aragtaa waxaan dejinayaa Server Debian ah oo leh nooca 9 (Strech), wuxuu leeyahay DNS, dhcp iyo squid oo wakiil ah, miirayaasha maadooyinka waxaan u isticmaali doonaa e2guardian.

      Kumbuyuutarku wuxuu leeyahay laba shebekadood oo isku xira, kuwaas oo u oggolaanaya kombuyuutarrada LAN-ka inay u baxaan internetka.
      router: 192.168.1.1
      eth0: 192.168.1.55 (iyada oo loo marayo interface-kaan waxay aadi doontaa internetka)
      eth1:192.168.100.1 (LAN)

      Fikradda ayaa ah in kumbiyuutarradu ay ka aadi karaan internetka iyada oo loo marayo server-kan wakiil, kaas oo sidoo kale siin doona ips iyo dns kombiyuutarrada ku jira shabakadda gudaha.

      Xaaladdan oo kale, anigu uma baahni server-ka inuu ka qaybgalo codsiyada dns iyada oo loo marayo isku xidhka 'eth0 interface' (ma doonayo inaan u soo bandhigo aaggayga labada shabakadoodba, kaliya LAN-ga) markaa haddii aan ka saaro is-dhexgalka gaarka loo leeyahay-IP1, intaas miyey ku filnaan lahayd?

      Mar labaad mahadsanid iyo salaan.

      Ku jawaab artus
  7.   Edward Claus dijo
    samee 7 sano

    Maqaal aad ufiican saaxiib
    Waxaad xididka ku haysataa xididdada, xitaa haddii aad tidhaahdo oo aad u malaynayso si kale 🙂
    Felicidades

    Jawaab Eduardo Noel
  8.   federico dijo
    samee 7 sano

    Artus: Ka saar sheyga 192.168.1.55 ka dhagayso bayaanka oo tag. Ama ku dhawaaq uun dhageysiga-{127.0.0.1; 192.168.100.1; }; waana intaas. BIND-ga ayaa kaliya ka dhageysan doona is-dhexgalkaas.

    Ku jawaab feederico
    1.    farshaxan dijo
      samee 7 sano

      Mahadsanidin.

      Ku jawaab artus
  9.   federico dijo
    samee 7 sano

    Eduardo: Saaxiibkay, wali waxaan ka doorbidayaa dnsmasq shabakadaha "yar", waana inaan aragnaa sida ay "weyn" u noqon karaan 😉 In kasta oo aan garwaaqsaday in BIND + isc-dhcp-server uu yahay BIND + isc-dhcp-server. 😉

    Ku jawaab feederico
  10.   federico dijo
    samee 7 sano

    Eduardo: Waxaan ilaaway inaan kuu sheego in khabiirka BIND uu yahay adiga, Master.

    Ku jawaab feederico
  11.   ka fogaansho dijo
    samee 7 sano

    Sannado adeegsanaya BIND oo aan ku sii baranayo qoraalladiinna, aad baad ugu mahadsan tihiin Federico, iyadoo taxanahan casharradu ay sysadmin shaqada ka eryeen. Waan soo noqday oo waan ku celinayaa, fikirka ah in aqoontaan oo dhan lagu soo koobo qaab rasmi ah oo la qaadan karo ma xuma haba yaraatee, madax isaga sii in wax aad u fiican ay soo bixi karaan Salaan.

    Ku jawaab dhunter
  12.   federico dijo
    samee 7 sano

    Saaxiibka qashinka: Faallooyinkaaga had iyo jeer si wanaagsan ayaa loo aqbalaa. In wax walba la isku koobo waa wax adag oo aan macquul ahayn, maxaa yeelay mawduuc cusub ayaa had iyo jeer soo baxa. Cutub ahaan, way tagtaa waana suurtagal. Maqaalka qaar waa in dib loo qoraa si loo helo isku xirnaanta qaabeynta. Waxba kuma balan qaadayo, laakiin waan arki doonaa.

    Ku jawaab feederico
  13.   Ismaaciil Alvarez Wong dijo
    samee 7 sano

    hello federico, waa kuwan faallooyinkaygu:
    1) Ahmiyada aad siineyso «... aqri kahor intaanad habeynin BIND-ga iyo xitaa KA HOR inta aanad ka baarin internetka qormooyinka la xiriira BIND iyo DNS ...» iyaga oo ka raadinayna kumbuyuutarkeena iyo waxaas oo dhan «... adigoon guriga ka bixin ...» inaad isticmaasho ereyo u gaar ah.
    2) Qoraalkan waxaan ku aragnaa aragti dheeraad ah oo ku saabsan DNS-ka oo dhammaystira kan lagu siiyay labadii qoraal ee hore oo had iyo jeer la mahadiyo; tusaale ahaan: DNSSEC (Nidaamka Kordhinta Nidaamka Nidaamka Badbaadada Magaca Magaca) iyo waxa loo adeegsado; iyo sidoo kale Mashruuca isku xidhka BIND oo ay ku jiraan Faylalkeeda qaabeynta qalafsan, Faylasha Aaga ee loogu talagalay Servers Root, iyo Aagagga horay iyo gadaal ee deegaanka ee Debian
    3) BADBAADO caarada ah inaadan curyaamin dib u soo noqoshada (adoo adeegsanaya xariijinta "recursion no;") ka dibna ku dar feylka qaabeynta /etc/bind/named.conf.local, faylasha aagga / iwm / bind / zones. rfc1918 iyo /etc/bind/zones.rfcFreeBSD si looga hortago wixii su'aalo ah ee la xiriira iyaga oo ka tagaya shabakada maxalliga ah ee ku jira serverka xididka ah.
    4) Si ka duwan qoraalkii hore ee ku saabsanaa CentOS 7, qoraalkan haddii loo yaqaan "TSIG Key" "dhcp-key" waxaa loo soo saaray cusbooneysiinta DNS ee DHCP si loogu oggolaado faylka /etc/bind/named.conf.local, ku dar "allow-update {key dhcp-key; }, » qaabeynta aagagga tooska ah iyo kuwa roga ee boggeena.
    5) Faahfaahinta weyn (oo la mid ah tii hore ee CentOS 7) ee wax kasta oo la xiriira hubinta hawlgalka DNS, DHCP iyo macaamiisha.
    6) WAAWEYN caarada isticmaalka "rakib" amarka (haddii sida loo qoray, macnaheedu maahan ikhtiyaarka isla magaca ah ee loogu isticmaalo amarrada kale), ma aanan ogeyn, waayo waa run "3 1" koobiyuhu way nuqul yihiin (cp), dejinta milkiileyaasha (la jarjaray) iyo rukhsadaha (chmod).
    . Ugu dambeyntiina, jawaabtaada aad ka bixisay Artus ee ku saabsan adeegsiga Aragtiyooyinka ee BIND waa mid aad u wanaagsan, mid LAN-ka ah (shabakad gaar loo leeyahay) iyo mid kale oo dhinaca Internetka ah si kaliya adeegyada bulshada loogala tashan karo. Waxaan rajeyneynaa goor dambe inaad heysato waqti aad ku diyaariso boosteejo maadaama ay tahay mawduuc aad uqurux badan oo loo adeegsado sysadmins badan.
    Ma jiraan wax Federico ah oo aan weli ugu sii faraxsanahay taxanaha 'PYMES' waxaanan rajaynayaa boostada soo socota "Microsoft Active Directory + BIND"

    Jawaab Ismael Alvarez Wong
  14.   federico dijo
    samee 7 sano

    Wong: Saaxiib iyo saaxiib, faallooyinkaagu waxay dhammaystiraan qoraalladayda waxayna muujinayaan inay yihiin kuwo la fahmi karo. Amarka "rakib" ayaa leh xulashooyin badan oo dheeri ah. Weydiin nin rakib. Waad ku mahadsan tahay kun faallooyinka !!!

    Ku jawaab feederico
  15.   isxaaq 88 dijo
    samee 7 sano

    Wali ma aqrin faallooyinka, waan sameyn doonaa kadib marka aan sheego shuruudaheyga.
    Waad qabatay wax badana waad kasbatay, waxaad na siisay iftiin laakiin ma ahan kan lagu arko "dhamaadka tuneelka" marka rajo la'aan dambe jirto sidaan caadiyan nidhaahno; maahan taasi wax aan micno lahayn, waxaad siisay iftiinka buuxa oo aad ku dhihi karto "Ugu dambeyntiina waxaan ogaanay inay tahay ciyaar wiil, oo leh fikrado badan iyo isku xirka astaamaha" sida aad ku sharaxday boostada.
    POST TRUNK oo ay la socdaan kuwii hore dhowr lamaane oo caan ah. Waxaad u hogaansantay balaadhinta fikradaha iyo aragtida taas oo marar badan inagaga dhigaysa culeyskeeda. Waxaan si faahfaahsan u akhriyay, si deggan oo aan macquul ahayn in aan faallo ka bixiyo oo aan dareemo BILAASH BILAASH ah oo ku aaddan dadaalkan iyo u-hureyntaas.
    Adiga oo aan ku sii dheeraanin, waxaan kuu rajeyneynaa dhammaantiin caafimaad iyo inaad sii wadataan wax ku biirinta; Waan ku mahadsan nahay waxaana laga yaabaa nasiib, dhaqaale, caafimaad (waxaan kuu rajeyneynaa labalaab) iyo jacayl ayaa ku wehelinaya (Sandra's so that more, hahaha).
    Waan ogahay in faallooyinka ay ka yara yaraanayaan waxa ku qoran boostada, waxay u socotaa shaqsiyeed maxaa yeelay waxaan nahay saaxiibo waxaanan la dhacsanahay soo gudbintaada naf-hurnimada ah. Qofna Cidna uma qabato waxa aad u sameyso kuwa naga mid ah ee doonaya inay waxbadan bartaan waxananna leenahay masuuliyada ah inaan maareyno shabakadaha SME garbahayaga, ma ahan hawl fudud.
    Sl2 qof walbo.

    Ku jawaab crespo88
  16.   federico dijo
    samee 7 sano

    crespo88: Aad baad ugu mahadsantahay qiimeyntaada ku saabsan tan iyo maqaallada kale ee la daabacay. Akhristayaasha qaar ayaa laga yaabaa inay u maleeyaan inaan siiyo intaan oo dhan, markay run ahayn. Had iyo jeer waxaan tixraacaa Barta Galitaanka, xitaa haddii tusaalayaashu si buuxda u shaqeynayaan. BIND waa Warshadaha Elektaroonigga ah iyo DHCP ma foga. Si aad u ogaatid iyaga ka sarreeya celceliska, waa inaad ku aflaxdaa shahaadada jaamacadeed ee Jaamacadda Helsinki, 😉

    Ku jawaab feederico
  17.   Sawirka meeleynta Miguel Guaramato dijo
    samee 7 sano

    Waxaan u arkaa mowduucan mid xiiso leh oo aad muhiim u ah. Waxaan xiiseynayaa daraasaddan oo ku saabsan waxa ku saabsan dhammaan maamulka shabakadaha Linux iyo gaar ahaan server-yada: dns, dhcp firfircoon oo xasiloon iyo shabakadaha dalwaddii, bin9, samba, server daabacaadda, ldap, kormeerka shabakadda ee codsiyada, rakibidda keydka macluumaadka ee barnaamijyada barnaamijyada iyo vlan, iwm. Taasi waa sababta ay muhiim u tahay talooyinkani waa kuwo aad u wanaagsan oo leh dhaqanno iyo tusaalooyin.

    Jawaab Miguel Guaramato
  18.   federico dijo
    samee 7 sano

    Hi miguel !!!
    Waad ku mahadsantahay faallaynta waxaanan rajaynayaa in taxanahan ay kaa caawin doonaan waxa aad xiisaynayso. Salaan.

    Ku jawaab feederico
  19.   Jorge dijo
    samee 7 sano

    Aad baad ugu mahadsantahay maqaalka Federico, wuxuu muujinayaa inaad wax ka taqaano debian. Habsiin

    Jawaab Jorge
  20.   federico dijo
    samee 7 sano

    Aad baad ugu mahadsantahay Jorge, faallooyinkaaga. Waxaan rajeynayaa in qoraaladaydu ay ku caawin doonaan.

    Ku jawaab feederico
  21.   Hoolka Pablo Raul Vargas dijo
    samee 7 sano

    Aad baad ugu mahadsantahay qoraalka oo sifiican loo diiwaan galiyay wuxuuna nagu boorinayaa inaan aqrino, aqrino oo aan markale aqrino Hadda qoraalka soo socda ee aad daabici doontid waxaan jeclaan lahaa inaad tixgeliso qodobbada isu-imaatin ee ay lahaan lahayd:
    Microsoft Directory Tusaha leh Samba4 oo ah Diiwaan Firfircoon

    Ka sokow, waxaan rabay inaan la tashado waxyaabaha soo socda:
    Sidee ayuu hirgelinta Bind + Isc-dhcp ugu jiri lahaa FW dmz halkaas oo kontoroolaha domainku ku dhexjiro dmz leh samba 4 AD

    Jawaab Hoolka Pablo Raul Vargas