Dnsmasq ee CentOS 7.3 - Shabakadaha SME

fico

Daqiiqado 20

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Saaxiibbo waad salaaman tihiin !. Waxaan u hibeynay qodobkaan DNSmasq barnaamij aad u fudud oo adeegyo bixiya DNS - DHCP adoo adeegsanaya hal softiweer. Dukumiintiyada ugu fiican ee ka jira barnaamijkan waa midka lagu rakibay xirmada lafteeda oo ku taal /usr/share/doc/dnsmaq-2.66/, faylka qaabeynta -full tusaalayaal- /etc/dnsmasq.conf, iyo midka amarka lagu helay nin dnsmasq. Sidoo kale waa caafimaad qab inaad booqato kanaga Bogga rasmiga ah.

[xididka @ dns ~] # ls -l /usr/share/doc/dnsmasq-2.66/
guud ahaan 136 -rw-r - r--. 1 xididka xididka 18007 Apr 17 2013 KOOBKA - rw-r - r--. 1 xididka xididka 59811 Nofeembar 11 13:20 CHANGELOG -rw-r - r--. 1 xididka xididka 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. 5009 xididka xididka 17 Apr 2013 1 doc.html -rw-r - r--. 25075 xididka xididka 17 Apr 2013 1 FAQ -rw-r - r--. 12019 xididka xididka 17 Apr 2013 XNUMX setup.html
  • Nidaamka lagu sharraxay boostada sidoo kale wuxuu ansax u yahay Debian 8 "Jessie". Faylka qaabeynta / iwm / dnsmasq waa isku mid. Jessie, waxaa laga yaabaa inaad u baahan tahay oo kaliya inaad rakibto xirmadaada dnsmasq iyo wax kale. Waxaan u qoraa maxaa yeelay waxaan u arkaa wax aan loo baahnayn in maqaal gooni ah loogu sameeyo Dnsmasq Debian. Nasiib wanaag, tusaha laxiriira dukumiintiyada iyo qaabeynta waa isku mid. 😉

Dnsmaq waa abuur Simon Kelley.

Waa maxay Dnsmasq?

Software Bilaash ah DNSmasq waa adeege DNS Weeraryahan y DHCP ee shabakadaha kombiyuutarka yar. Tusaalaha caadiga ah waa shabakadaha jira ee SME-yadayada. Waxay ubaahantahay qalab yar oo qalab ah howlaheeda waxaana lagu ordi karaa dhulal kala duwan sida Linux, BSD, Android iyo OS X. Waxay kujirtaa kudhowaad dhamaan keydadka Linux iyo BSD qeybinta.

Adeegga DHCP del DNSmasq waad u kireysan kartaa cinwaanada IP-ga firfircoonaan ahaan iyo xag ahaanba, shabakado badan oo kala duwan oo cinwaanno IP ah. Waxaa lagu dhex daray serverka DNS oo waxay u oggolaaneysaa mashiinnada maxalliga ah ee hela cinwaanka IP-ga inay u muuqdaan inay ku diiwaangashan yihiin DNS iyaga oo wata diiwaankooda saxda ah ee DNS, labadaba toos iyo gadaalba.

Qaabka asalka ah ee shaqada DNSmasq si aad u kaydiso diiwaanka DNS ee lagu helay su'aalaha la waydiinayo Hagayaasha, wuxuu yareeyaa culeyska kuwan wuxuuna hagaajiyaa waxqabadka guud ee xawaaraha jawaabta ee weydiimaha kala duwan ee DNS.

Waxay taageertaa heerarka casriga ah sida IPv6 y DNSSEC, Bilow - Boot ka badan shabakadda oo leh taageerada borotokoolka Kabaha, TFTPiyo PXE.

Nidaamka Linux, Dnsmasq waxaa si ballaaran loogu isticmaalaa server-yada loogu talagalay Mashiinnada aan lahayn Hard Disk iyo Macaamiisha Khafiifka ah. On Microsoft® Windows, oo leh softiweerka ARDENCE®, Una dhiganta -to Dnsmasq- waxaa loo isticmaalaa sidii server DHCP loo yaqaan Telluriyaan.

Sheeko noocee ah ayaan ku isticmaali karnaa Dnsmasq?

Hadaan fulino nin dnsmasq CentOS, waxaan ka heli doonnaa bogga loogu talagalay buug-gacmeedka oo ku qoran luqadda Ingiriisiga. Faylka ku jira dnsmasq.8.gz - Isbaanishka - kaas oo lagu rakibay qaybinta Debian 8 «Jessie», way ka muuqataa si sax ah ku xiga:

XUDUUDDA

  • Qiimaha caadiga ah ee xadadka kheyraadka guud ahaan waa muxaafid, waxayna ku habboon yihiin in loo isticmaalo qalabka nooca router-ka. ku dhagan processor-yada gaabiska ah iyo xusuusta yar. In qalab dheeraad ah  karti leh, waa suurtagal in la kordhiyo xadka, oo la taageero qaar kaloo badan macaamiisha. Kuwa soo socdaa waxay khuseeyaan dnsmasq-2.37: noocyadii hore ma sameeyaan sifiican bay u fuuleen.
  • Dnsmasq wuxuu awood u leeyahay inuu taageero DNS iyo DHCP ugu yaraan hal kun (1,000) macaamiisha. Waqtiyada ijaarku waa inaysan aad u gaabin (in ka yar hal waqtiga). Qiimaha –dns-forward-max waa la kordhin karaa: ka bilow u dhiganta tirada macaamiisha oo kordhi haddii haddii DNS. Ogsoonow in waxqabadka DNS sidoo kale ay kuxirantahay server-yada Kor u kaca DNS. Cabbirka xajmiga DNS waa la kordhin karaa: xadka Loo baahan yahay waa 10,000 magac oo kan caadiga ah (150) aad ayuu u hooseeyaa. U dirista SIGUSR1 dnsmasq waxay sameysaa macluumaad bitacore ah oo ah faa'iido u leh hagaajinta qiyaasta xajmiga. Faahfaahinta ka eeg qaybta XUSUUS.
  • Server-ka ku-meel-gaarka ah ee TFTP-gu wuxuu awood u leeyahay inuu taageero kala-wareejinta kala duwan faylal isku mar ah: xadka saxda ah wuxuu laxiriira yahay tirada feylasha-gacan qabashada loo oggol yahay howsha iyo awooda sys‐tem call xulo () si ay u taageeraan tirooyin fara badan oo faylalka gacanta ku haya. Haddii xadka si aad ah loo dejiyo –tftp-max waa la dejinayaa oo xadka dhabta ah ayaa lagu qorayaa bilowga. Xusuusnow in wareejin intaa ka badan waa suurtagal marka isla feylka la diro maxaa trans-trans kastaferencia waxay dirtaa fayl kale. Waa suurtagal in la isticmaalo dnsmasq si loogu diido xayeysiinta Webka iyadoo la adeegsanayo liiska server caan ah oo caan ah, dhammaantoodna waxay ku xallinayaan 127.0.0.1 ama 0.0.0.0 gudaha / iwm / marti-geliyeyaasha ama faylka marti-geliyeyaasha dheeriga ah. Liistadu way awoodaa aad u dheeree Dnsmasq waxaa si tijaabo ah loogu tijaabiyey hal milyan oo magac. Cabirka faylkaasi wuxuu u baahan yahay 1GHz processor iyo qiyaas ahaan60MB RAM.

Ma aanan qorin ama ma saxin tuducyada kor ku xusan gabi ahaanba. Waxay ka muuqdaan sida ay ku soo galaan lab oo Isbaanish ah DNSmasq 2.72 laga bilaabo keydka Debian 8.6. Iyaga iyo dhaqanka isticmaalka softiweerkan, waxaan ku qiyaasi karnaa inay naadir tahay - ma ahan wax aan macquul aheyn - in laga helo muuqaal shabakadeena SME oo ka badan qadarka 1000 macmiil ama kombuyuutarro ku xiran LAN-ka.

  • Dnsmasq wuxuu awood u leeyahay inuu taageero DNS iyo DHCP ugu yaraan hal kun (1,000) macaamiisha.

Tixgelinta tixgelinta

Had iyo jeer way i garaacday taas barnaamijka abaalmarinta ku guuleystay Shirkadda ClearOS 5.2 SP1 waxay isticmaali doontaa Dnsmasq -waxay ku xiran tahay iyada NTP- sida Server kaabayaasha qaab ahaan, iyo inaad u sii wadato adeegsiga sida ugu yaraan illaa noocyada 7.xxx- in sii deynta waxaad bixinaysaa inaad rakibto Directory Firfircoon® oo ku saleysan Samba 4. Aad noogu xun, Software jecel Free, in shirkadda ClearFoundationwaxay joojin doontaa bixinta software-ka tayadaas oo noocyo ah wixii ka dambeeya 5.xxx iyada oo loo daneynayo faa'iido lacageed oo wanaagsan. Waxaan u maleynayaa inay faa'iido u tahay shirkadda lafteeda.

In kastoo aan ahay a taageere Debian -mana doonayo inaan ku sameeyo dacaayad dookhayga shaqsi ahaaneed gabi ahaanba- Marwalba waan jeclahay Shirkadda Red Hat®, Inc. kaasoo qaabkiisa ganacsi uu u dhigay inuu yahay hoggaamiyaha aan muran ka taagnayn ee Software-ka Bilaashka ah. Intaa waxaa sii dheer, waa kafaala-qaadaha CentOS clone binary - 100% softiweer bilaash ah - oo ah nidaamka hawlgalka xiddigtiisa Red Hat® Enterprise Linux - RHEL. Wixii wax la yiraahdo CentOS waa RHEL bilaa taageero ah ????

  • Waxaan ordayaa a Samba Clasic NT 4.0 Style Primary Domain maamusha ku saleysan Shirkadda ClearOS 5.2 SP1 in ka badan 4 sano shabakada shirkad macaamiisha la ah Windows XP, 7, 8, Windows Server 2003 iyo Windows server 2012. Maxaa jira si loo saxo dhowr qiime oo diiwaangelin ah macmiil kasta oo Windows ah oo leh nooc ka sarreeya XP? Waa run. Maxaa sida ugu fiican u shaqeeya Sidoo kale waa run. In tirada kooxaha aysan gaarin 100? Sidoo kale waa run.

Caqliga guud

  • In kasta oo aniga ah «Caqliga Guud waa midka ugu yar ee dareenka», marka hore naftaada dhig Baahiyahaaga oo dhan ka dibna ku xulo muuqaalka farshaxanka sida ku habboon waxaad u baahan tahay inaad muujiso oo aad ku xalliso sida ku xusan Qormadaada.
  • Ha u adeegsan gantaal qaaradaha si aad u disho kaneeco. Ha ku mashquulin nolosha si aan loo baahnayn: ka bilow xalka ugu fudud. Haddii aadan taas ku xallin, kor u qaad kakanaanta hal dhibic, iyo wixii la mid ah.

Aynu rakibno CentOS 7 iyo Dnsmasq

Ku rakibida nidaamka aasaasiga ah waxaa hagaya qodobka CentOS 7 Hypervisor I xulashada xirmooyinka waxaan calaamadeynaa kaliya xulashada «Server Kaabayaasha«. Xuduudaha guud ee aan u adeegsan doono diyaarinta qodobkaan waa kuwan soo socda:

FQDN magaca mashiinka farsamada: dns.desdelinux. taageere
Cinwaanka IP: 10.10.10.5

CentOS 7 waxay rakibtaa dnsmasq-ka caadiga ah

Haa Akhristayaasha Sharafta leh, CentOS 7 xirmada DNSmasq waxaa lagu rakibay inta lagu guda jiro rakibaadda Server kaabayaasha iyo Waxaan maleynayaa marka loo eego xulashooyinka kale sidoo kale.

[xididka @ dns ~] # yum info dnsmasq
Fidiyeyaal la soo raray: fastestmirror, langpacks Rarista xawaaraha muraayadaha laga keenay faylka xafidan ee keydka la geliyay Baakadaha la rakibay Magaca: dnsmasq Architecture: x86_64 Nooca: 2.66 Siidaynta: 21.el7 Cabbirka: 464 k
Keydinta: rakibay
Laga soo bilaabo keydka: centos-base Soo koobid: DHCP khafiif ah / caching DNS server-ka URL: http://www.thekelleys.org.uk/dnsmasq/ Shatiga: GPLv2 Sharaxaadda: Dnsmasq waa qafiif, waa sahlan tahay in la habeeyo gudbiyaha DNS iyo DHCP: server. Waxaa loogu talagalay inay bixiso DNS iyo, ikhtiyaari ahaan, DHCP, oo ah: shabakad yar. Waxay u adeegi kartaa magacyada mashiinnada maxalliga ah kuwaas oo: aan ku jirin DNS-ka adduunka. Server-ka DHCP wuxuu la midoobayaa DNS-ka: server-ka wuxuuna u oggolaanayaa mashiinnada cinwaannada loo qoondeeyay DHCP inay ka muuqdaan: DNS-ka oo wata magacyo loo qaabeeyey martigeliye kasta ama faylka qaabeynta qaab-dhismeedka dhexe. Dnsmasq waxay taageertaa mid taagan oo firfircoon: heshiiska kirada DHCP iyo BOOTP ee shabakada booting ee mashiinada aan diskiga laheyn

Nooca ah DNSmasq rakibay waa 2.66, waxayna u dhigantaa nooca 'CentOS':

[xididka @ dns ~] # bisad / proc / version
Nooca Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (nooca gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)) # 1 SMP Arbaco Jan 18 13:06:36 UTC 2017

Aynu karno oo aan qaabeyno dnsmasq

[xididka @ dns ~] # nano / iwm / martigeliyayaal
127.0.0.1 localhost localhost.cocaldomain localhost4 localhost4.localdomain4 :: 1 localhost maxhost.localdomain localhost6 localhost6.localdomain6
10.10.10.5 dns.desdelinuxtaageere DNS

[xididka @ dns ~] # magaca martida
dns
[xididka @ dns ~] # magaca martida -f
DNS.desdelinux. taageere


[xididka @ dns ~] # systemctl awood dnsmasq
[xididka @ dns ~] # systemctl bilaw dnsmasq
[xididka @ dns ~] # systemctl status dnsmasq
Ns dnsmasq.service - server keydinta DNS. Loaded: la raray (/usr/lib/systemd/system/dnsmasq.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) ilaa Sab 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Started DNS caching server .. Feb 18 11:47:19 dns systemd [1]: Starting DNS caching server .... Feb 18 11:47:19 dns dnsmasq [1179]: bilaabay, nooca 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179] ]: ururi fursadaha waqtiga: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: iska indha tirida magaca 127.0.0.1 - maxaliga ah ee ... ce Feb 18 11:47:19 dns dnsmasq [1179]: aqriso / iwm / martigaliyayaasha - 3 cinwaan Tilmaam: Khadadka qaar ayaa la jeexjeexay, isticmaal -l si buuxda loo muujiyo.

Ha iloobin tallaabada xigta:

[xididka @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Cinwaanada IP-ga oo go'an

Dnsmasq, cinwaanada server-yada ama kombiyuutarada u baahan IP -bab IPv4 iyo IPv6- ah ayaa lagu cadeeyay feylka / iwm:

[xididka @ dns ~] # nano / iwm / martigeliyayaal
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Servers 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 fileserver.desdelinux.fayeeriyaha 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.fan blog 10.10.10.8 ftpserver.desdelinuxtaageere ftpserver 10.10.10.9 boostada.desdelinux.fanaan mail

Aynu abuurno faylka /etc/dnsmasq.conf

[xididka @ dns ~] # nano /etc/dnsmasq.conf
---------------------------------- ------------------ # GUUD --- --------------------------------- Domain-loo baahan yahay # Ha gudbin magacyo la'aanteed part bogus-priv # Ha ku gudbin ciwaanada meelaha aan dawliga ahayn ee balaadhinta-hosts-ka KA DIGTOONOW Interface-ka # marka laga reebo-interface=eth0 # Ha dhageysan nidaamkan adag ee NIC qaabeynta faylasha dheeraadka ah ee hagaha # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Laxidhiidha Magaca Domain domain=desdelinux.fan # Domain name # Time Server waa 10.10.10.1 ciwaanka=/time.windows.com/10.10.10.1 Looga baahan yahay # Windows 7 iyo macaamiishu inay si habboon u dhaqmaan. ;-) dhcp-option=252,"\n" # Faylka aan ku shaacin doono HOSTS-yada la "mamnuucay" addn-hosts=/etc/banner_add_hosts # -------------- -------- --- # DIIWAAN SCNAMEMXTXT # --------------------------------------- --- ------------------- # Diiwaangelinta noocan ahi waxay u baahan tahay gelid # ku jira faylka /etc/hosts # ex: 10.10.0.7 blog.desdelinux.fan blog # cname=ALIAS,REAL_NAME cname=www.desdelinux.fan,bloog.desdelinux.fan # MX DIIWAANKA # Soo celisa rikoorka MX oo wata magaca "desdelinux.fan" loogu talagalay # kooxda boostada.desdelinux.fan iyo mudnaanta 10 mx-host=desdelinux.fan,mail.desdelinux.fan,10 # Meesha ugu habboon ee diiwaannada MX la sameeyay # iyadoo la adeegsanayo xulashada localmx waxay noqon doontaa: mx-target=mail.desdelinuxtaageere # Wuxuu soo celiyaa rikoorka MX ee tilmaamaya mx-target ee DHAMMAAN mashiinnada maxalliga ah ee # localmx # TXT. Waxaan sidoo kale ku dhawaaqi karnaa diiwaanka SPF txt-record=desdelinux.fan,"v=spf1 a -all" txt-record=desdelinux.fanaan,"DesdeLinux, Blog-gaagu wuxuu u heellan yahay Software-ka Bilaashka ah" # --------------------------------------------------- ---------------- -------------------------------------------------- # RANGEANDYOUROPTIONS # --- --- ------ ----------- # IPv4 kala duwan iyo wakhtiga kirada # 1 ilaa 29 waxaa loogu talagalay Servers iyo baahiyaha kale dhcp-range=10.10.10.30,10.10.10.250,8h

dhcp-lease-max = 222 # Tirada ugu badan ee cinwaanada la kiraysto
                        # asal ahaan waa 150
# IPV6 Range # dhcp-range=1234::, ra-kaliya # Ikhtiyaarada RANGE # OPTIONS dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER ,cp-WAY ption6,10.10.10.5. 15 # DNS Servers dhcp-option=XNUMX,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # option ip-forwarding ON dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-opption #=40,DCH NIS Domain Name # dhcp-option=41,10.10.10.5 # NIS Server # EXTERNAL SAMBA4 GUULEYSTA SERVER # # dhcp-option=44,10.10.10.5 # GUULEYSTA # dhcp-option=45,10.10.10.5 SAMBA4 EXTERNAL # # dhcp-option=46,8 # NetBIOS Node # dhcp-option=73,10.10.10.3 ----- --- # ------------------------------------------------- ------------------ # LOGGINGAL /var/log/farimaha # ------------------- - -------- su'aalaha

# DHAMMAAD faylka /etc/dnsmasq.conf
# ------------------------------------------------- ------------------

Aynu hubino qoraalka oo aan dib u bilowno adeegga

[xididka @ dns ~] # dnsmasq --test
dnsmasq: syntax hubi OK.
[xididka @ dns ~] # systemctl dib u bilaw dnsmasq
[xididka @ dns ~] # systemctl status dnsmasq
Ns dnsmasq.service - server keydinta DNS. Loaded: la raray (/usr/lib/systemd/system/dnsmasq.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) ilaa Sab 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12 48:05:1 dns systemd [18]: Started DNS caching server .. Feb 12 48:05:1 dns systemd [18]: Starting DNS caching server .... Feb 12 48:05:1288 dns dnsmasq [2.66]: malitere, nooca 150 cachesize 18 Feb 12 48:05:1288 dns dnsmasq [6] ]: ururi fursadaha waqtiga: IPv18 GNU-getopt DB ... th Feb 12 48:05:1288 dns dnsmasq-dhcp [10.10.10.30]: DHCP, IP range 10.10 - 18 .... h Feb 12 48:05: 1288 dns dnsmasq [18]: reading /etc/resolv.conf Feb 12 48:05:1288 dns dnsmasq [127.0.0.1]: iska indha tirida magac bixiyaha 18 - local in ... ce Feb 12 48:05:1288 dns dnsmasq [11] ]: akhri / iwm / martigeliyaha - XNUMX cinwaan
Feb 18 12:48:05 dns dnsmasq [1288]: waxay ku guuldareysatay inay magacyada ka soo rarto /etc/banner_ad...ry
Tilmaamaha: Khadadka qaarkood ayaa la qalajiyey, isticmaal -l si ay u muujiyaan si buuxda.

Ogsoonow in wax soo saarkii hore ee systemctl status dnsmasq soo celiyaa qaladka:

Feb 18 12:48:05 dns dnsmasq [1288]: waxay ku guuldareysatay inay magacyada ka soo rarto /etc/banner_ad...ry

ka cabanaya inaadan heli karin faylka / iwm / banner_add_hosts.

[xididka @ dns ~] # taabasho / iwm / banner_add_hosts
[xididka @ dns ~] # systemctl dib u bilaabi dnsmasq.service 
[xididka @ dns ~] # systemctl dib u bilaabi dnsmasq.service 
[xididka @ dns ~] # systemctl status dnsmasq.service 
Ns dnsmasq.service - server keydinta DNS. Loaded: la raray (/usr/lib/systemd/system/dnsmasq.service; karti leh; iibiyaha horena uleeyahay: naafo ah) Firfircoon: firfircoon (socda) ilaa Sabt 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Started DNS caching server .. Feb 18 12:54:26 dns systemd [1]: Starting DNS caching server .... Feb 18 12:54:26 dns dnsmasq [1394]: malitere, nooca 2.66 cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: soo ururi fursadaha waqtiga: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: iska indha tirida magac bixiyaha 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: akhriska / iwm / martida loo yahay - 11 cinwaan Feb 18 12:54:26 dns dnsmasq [1394]: akhri / iwm / banner_add_hosts - Cinwaanada 0 Tilmaam: Khadadka qaar ayaa la jeexjeexay, isticmaal -l si buuxda loo muujiyo.

Oo waxaan horeyba u haysannay adeegyada DNS iyo DHCP oo socda.

Muhiim ah

  • Haddii aan wax ka baddalno faylka /etc/dnsmasq.conf, waa inaan dib u bilownaa adeegga si isbeddeladu u dhaqan galaan.
  • Haddii aan wax ka beddelno faylka / iwm / martigeliyaha si loo tirtiro, wax looga beddelo ama loogu daro IP-ga go'an oo leh magaceeda martigelinta u dhiganta, waa inaan dib u bilownaa adeegga si isbeddeladu u dhaqan galaan..
  • systemctl reload dnsmasq.service looma isticmaali karo adeegan.

Waxaan ka furaynaa dekedaha loo baahan yahay Firewall

Maqaalka saaxiibkey iyo saaxiibkey Luigys Toro -aka lizard- "Sida loo furo dekedaha Centos 7 Firewall»Nidaamka ay tahay inaan raacno si loo furo dekedaha Firewall-ka ee ay CentOS ku rakibto si aan caadi ahayn ayaa si wanaagsan loo sharaxay. Weli ma aqaano sida loo adeegsado xeerarka macnaha guud ee 'Selinux' adeegga dnsmasq ee CentOS. Haddii ay jirto cid garaneysa isaga, fadlan noo iftiimi.

Faylasha / etc / protocols y / iwm Iyagu waa tilmaan aad u wanaagsan oo lagu ogaanayo dekedaha aan u baahan nahay inaan u furno adeegyada DNS iyo DHCP ee ay bixiso Dnsmasq si ay si fiican ugu shaqeeyaan.

[xidid @ dns ~] # firewall-cmd - aag-firfircoon-aagag
isdhexgalka dadweynaha: eth0

Adeeg domain o Server Name Server (dns). Hab maamuuska dadban «IP leh sirta»

[xididka @ dns ~] # firewall-cmd --zone = dadweynaha --add-port = 53 / tcp - joogto ah
guul

[xididka @ dns ~] # firewall-cmd --zone = dadweynaha --add-port = 53 / udp - joogto ah
guul

Adeeg kabaha o Server BOOTP (dhcp). Hab maamuuska ippc «Qalabka Internetka ee Pluribus Packet»

[xididka @ dns ~] # firewall-cmd --zone = dadweynaha --add-port = 67 / tcp - joogto ah
guul

[xididka @ dns ~] # firewall-cmd --zone = dadweynaha --add-port = 67 / udp - joogto ah
guul

[xididka @ dns ~] # firewall-cmd --reload
guul

[xididka @ dns ~] # firewall-cmd - liiska-dhan
dadweynaha (firfircoon) bartilmaameedka: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 53 / udp 67 / tcp 53 / tcp 67 / udp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: xeerar hodan ah:

Muhiim ah

  • Haddii aan bixin doonno adeegyada kireysiga cinwaanka IPv6, waa inaan sidoo kale furno dekedaha dhcpv6-server 547 / tcp iyo dhcpv6-server 547 / udp.

Hubinta

Aynu ka hubinno dhowr su'aalood oo DNS ah sida ay u shaqeyneyso noocayaga cusub ee cusub ee lagu rakibay 'Dnsmasq'. Tan awgeed waxaan ku xulannaa kooxda caanka ah sysadmin.desdelinux. taageere, iyo kombiyuutarkaas, oo ku xiran LAN, waxaan fulin doonnaa dhowr su'aalood, laakiin maahan kahor intaadan hubin in feylku si habboon loo qaabeeyey /etc/resolv.conf:

buzz @ sysadmin: ~ $ bisad /etc/resolv.conf 
# Waxaa keenay raadinta NetworkManager desdelinux.magacaye taageere 10.10.10.5

Dejinta faylka /etc/resolv.conf waa sax. Aynu bilowno la-tashiga

buzz @ sysadmin: ~ $ host dns
DNS.desdelinuxtaageere waxa uu leeyahay ciwaanka 10.10.10.5 Martigeliyaha dns.desdelinuxtaageere lama helin: 5(DIIDEY) dns.desdelinuxBoostada fanka waxaa lagu maamulaa 1 mail.desdelinux. taageere.

Iyada oo la raacayo qaabeynta, waxaan iska tuuri karnaa wax soo saarka amarka ciidankii ikhtiyaar la'aan markay tahay Dnsmasq, markay laabanayso khadadka sida soo socota:

Martigeliyaha DNSdesdelinuxtaageere lama helin: 5 (DIIDEY)

Haddii aynaan doonayn wax soo saar noocaas ah, waa inaan isticmaalnaa amarka ciidankii leh xulashooyin -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Eeg nin martigeliye wixii macluumaad dheeraad ah:

buzz@sysadmin: ~$ martigeliyaha -t Ku socota dns.desdelinux. taageere
DNS.desdelinux.fanku wuxuu leeyahay ciwaanka 10.10.10.5

[xididka @ dns ~] # martigeliyaha -t Ilaa dns
DNS.desdelinux.fanku wuxuu leeyahay ciwaanka 10.10.10.5

buzz @ sysadmin: ~ $ qod dns

buzz @ sysadmin: ~ $ host 10.10.10.5
5.10.10.10.in-addr.arpa tilmaame magac domain dns.desdelinux. taageere.

Dnsmasq looguma talagalin qorshaha Master-Slave

buzz@sysadmin:~$ martigeliyaha -t AXFR desdelinux. taageere
"isku day"desdelinux.fan" Martigaliyaha desdelinux.mareexaan lama helin: 5(DIIDEY); Wareejintii waa fashilantay

Sidoo kale looguma talagalin inay soo celiso diiwaanka NS iyo SOA

buzz@sysadmin:~$ martigeliyaha -t NS desdelinux. taageere
martigeliyaha desdelinuxtaageere lama helin: 5 (DIIDEY)

buzz@sysadmin:~$ martigeliyaha -t SOA desdelinux. taageere
martigeliyaha desdelinuxtaageere lama helin: 5 (DIIDEY)

buzz@sysadmin:~$ qod SOA desdelinux. taageere
buzz@sysadmin:~$ qod NS desdelinux. taageere

Haddii ay taageerto diiwaanada MX, CNAME, iyo TXT

buzz @ sysadmin: ~ $ host -t To www
www.desdelinuxfanku waa magac loo yaqaan blog.desdelinux. taageere. Blog.desdelinux.fanku wuxuu leeyahay ciwaanka 10.10.10.7
buzz@sysadmin:~$ martigeliyaha -t MX desdelinux. taageere
desdelinuxBoostada fanka waxaa lagu maamulaa 10 mail.desdelinux. taageere.

buzz @ sysadmin: ~ $ host -t CNAME www
www.desdelinuxfanku waa magac loo yaqaan blog.desdelinux. taageere.

buzz@sysadmin:~$ martigeliyaha -t To blog.desdelinux. taageere
blog.desdelinux.fanku wuxuu leeyahay ciwaanka 10.10.10.7

buzz@sysadmin:~$ martigeliyaha -t TXT desdelinux. taageere
desdelinux.qoraal qeexan taageere"DesdeLinux, Blog kaaga u heellan Software-ka Bilaashka ah"
desdelinux.faan qoraal sifayn "v=spf1 a -all"

PTR waxay diiwaan gelisaa weydiimaha

buzz @ sysadmin: ~ $ host -t PTR 10.10.10.7
7.10.10.10.in-addr.arpa barta barta tilmaame.desdelinux. taageere.

buzz @ sysadmin: ~ $ host 10.10.10.7
7.10.10.10.in-addr.arpa barta barta tilmaame.desdelinux. taageere.

Macaamiisha Microsoft® Windows

Aad u caafimaad badan waa in lagu ordo qalabka kombiyuutarka DNS.desdelinux. taageere amarka joornaall-f KAhor intaadan daarin mashiin ku shaqeynaya Microsoft® Windows operating system, si aad u aragto tirada badan ee weydiimaha DNS ee ay u sameyso goobo kala duwan. Runtii waa madadaalo badan. 😉

Haddii aan dooneyno inaan ka hortagno weydiimaha la xiriira qaar ka mid ah bogaggan u safrida aaladda 'Roots server' - Adeegyada xididka ama dhanka Hagayaasha waxaan ku caddeynaynaa faylka /etc/resolv.conf, si fiican ayaan uga faa'iideysan karnaa feylka / iwm / banner_add_host, iyadoo laga buuxiyo bogag badan oo aan u baahanahay inaan ku dhawaaqno. Tusaale:

[xididka @ dns ~] # nano / iwm / banner_add_hosts
127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com

[xididka @ dns ~] # dnsmasq --test
dnsmasq: syntax hubi OK.

[xididka @ dns ~] # systemctl dib u bilaabi dnsmasq.service 
[xididka @ dns ~] # systemctl status dnsmasq.service

[xididka @ dns ~] # martigeliyaha -t Ku socota spynet4.microsoft.com
spynet4.microsoft.com wuxuu leeyahay cinwaan 127.0.0.1

[xididka @ dns ~] # martigeliyaha -t Si www.download.windowsupdate.com
www.download.windowsupdate.com wuxuu leeyahay cinwaan 127.0.0.1
  • Qaabka faylka / iwm / banner_add_hosts wuxuu la mid yahay faylka / iwm / martida loo yahay. Xusuusnow in liiska cinwaanada "mamnuuca" ay noqon karaan illaa inta aan u baahanahay, sida ku cad waxa lagu sheegay qaybta XUDUUDDA ee maqaalkan.

Si aad uga hubiso macmiilka toddobo.desdelinux. taageere kaas oo siiyay cinwaanka IP:

buzz @ sysadmin: ~ $ host -t A toddobo
toddobo.desdelinux.fanaanku cinwaan buu leeyahay 10.10.10.115

waxaan ku fulinaa amarka macmiilka Windows laftiisa cmd:

Microsoft Windows [Nooca 6.1.7601]
Xuquuqda daabacaadda (c) 2009 Shirkadda Microsoft. Xuquuqda daabacaadu way xifdisan.

C: \ Users \ buzz> nslookup
Adeegaha caadiga ah: DNS.desdelinux.Cinwaanka taageeraha: 10.10.10.5> DNS Server: dns.desdelinuxCinwaanka taageeraha: 10.10.10.5 Magaca: dns.desdelinux.Cinwaanka taageeraha: 10.10.10.5> ftpserver Server: dns.desdelinux.cinwaanka taageeraha: 10.10.10.5 Magaca: ftpserver.desdelinux.cinwaanka taageeraha: 10.10.10.8 > www Server: dns.desdelinux.cinwaanka taageeraha: 10.10.10.5 Magaca: blog.desdelinux.Cinwaanka taageeraha: 10.10.10.7 Magacyada: www.desdelinux.fan> mail Server: dns.desdelinux.cinwaanka taageeraha: 10.10.10.5 Magaca: boostada.desdelinux.Cinwaanka taageeraha: 10.10.10.9> sysadmin Server: dns.desdelinux.cinwaanka taageeraha: 10.10.10.5 Magaca: sysadmin.desdelinux.cinwaanka taageeraha: 10.10.10.1 > www.download.windowsupdate.com Server: dns.desdelinuxCinwaanka taageeraha: 10.10.10.5 Magaca: www.download.windowsupdate.com Cinwaanka: 127.0.0.1

Resumen

Ilaa hadda waxaan aragnay astaamo dhowr ah oo muhiim ah Dnsmasq. Waxaan soo jeedinayaa Akhriso oo daraasad feylasha ku xusan cutubka koowaad ee qodobkan, haddii aad rabto inaad waxbadan ka ogaato barnaamijkan aadka u wanaagsan-iyo kan layaabka leh. Adeegsigeeda waxaan si weyn ugu fududeyn karnaa nolosheena.

Qiyaastii 2014 waxaan aqriyay maqaalka «Sida loo Sameeyo: Samba4 AD PDC + Windows XP, Vista iyo 7«. Abuuraha maqaalku wuxuu ku dhawaaqayaa isagoon wax damqin: «Waan necbahay xidhashada, markaa waa dnsmasq gurmadka»(Sic) oo macnaheedu yahay in kabadan ama kayar«Waan necbahay BIND, marka Dnsmasq ayaa u soo gurmada«. Diiwaanka, weedhaas aniga ma dhahay.

By the way, waxaan ka faalloonayaa in maqaalkaas qoruhu uusan cadeynin asalka qaar ka mid ah diiwanada DNS iyo guud ahaan marka la eego ma ahan hage wanaagsan in la hirgeliyo Tusaha Firfircoon® oo ku saleysan Samba 4. Haddii aad door bideyso xiisaha aad u leedahay Dnsmasq .

Ma necbahay BIND gabi ahaanba. Waxaa muujiyey maqaalkeyga afar -4- ee hore:

Sidii aan u qoray munaasabadihii hore, marna weligood Waxaan kula talin, laakiin waxaan soo jeedinayaa. Xaalada Dnsmasq haa Waxaan kula talin isticmaalkeeda SME Networks.

Gaarsiinta xigta

Qaybta xigta -waxaan qabaa inaan u malaynayo- Waxaan u hibeyn doonaa isku-darka Dnsmasq iyo Microsoft® Active Directory®. Waxay noqon doontaa bar wanaagsan oo laga soo galo maqaal -aad u- hadhow taasi waxay wax ka qaban doontaa sida loo sameeyo AD-DC oo leh Samba 4 iyo Dnsmasq.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   John Hernandez dijo
    samee 7 sano

    Subax wanaagsan duurjoog !!! Waxaan xaqiijinayaa wax kasta oo aad dhahdo runtiina hawlgalka shabakadaas ilaa maanta ma keenayso sabab cabasho. Anigu mar dambe ma ahi sysadmin shabakaddaas, maxaa yeelay waad ogtahay dhibaatooyinkii i soo maray ... laakiin intii aan mas'uulka ka ahaa shabakaddaas iyo illaa iyo hadda aan la xiriirayo kan ka horreeya, ma jirto sabab aan uga cawdo. Waaya-aragnimadayda ugu wanaagsan ee ClearOS iyo DNSmasq.

    Ku jawaab Joan Hernandez
  2.   federico dijo
    samee 7 sano

    Saaxiib Joan, Waad ku mahadsan tahay ka caawintaada inaad xaqiijiso waxa aan ka qoray shirkadda ee ClearOS.

    Ku jawaab feederico
  3.   ka fogaansho dijo
    samee 7 sano

    Waxa aan ugu jeclahay dnsmasq waa sida ay isu noqon karto, hal feyl oo aad ku jaangoyso DNS iyo DHCP. Marka laga hadlayo waxqabadka wax cabasho ah kama qabo, in yar ka hor waxaan damiyay Server 2003R2 ah oo u shaqeynayay sidii DC, dhowr macmiil Linux ah oo ka socda degmooyin fog fog ayaa "la sudhay" maaddaama aanan haysan waddo aan wax kaga beddelo dookhooda DNS, wixii aan sameeyay ayaa kor u qaad Jessie oo leh IP dnsmasq IP-ga ah oo keydinaya DNS-ka cusub, dhammaantood ok.
    Maqaal aad u wanaagsan Fico, salaan kadib.

    Ku jawaab dhunter
    1.    federico dijo
      samee 7 sano

      Sideed u aragtaa xadka muxaafidka ah ee u adeegaya ilaa 1000 kombuyuutar? Waxaan haystaa suurtagalnimada inaan ku xaqiijiyo xogta saaxiibkey oo u heellan inuu ku bixiyo adeegyo degel ah «Qafaal» websaydhka WiFi, dhawaana waxaan siiyay adeegga - oo leh BIND + Isc-dhcp- in ka badan 1000 mobiles oo ku yaal Tiyaatarka Karl Marx. Wuxuu ii shaqaaleeyay inaan isaga ka dhigo adeege leh adeegsiga ugu yar ee suurtogalka ah, shaqadaas.

      Ku jawaab feederico
      1.    ka fogaansho dijo
        samee 7 sano

        Waa inay cadaataa in waxa loogu yeero "xadka" la cabiray dhawr sano ka hor iyo qalab aad uga hooseeya heerka hadda, dnsmasq iyo macaamiisha labaduba wax badan ayey isbadaleen, aad ayaan ugu kalsoonahay inay u adkeysan doonto culeyska kuwaan isticmaalayaasha. Had iyo jeer diiwaangeli oo xayiro kunka iyo hal weydiimaha ah ee Android ka dhigeyso isku dayga taleefanka guriga, hehe. Farxad

        Ku jawaab dhunter
  4.   federico dijo
    samee 7 sano

    Waxaan u qaadan doonaa taladaada si dhab ah, qashin. Mar labaad mahadsanid

    Ku jawaab feederico
  5.   IWO dijo
    samee 7 sano

    Sidii ay caan ku noqotay silsiladan taxane ah ee loo yaqaan "SMEs", qoraalkan ku saabsan "DNSMASQ" waa maqaal kale oo weyn oo uu qoraagu na siinayo sysadmins si aan u horumarino nafteena farsamo ahaan iyo aragti ahaanba.
    Kiiskeyga shaqsiyeed waxaan si aan mugdi ku jirin uga ogaadey dnsmasq tan iyo markii aan mudnaanta siinayey DNS (Bind) iyo DHCP sidii laba adeeg oo madax-bannaan. Aniga ahaan waa wax weyn! Waxyaabaha dnsmasq si loogu oggolaado in labadaba lagu habeeyo hal adeeg (iyada oo loo marayo faylka /etc/dnsmasq.conf).
    Wanaagsan! awood u leh inuu ku taageero ugu yaraan 1,000 macaamiisha leh DNS iyo DHCP iyadoon wax saameyn ah ku yeelanayn waxqabadka.
    Sidoo kale wax aad u wanaagsan ayaa ah TALO ku saabsan sida looga fogaado weydiimaha la xiriira Root Servers ama Forwarders iyagoo isticmaalaya / iwm / banner_add_host feyl meesha aan ku gelineyno "N" goobaha aan u baahanahay inaan ku dhawaaqno sidii inay ahaayeen "localhosts".
    Ugu dambayntii iyo sidii looga bartay qoraaga qaybtiisa "Qaybta xigta", wuxuu hadda qorsheynayaa inuu soo gudbiyo jawharad kale "isku-darka Dnsmasq iyo Microsoft® Active Directory®".
    Hagaag, horey ayaan u sugeynaa.

    Jawaab IWO
  6.   Zodiac dijo
    samee 7 sano

    Waan mashquulsanaa oo ma raaci kari waayey maqaalladaadii. Qaar baan u xiisay. Qoraal kasta oo cusub oo kaa mid ahi waa layaab farxad leh oo ay ku jiraan waxbaris cusub. Sii wad, saaxiib Fico

    Ku jawaab Zodiac
  7.   isxaaq 88 dijo
    samee 7 sano

    Dnsmasq, waxaan markhaati ka ahay hawlgalkeeda maalin kasta, waa tan ugu fiican. Had iyo jeer waan kuu sheegi jiray oo waxaan ku adkeysan jiray isdhexgalka bind9 iyo isc-dhcp-server (xalka aan aad u jeclahay, maxaa yeelay isku dayo marar badan ayaan bartay oo aan arkay oo helay wax yar oo aan ka aqaan dns iyo dhcp, VIIII, waan kari karayay arag waxa Microsoft aysan kuu oggolaaneynin inaad fiirsato, waxa aysan dooneynin inaad barato oo ay kugu hayso qol mugdi ah oo qufulan, runti waa adeegyo looga hadlay sidii iyagoo bahalnimo ah oo waa dad wanaagsan, waad la macaamili kartaa runta iyaga), waadna ku mahadsan tahay Tan waxaa lagugu qasbay inaad naftaada sii wanaajiso xitaa, runtii waxaan horeyba u aragnay dhammaan natiijooyinka dadaalkan waxaanan kuugu mahadnaqeynaa tayada qoraaladaada.
    Midkani gaar ahaan waa super, kama qaato inta kale, WAQTI MA AHA, XATAA INAAN KA FIKIRO; Laakiin waa adiga dartiis oo aan ula kulmay saaxiibkay dnsmasq iyo shabakadda degenaanshahaygu waxay ku nooshahay si ka farxad badan la kulanka saaxiibkeen cusub ee uu abuuray Simon Kelley. Mahad isagana

    Ku jawaab crespo88
  8.   federico dijo
    samee 7 sano

    IWO: Ma sugi doontid waqti dheer boostada soo socota. Weli maan dhamayn maxaa yeelay aad baan ugu mashquulsan ahay shaqadayda maalinlaha ah. Waqtiga ... Laakiin hubaal waxaad heli doontaa usbuuca soo socda.

    Ku jawaab feederico
  9.   federico dijo
    samee 7 sano

    Crespo88: Kuma dari karo wax kale faallooyinkaaga oo dhameystiran. Aniguna waaba iga yarahay waqtiga maxaa yeelay 7-da fiidnimo waxaa iga dhammaaday marinkii navigation
    Mahadsanid!.

    Ku jawaab feederico
  10.   caesareli dijo
    samee 6 sano

    Salaan, FICO. Maqaal aad u wanaagsan.
    Waxaan jeclaan lahaa inaan ogaado sida loo hirgaliyo dnsmasq baremetal (HP Proliant gen 8) oo martigaliya mashiinada casriga ee KVM.
    Ma habboon tahay in qaabeynta dnsmasq lagu sameeyo martida ama mid ka mid ah VM-ka u shaqeeya server dnsmasq?
    Waxaan ku jiraa xaalad qas ah
    Thanks.

    Ku jawaab cesareli