BIND iyo Tusaha Firfircoon® - Shabakadaha SME

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Saaxiibbo waad salaaman tihiin !. Ujeeddada ugu weyn ee maqaalkani waa in la muujiyo sida aan ula jaan qaadi karno adeegga DNS ee ku saleysan BIND9 ee shabakadda Microsoft, oo aad ugu badan SMEs badan.

Waxay ka timi codsi rasmi ah oo saaxiib ku nool La Tierra del Fuego -Fuegiyanka- ku takhasusay Microsoft® Networks - Shahaadooyinka lagu daray - inuu kugu hago qaybtaan ka mid ah u guuritaanka server-yadaada Linux. Kharashaadka Taageero Farsamo yaqaan bixiya Microsoft® horeyba waa loo haystaa Loo dulqaadan karin Shirkadda uu ka shaqeeyo ee uu ka yahay Saamilaydiisa Weyn.

Saaxiibkay Fuegiyanka wuxuu leeyahay dareen qosol badan, tan iyo markii uu arkay taxanaha seddex filim «Rabbi fardaha»Waxaa soo jiitay magacyo badan oo ka mid ah shakhsiyaadkiisii ​​madowga ahaa. Marka, Akhriste saaxiib, ha la yaabin magacyada boggaaga iyo kuwa ku shaqeeya.

Kuwa ku cusub mawduuca, iyo ka hor intaadan sii wadin aqrinta, waxaan kugula talineynaa inaad aqriso oo aad baratid seddexdii maqaal ee hore ee Shabakadaha SME:

• DNS iyo DHCP oo kujira OpenSUSE 13.2 "Harlequin"
• DNS iyo DHCP ee CentOS 7
• DNS iyo DHCP ee Debian 8 "Jessie"

Waxay la mid tahay daawashada saddex ka mid ah afarta qaybood ee «Dunida hoose»La daabacay ilaa maanta, oo kani waa kii afraad.

Xuduudaha guud

Kadib isweydaarsi dhowr ah kadib email, ugu dambayntii waxaan ku cadeeyay xuduudaha ugu muhiimsan ee shabakadaada hada, kuwaas oo ah:

Magaca domain mordor.fan Shabakadda LAN 10.10.10.0/24 ================================== ========================================== U adeegayaasha Ujeedada IP Address (Servers with OS Windows) ================================================== ============================== sauron.mordor.fan. 10.10.10.3 Tusaha Firfircoon®® 2008 SR2 mamba.mordor.fan. 10.10.10.4 Windows file server-ka darklord.mordor.fan. 10.10.10.6 Wakiil, albaab iyo gidaar-dhiska Kerios troll.mordor.fan. 10.10.10.7 Blog ku saleysan ... ma xasuusan karo shadowftp.mordor.fan. 10.10.10.8 FTP server blackelf.mordor.fan. 10.10.10.9 Adeeg e-mayl buuxa blackspider.mordor.fan. 10.10.10.10 WWW adeegga palantir.mordor.fan. 10.10.10.11 Kala hadal Openfire ee Windows

Waxaan weydiistay ogolaansho Fuegiyanka inaan dejiyo inta Magacyo ee loo baahan yahay si aan maskaxdayda u nadiifiyo oo ay i siisay ogolaanshihiisa:

Real CNAME ============================== sauron ad-dc mamba fileserver darklord proxyweb troll blog shadowftp ftpserver blackelf mail blackspider www palantir openfire

Waxaan ku dhawaaqay dhammaan diiwaanada muhiimka ah ee DNS markaan rakibey Diiwaanka Firfircoon ee Windows 2008 ee laygu qasbay inaan hirgeliyo si uu iigu hago sameynta qoraalkan.

Ku saabsan Diiwaanka Firfircoon ee Diiwaanka DNS SRV

Diiwaanada SRV o Tilmaamaha Adeegga - oo si ballaadhan loogu adeegsado Microsoft Active Directory - ayaa lagu qeexay Codsiga Faallooyinka RFC 2782. Waxay u oggolaadaan goobta adeegga ku saleysan borotokoolka TCP / IP iyada oo loo marayo weydiinta DNS. Tusaale ahaan, macaamil ka tirsan shabakadda Microsoft wuxuu heli karaa meesha ay ku yaalliin Domain Controllers - Maamulayaasha Domain kaas oo bixiya adeegga LDAP ee ku saabsan borotokoolka TCP ee ku yaal dekedda 389 iyada oo loo marayo hal weydiin DNS ah.

Waa caadi in Kaymaha - kaymaha, iyo Geedo - Geedaha ee Shabakad weyn oo Microsoft ah waxaa jira dhowr Domain Controllers. Iyada oo la adeegsanayo diiwaanada SRV ee aagagga kala duwan ee ka kooban Magaca Magaca Goobta Shabakaddaas, waxaan ku sii wadi karnaa Liiska Adeegyada bixiya adeegyo caan ah oo la mid ah, oo lagu dalbado xulasho sida ku xusan borotokoolka gaadiidka iyo deked kasta mid ka mid ah server-yada.

In Codsiga Faallooyinka RFC 1700 Qeexida Magacyada Calaamadaha Caalamiga ah ee Adeegyada Caanka ah - Adeeg sifiican loo yaqaan, iyo magacyada sida «_netnet«,«_smtp»Adeegyada telnet y SMTP. Haddii magac astaan ​​ah aan loogu qeexin Adeeg Si fiican loo yaqaan, magac maxalli ah ama magac kale ayaa loo isticmaali karaa iyadoo la raacayo dookha isticmaalaha.

Ujeedada goob kasta «khaas ah»Waxaa loo isticmaalaa bayaanka Diiwaanka Kheyraadka ee SRV waa waxyaabaha soo socda:

• Domain: "Pdc._msdcs.mordor.fan.«. Magaca DNS ee adeegga uu diiwaanka SRV tixraacayo. Magaca DNS ee tusaalaha ah macnaheedu waa -ba more ama ka yar- Maamulaha Domain Primary ee deegaanka _msdcs.mordor.fan.
• Service: "_Ldap". Magaca calaamadaha adeegga ee la bixiyo lagu qeexay sida ku xusan Codsiga Faallooyinka RFC 1700.
• Protocol: "_Tcp". Waxay muujineysaa nooca borotokoolka gaadiidka. Caadi ahaan waxay qaadan karaan qiyamka _tcp o _pp, inkasta oo - iyo xaqiiqo ahaan- nooc kasta oo maamuuska gaadiidka ah ee lagu muujiyey Codsiga Faallooyinka RFC 1700. Tusaale ahaan, adeeg ahaan chat hab maamuus ku saleysan XMPP, goobtani waxay lahaan laheyd qiimaha _xmpp.
• Mudnaanta"0«. Ku dhawaaq mudnaanta ama doorbidka kan Marti geliyaha adeeggan in aan gadaal ka arki doono. Weydiimaha DNS ee macaamiisha ee ku saabsan adeegga lagu qeexay diiwaankan SRV, marka la helo jawaabta ku habboon, waxay isku dayi doonaan inay la xiriiraan martigeliyaha ugu horreeya ee la heli karo oo leh lambarka ugu hooseeya ee ku qoran aagga. Mudnaanta. Qiyamka qiyaasta ee meeshan qaadan karto waa 0 65535 a.
• Miisaanka"100«. Waxaa loo isticmaali karaa isku dhafan Mudnaanta si loo bixiyo farsamo dheellitirka xamuulka marka ay jiraan dhowr server oo bixiya adeeg isku mid ah. Waa inuu jiraa diiwaan SRV la mid ah mid kasta oo ka mid ah faylalka soonaha, iyadoo magaceeda lagu shaaciyay berrinka Marti geliyaha adeeggan. Kahor intaan la helin qadarino siman berrinka Mudnaanta, qiimaha goobta Miisaanka waxaa loo isticmaali karaa sidii heer dheeraad ah oo doorbid ah si loo helo xulashada saxda ah ee serverka loogu talagalay dheelitirka culeyska. Qiyamka qiyaasta ee meeshan qaadan karto waa 0 65535 a. Haddii dheelitirka xamuulka aan loo baahnayn, tusaale ahaan sida keli ah hal server, waxaa lagugula talinayaa inaad u dhigto qiimaha 0 si loo fududeeyo diiwaanka SRV in la akhriyo.
• Lambarka dekedda - Port"389«. Lambarka dekedda ee Marti geliyaha adeeggan kaas oo bixiya adeegga lagu muujiyey berrinka Service. Lambarka dekedda ee lagula taliyay nooc kasta oo Adeeg ah oo Si Fiican Loo Ogaaday ayaa lagu muujiyay Codsiga Faallooyinka RFC 1700, inkasta oo ay qiime ku kala qaadan karto 0 iyo 65535.
• Marti geliyaha adeeggan - Bartilmaameedka"suunka.mordor.fan.«. Qeexaa FQDN taas oo si aan shaki ku jirin u aqoonsato ciidankii kaas oo bixiya adeegga lagu muujiyey diiwaanka SRV. Nooca diiwaanka «A»Bogga magac kasta ee bogga FQDN ka yimid serverka ama ciidankii kaas oo bixiya adeegga. Ka fudud, rikoor nooc ah A aagga (yada) tooska ah.
  • Nota:
    Si awood loo muujiyo in adeegga uu cayimay diiwaanka SRV aan laga siinin martigaliyahan, hal (.) dhibic.

Waxaan kaliya dooneynaa inaan ku celino in howlgalka saxda ah ee shabakad ama Active Directory® uu si weyn ugu tiirsan yahay howlgalka saxda ah ee Adeegga Magaca Magaca..

Diiwaanka firfircoon ee diiwaanka DNS

Si aad u sameysid Aagagga Server-ka cusub ee DNS oo ku saleysan BIND, waa inaan ka helno dhammaan diiwaanada 'DNS Directory'. Si nolosha loo fududeeyo, waxaan aadeynaa kooxda suunka.mordor.fan - Tusaha Waxqabadka ® 2008 SR2- iyo Console Maamulka DNS waxaan ku dhaqaajineynaa Wareejinta Aaga - toos ah iyo gadaal - ee aagagga ugu muhiimsan ee lagu dhawaaqay adeegga noocan ah, kuwaas oo ah:

• _msdcs.mordor.fan
• mordor.fan
• 10.10.10.in-adr.arpa

Marka talaabada hore la qaado oo laga doorbido kombuyuutar Linux ah oo cinwaankiisa IP uu ku dhexjiro inta u dhexeysa subnet-ka ay adeegsato Shabakadda Windows, waxaan fulinnaa:

buzz @ sysadmin: ~ $ dig @ 10.10.10.3 _msdcs.mordor.fan axfr> kulaylka /rrs._msdcs.mordor.fan
buzz @ sysadmin: ~ $ dig @ @ 10.10.10.3 mordor.fan axfr> kuleyl / rrs.mordor.fan
buzz @ sysadmin: ~ $ dig @ 10.10.10.3 10.10.10.in-addr.arpa axfr> kuleyl / rrs.10.10.10.in-addr.arpa

• Xusuusnow qormooyinkii hore cinwaanka IP ee qalabka sysadmin.desdelinux. taageere waa 10.10.10.1 ama 192.168.10.1.

Saddexda amar ee hore waxaan ka takhalusi karnaa ikhtiyaarka @10.10.10.3 -weydii server-ka DNS cinwaankaas- haddii aan ku caddeynno faylka /etc/resolv.conf u adeegso IP suunka.mordor.fan:

buzz@sysadmin:~$ cat /etc/resolv.conf 
# Generated by NetworkManager
search desdelinux.fan
nameserver 192.168.10.5
nameserver 10.10.10.3

Ka dib markaan wax ku saxno taxaddar aad u daran, sida u dhiganta faylalka aag kasta ee ku jira BIND, waxaan heli doonnaa xogta soo socota:

Diiwaanada RRs ee aagga asalka ah _msdcs.mordor.fan

buzz @ sysadmin: ~ $ bisad temp / rrs._msdcs.mordor.fan 
; Laxiriira SOA iyo NS _msdcs.mordor.fan. 3600 gudaha SOA sauron.mordor.fan. maareeyaha.mordor.fan. 12 900 600 86400 3600 _msdcs.mordor.fan. 3600 IN NS sauron.mordor.fan. ; ; CATALOG CAALAMIGA gc._msdcs.mordor.fan. 600 IN A 10.10.10.3; ; Lahaanshaha - ku jira xogta wax laga beddelay ee gaarka loo leeyahay ee LDAP ee Diiwaanka Firfircoon- ee SAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 IN CNAME sauron.mordor.fan. ; ; LDAP wax laga badalay oo gaar loo leeyahay ee Tusaha Firfircoon _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS wax laga badalay oo laga khaasiyay Tilmaamaha Firfircoon _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan.

RRs diiwaanka aagga asalka ah mordor.fan

buzz @ sysadmin: ~ $ bisad temp / rrs.mordor.fan 
; La xiriirida SOA, NS, MX iyo diiwaanka A ee ay khariidadeynayso; Magaca Domain ee IP-ga SAURON; Waxyaabaha ku jira Diiwaanka Firfircoon ee mordor.fan. 3600 gudaha SOA sauron.mordor.fan. maareeyaha.mordor.fan. 48 900 600 86400 3600 mordor.fan. 600 IN 10.10.10.3 mordor.fan. 3600 IN NS sauron.mordor.fan. mordor.fan. 3600 IN MX 10 blackelf.mordor.fan. _msdcs.mordor.fan. 3600 IN NS sauron.mordor.fan. ; ; Sidoo kale A muhiim ah diiwaanka DomainDnsZones.mordor.fan. 600 IN 10.10.10.3 ForestDnsZones.mordor.fan. 600 IN A 10.10.10.3; ; KOOBARKA CAALAMIGA _gc._tcp.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _gc._tcp.Default -First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. ; ; LDAP wax laga badalay oo gaar loo leeyahay ee Tusaha Firfircoon _ldap._tcp.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS wax laga badalay oo gaar loo leeyahay oo ah Tusaha Firfircoon _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kasswd._tcp.mordor.fan. 600 IN SRV 0 100 464 sauron.mordor.fan. _kerberos._udp.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. 600 IN SRV 0 100 464 sauron.mordor.fan. ; ; Diiwaanno leh IP-yo go'an -> Blackelf.mordor.fan server. 3600 IN 10.10.10.9 blackspider.mordor.fan. 3600 IN 10.10.10.10 darklord.mordor.fan. 3600 IN 10.10.10.6 mamba.mordor.fan. 3600 IN 10.10.10.4 palantir.mordor.fan. 3600 IN 10.10.10.11 sauron.mordor.fan. 3600 IN 10.10.10.3 shadowftp.mordor.fan. 3600 IN 10.10.10.8 troll.mordor.fan. 3600 IN A 10.10.10.7; ; CNAME wuxuu diiwaan geliyaa ad-dc.mordor.fan. 3600 IN CNAME sauron.mordor.fan. blog.mordor.fan. 3600 IN CNAME troll.mordor.fan. faylalka.mordor.fan. 3600 IN CNAME mamba.mordor.fan. ftpserver.mordor.fan. 3600 IN CNAME shadowftp.mordor.fan. boostada.mordor.fan. 3600 IN CNAME balckelf.mordor.fan. furan.mordor.fan. 3600 IN CNAME palantir.mordor.fan. wakiil.mordor.fan. 3600 IN CNAME darklord.mordor.fan. www.mordor.fan. 3600 IN CNAME blackspider.mordor.fan.

Diiwaanada RRs ee aagga asalka ah 10.10.10.in-addr.arpa

buzz @ sysadmin: ~ $ cat temp / rrs.10.10.10.in-addr.arpa 
; Laxiriira SOA iyo NS 10.10.10.in-addr.arpa. 3600 gudaha SOA sauron.mordor.fan. maareeyaha.mordor.fan. 21 900 600 86400 3600 10.10.10.in-addr.arpa. 3600 IN NS sauron.mordor.fan. ; ; Diiwaanada PTR 10.10.10.10.in-addr.arpa. 3600 gudaha PTR blackspider.mordor.fan. 11.10.10.10.in-addr.arpa. 3600 IN PTR palantir.mordor.fan. 3.10.10.10.in-addr.arpa. 3600 INTER sauron.mordor.fan. 4.10.10.10.in-addr.arpa. 3600 IN PTR mamba.mordor.fan. 5.10.10.10.in-addr.arpa. 3600 INT PTR dnslinux.mordor.fan. 6.10.10.10.in-addr.arpa. 3600 gudaha PTR muglord.mordor.fan. 7.10.10.10.in-addr.arpa. 3600 INT PTR troll.mordor.fan. 8.10.10.10.in-addr.arpa. 3600 gudaha PTR shadowftp.mordor.fan. 9.10.10.10.in-addr.arpa. 3600 PTR gudaha blackelf.mordor.fan.

Ilaa heerkaan waxaan u maleyn karnaa inaan heysano xogta lagama maarmaanka u ah inaan kusii wadno halxiraalaheena, maahan inaan marka hore kormeerno TTLyada iyo xog kale oo qaab aad u kooban u ah soo saarida iyo kormeerka tooska ah ee DNS-ka Microsft® Active Directory® 2008 SR2 64 jajab ayaa na siinaya.

Sawirada Maareeyaha DNS ee SAURON

Kooxda Dnslinux.mordor.fan.

Haddii aan si dhow u eegno, cinwaanka IP-ga 10.10.10.5 magac looma qorin si hufan si loogu qabsado magaca DNS-ka cusub dnslinux.mordor.fan. Si loo rakibo lammaanaha DNS iyo DHCP waxaan ku hagi karnaa qodobbada DNS iyo DHCP ee Debian 8 "Jessie" y DNS iyo DHCP ee CentOS 7.

Nidaamka hawlgalka ee saldhigga ah

Saaxiibkay FuegiyankaMarka lagu daro inuu yahay khabiir dhab ah oo ku shaqeeya Microsoft® Windows - wuxuu heystaa labo shahaado oo ay bixisay shirkaddaas - wuxuu akhriyay oo uu dhaqan galiyay qaar ka mid ah qodobbada ku saabsan kumbuyuutarrada lagu daabacay DesdeLinux., Wuxuuna ii sheegay inuu si cad u doonayo xal ku saleysan Debian. 😉

Si aan kuugu farxo, waxaan ku bilaabi doonnaa rakibaad nadiif ah oo nadiif ah oo ku saleysan Debian 8 "Jessie". Si kastaba ha noqotee, waxa aan qori doonno xiga waxay ansax u yihiin CentOS iyo OpenSUSE qeybinta kuwaas oo maqaallada aan horay u soo sheegnay BIND iyo DHCP waa isku mid wixii disto ah. Kala duwanaansho yar ayaa lagu soo bandhigayaa dayactirayaasha xirmooyinka qayb kasta.

Waxaan u samayn doonaa rakibaadda sida ku cad DNS iyo DHCP ee Debian 8 "Jessie", taxaddar si aad u isticmaasho IP-ga 10.10.10.5 iyo shabakada 10.10.10.0/24., Xitaa kahor intaanad habeynin XIRIIRKA.

Waxaan ku xirnaa BIND qaabka Debian-ka

/etc/bind/named.conf

Faylka /etc/bind/named.conf waan uga tagnay sidii ay u rakiban tahay.

/etc/bind/named.conf.options

Faylka /etc/bind/named.conf.options waa in loo daayaa waxyaabaha soo socda:

xididka @ dnslinux: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

xididka @ dnslinux: ~ # nano /etc/bind/named.conf.options
xulashooyinka {directory "/ var / cache / bind"; // Haddii uu jiro gidaar u dhexeeya adiga iyo magac-qofeedyada aad rabto // inaad la hadasho, waxaa laga yaabaa inaad u baahato hagaajinta gidaarka si aad ugu oggolaato dhowr dekedood inay la hadlaan. Eeg http://www.kb.cert.org/vuls/id/800113 // Haddii shirkaddaada ISP ay bixisay hal ama in ka badan cinwaanada IP ee xasilloon // magac bixiyaasha, waxaad u baahan tahay inaad u isticmaasho sidii gudbin ahaan. // Faahfaahin boodhka soo socda, oo geli cinwaannada beddelaya // meeleeyaha dhammaan-0. // gudbiyeyaasha {// 0.0.0.0; //}; // ============================================== ===================== $ // Haddii BIND uu qoro farriimo khalad ah oo ku saabsan furaha xididku uu dhacay, // waxaad u baahan doontaa inaad cusboonaysiiso furayaashaada. Eeg https://www.isc.org/bind-keys // ================================= =================================== $

    // Dooni meyno DNSSEC
        dnssec-karti maya;
        //dnssec-xaqiijinta auto;

        qor-nxdomain no; # raacsan RFC1035

 // Uma baahnin inaan dhageysano cinwaanada IPv6
        // dhagayso-on-v6 {kasta; };
    dhagayso-on-v6 {midna; };

 // Jeegaga ka imanaya localhost iyo sysadmin
    // iyada oo loo marayo // qodo mordor.fan axfr // qod 10.10.10.in-addr.arpa axfr // qodo _msdcs.mordor.fan axfr // Ma lihin Addoon DNS ah ... illaa hadda
 ogolaansho-wareejin {localhost; 10.10.10.1; };
};

// Gelitaanka XIDHIIDHKA
jaridda {

        weydiimaha kanaalka {
        faylka "/var/log/named/queries.log" noocyada 3 cabir 1m;
        darnaanta macluumaadka;
        waqtiga daabacaadda haa;
        daabacaad-darnaanta haa;
        daabacaadda-qaybta haa;
        };

        cilad weydiin-cilad {
        faylka "/var/log/named/query-error.log" noocyada 3 cabir 1m;
        darnaanta macluumaadka;
        waqtiga daabacaadda haa;
        daabacaad-darnaanta haa;
        daabacaadda-qaybta haa;
        };

                                
weydiimaha qaybta {
         weydiimaha;
         };

khaladaadka weydiinta qaybta {
         su'aal-qalad;
         };

};

• Waxaan soo bandhigeynaa qabashada diiwaanada BIND sida a CUSUB muuqaalka taxanaha maqaalka mawduuca. Waxaan abuureynaa lgalka iyo faylasha loo baahan yahay Gelitaanka ee XIDHIIDHKA:

xididka @ dnslinux: ~ # mkdir / var / log / magacaabay
xididka @ dnslinux: ~ # taabasho /var/log/named/queries.log
xididka @ dnslinux: ~ # taabasho /var/log/named/query-error.log
xididka @ dnslinux: ~ # chown -R xidh: xidho / var / log / magacaabay

Waxaan hubineynaa qaabeynta faylasha la duubay

xididka @ dnslinux: ~ # magacaabay-jeegga kontoroolka 
xididka @ dnslinux: ~ #

/etc/bind/named.conf.local

Waxaan abuuraynaa faylka /etc/bind/zones.rfcFreeBSD leh isla nuxurka sida ku xusan DNS iyo DHCP ee Debian 8 "Jessie".

xididka @ dnslinux: ~ # nano /etc/bind/zones.rfcFreeBSD

Faylka /etc/bind/named.conf.local waa in loo daayaa waxyaabaha soo socda:

// // Wax kasta oo qaab dhismeed ah halkan ku samee // // Tixgeli inaad ku darto aagagga 1918 halkan, haddii aan loo isticmaalin hay'addaada // urur
ka mid ah "/etc/bind/zones.rfc1918"; ku dar "/etc/bind/zones.rfcFreeBSD";

soonaha "mordor.fan" {type master; faylka "/var/lib/bind/db.mordor.fan"; }; soonaha "10.10.10.in-addr.arpa" {type master; faylka "/var/lib/bind/db.10.10.10.in-addr.arpa"; };

soonaha "_msdcs.mordor.fan" {type master;
 magacyada hubinta ayaa iska indhatira; faylka "/etc/bind/db._msdcs.mordor.fan"; }; xididka @ dnslinux: ~ # magacaabay-jeegga kontoroolka
xididka @ dnslinux: ~ #

Kaydka Aagga mordor.fan

xididka @ dnslinux: ~ # nano /var/lib/bind/db.mordor.fan
$ TTL 3H @ IN SOA dnslinux.mordor.fan. xididka.dnslinux.mordor.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha;
; KA DIGTOONOW QORAALADA SOO SOCDA
@ IN NS dnslinux.mordor.fan.
@ IN A 10.10.10.5
@ IN MX 10 blackelf.mordor.fan. @ TXT KU SAABSAN "Wellcome to The Dark Lan of Mordor";
_msdcs.mordor.fan. IN NS dnslinux.mordor.fan.
;
dnslinux.mordor.fan. IN 10.10.10.5
; SI AAD U HESHO KU DHAMMAAD DIIWAANADAN SOO SOCDA;
DomainDnsZones.mordor.fan. IN 10.10.10.3 ForestDnsZones.mordor.fan. IN 10.10.10.3; ; KOOBARKA CAALAMIGA AH _gc._tcp.mordor.fan. 600 IN SRV 0 0 3268 sauron.mordor.fan. _gc._tcp.Default -First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 3268 sauron.mordor.fan. ; ; LDAP wax laga badalay oo gaar loo leeyahay ee Tusaha Firfircoon _ldap._tcp.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. 600 IN SRV 0 0 389 sauron.mordor.fan. ; ; KERBEROS wax laga beddelay oo gaar loo leeyahay oo ah Tusaha Firfircoon _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _kerberos._tcp.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _kasswd._tcp.mordor.fan. 600 IN SRV 0 0 464 sauron.mordor.fan. _kerberos._udp.mordor.fan. 600 IN SRV 0 0 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. 600 IN SRV 0 0 464 sauron.mordor.fan. ; ; Diiwaanno leh IP-yo go'an -> blackelf.mordor.fan server. IN 10.10.10.9 blackspider.mordor.fan. 10.10.10.10 mugdi ah.mordor.fan. IN 10.10.10.6 mamba.mordor.fan. IN 10.10.10.4 palantir.mordor.fan. IN 10.10.10.11
suunka.mordor.fan. IN 10.10.10.3 ah
shadowftp.mordor.fan. IN 10.10.10.8 troll.mordor.fan. IN 10.10.10.7; ; CNAME wuxuu diiwaan geliyaa ad-dc.mordor.fan. IN CNAME sauron.mordor.fan. blog.mordor.fan. IN CNAME troll.mordor.fan. faylalka.mordor.fan. IN CNAME mamba.mordor.fan. ftpserver.mordor.fan. IN CNAME shadowftp.mordor.fan. boostada.mordor.fan. IN CNAME balckelf.mordor.fan. furan.mordor.fan. IN CNAME palantir.mordor.fan. wakiil.mordor.fan. IN CNAME darklord.mordor.fan. www.mordor.fan. IN CNAME blackspider.mordor.fan.

xididka @ dnslinux: ~ # magacaabay-hubinta aagga mordor.fan /var/lib/bind/db.mordor.fan 
aagga mordor.fan/IN: taxane xamuul ah 1 Ok

Waqtiyada XAD 600 dhammaan diiwaanada SRV waan xafidi doonaa haddiiba aan ku rakibno addoonsiga 'Slave BIND' waqtiyada ay socdaan. Diiwaanadaasi waxay matalayaan Active Directory® adeegyada inta badan ka akhriya xogta keydkaaga LDAP. Maaddaama keydka keydku uu si isdaba joog ah isu beddelo, waqtiyada isku-dhafan waa in la gaabiyaa, oo ah nidaamka Master - Slave DNS. Marka loo eego falsafada Microsoft ee laga arkay Active Directory 2000 ilaa 2008, qiimaha 600 ayaa loo hayaa noocyada diiwaanada SRV.

ka TTLyada ee server-yada leh IP-ga go'an, waxay ku hoos jiraan waqtiga lagu dhawaaqay ee SOA ee 3 saacadood.

Faylka Aaga 10.10.10.in-addr.arpa

xididka @ dnslinux: ~ # nano /var/lib/bind/db.10.10.10.in-addr.arpa
$ TTL 3H @ IN SOA dnslinux.mordor.fan. xididka.dnslinux.mordor.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS dnslinux.mordor.fan. ; 10 gudaha PTR blackspider.mordor.fan. 11 gudaha PTR palantir.mordor.fan. 3 INTER sauron.mordor.fan. 4 gudaha PTR mamba.mordor.fan. 5 Gudaha PTR dnslinux.mordor.fan. 6 Gudaha PTR muglord.mordor.fan. 7 Gudaha PTR troll.mordor.fan. 8 gudaha PTR shadowftp.mordor.fan. 9 Gudaha PTR blackelf.mordor.fan.

xididka @ dnslinux: ~ # magacaabay-hubinta aag 10.10.10.in-addr.arpa /var/lib/bind/db.10.10.10.in-addr.arpa 
aagga 10.10.10.in-addr.arpa/IN: taxane xamuul ah 1 Ok

Faylka Aaga _msdcs.mordor.fan

Aynu tixgelinno waxa lagu taliyay faylka /usr/share/doc/bind9/README.Debian.gz Ku saabsan meesha ay ku yaalliin feylasha aagagga Master-ka ee aan lagu soo rogin cusbooneysiinta firfircoon ee DHCP

xididka @ dnslinux: ~ # nano /etc/bind/db._msdcs.mordor.fan
$ TTL 3H @ IN SOA dnslinux.mordor.fan. xididka.dnslinux.mordor.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS dnslinux.mordor.fan. ; ; ; CATALOG CAALAMIGA gc._msdcs.mordor.fan. 600 IN A 10.10.10.3; ; Lahaanshaha - ku jira xogta wax laga beddelay ee gaarka loo leeyahay ee LDAP ee Diiwaanka Firfircoon- ee SAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 IN CNAME sauron.mordor.fan. ; ; LDAP wax laga badalay oo gaar loo leeyahay ee Tusaha Firfircoon _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. 600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. 600 IN SRV 0 100 389 sauron.mordor.fan. ; ; KERBEROS wax laga badalay oo gaar loo leeyahay oo ah Tusaha Firfircoon _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. 600 IN SRV 0 100 88 sauron.mordor.fan.

Waxaan eegeynaa qoraalka oo waan iska indha tiri karnaa qaladka ay soo celineyso, tan iyo qaabeynta aaggan feylka /etc/bind/named.conf.local waxaan ku darnaa bayaanka magacyada hubinta ayaa iska indhatira;. Aaga waxaa si sax ah u rakibaya BIND.

xididka @ dnslinux: ~ # magacaabay-hubinta aagga _msdcs.mordor.fan /etc/bind/db._msdcs.mordor.fan 
/etc/bind/db._msdcs.mordor.fan:14: gc._msdcs.mordor.fan: magaca milkiilaha xun (magacyada hubinta) aagga _msdcs.mordor.fan/IN: taxane xamuul ah 1 Ok

xididka @ dnslinux: ~ # systemctl dib u bilaabi bind9.service 
xididka @ dnslinux: ~ # systemctl status bind9.service 
Bind9.service - Xidhmee Magaca Domain Server Server Load: raran (/lib/systemd/system/bind9.service; firfircoonaan) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ magacaabay.conf Firfircoon: firfircoon (socda) ilaa Sun 2017-02-12 08:48:38 EST; 2s ago Docs: man: named (8) Process: 859 ExecStop = / usr / sbin / rndc stop (koodh = kabax, status = 0 / SUCCESS) Main PID: 864 (magacaabay) CGroup: /system.slice/bind9.service └─864 / usr / sbin / magacaabay -f -u bind Feb 12 08:48:38 dnslinux magacaabay [864]: zone 3.efip6.arpa/IN: load serial 1 Feb 12 08:48:38 dnslinux magacaabay [864 ]: zone befip6.arpa/IN: loaded serial 1 Feb 12 08:48:38 dnslinux named [864]: zone 0.efip6.arpa/IN: load serial 1 Feb 12 08:48:38 dnslinux magacaabay [864]: aagga 7.efip6.arpa/IN: xamuul taxane ah 1 Feb 12 08:48:38 dnslinux loogu magac daray [864]: zone mordor.fan/IN: serial load 1 Feb 12 08:48:38 dnslinux magacaabay [864]: aaga tusaale .org / IN: load serial 1 Feb 12 08:48:38 dnslinux named [864]: zone _msdcs.mordor.fan/IN: serial load 1 Feb 12 08:48:38 dnslinux named [864]: zone invalid / IN : load serial 1 Feb 12 08:48:38 dnslinux magacaabay [864]: dhammaan aagagga waa la raray
Feb 12 08:48:38 dnslinux oo loogu magac daray [864]: orodkii

Waxaan la tashannaa BIND-ga

Ka hor Kadib markaan rakibno DHCP, waa inaan fulino jeegag taxane ah oo ay kujirto xitaa ku biirista macmiilka Windows 7 ee bogga mordor.fan oo ay matalayaan Tusaha Firfircoon ee kumbuyuutarka lagu rakibay suunka.mordor.fan.

Waxa ugu horreeya ee la sameeyo waa in la joojiyo adeegga DNS ee kombiyuutarka suunka.mordor.fan, oo ku caddee qadkaaga shabakadda in wixii hadda ka dambeeya Server-kaaga DNS uu noqon doono 10.10.10.5 dnslinux.mordor.fan.

Konsol ee server laftiisa suunka.mordor.fan waxaan fulin:

Microsoft Windows [Nooca 6.1.7600]
Xuquuqda daabacaadda (c) 2009 Shirkadda Microsoft. Xuquuqda daabacaadu way xifdisan.

C: \ Users \ Administrator> nslookup
Server Default: dnslinux.mordor.fan Cinwaanka: 10.10.10.5

> gc._msdcs
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 Magaca: gc._msdcs.mordor.fan Cinwaanka: 10.10.10.3

> mordor.fan
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 Magaca: mordor.fan Cinwaanka: 10.10.10.3

> 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 Magaca: sauron.mordor.fan Cinwaanka: 10.10.10.3 Magacyada: 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan

> nooca loo dejiyey = SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan SRV adeega goobta barafka: mudnaanta = 0 miisaanka = 100 dekedda = 88 svr magaca martida = sauron.mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan cinwaanka internetka = 10.10.10.3 dnslinux.mordor.fan cinwaanka internetka = 10.10.10.5
> _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan Goobta adeegga SRV: mudnaanta = 0 miisaanka = 100 dekedda = 389 svr hostname = sauron .mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan cinwaanka internetka = 10.10.10.3 dnslinux.mordor.fan cinwaanka internetka = 10.10.10.5
> bixid

C: \ Users \ Administrator>

Weydiimaha DNS laga sameeyay suunka.mordor.fan waa kuwo lagu qanco.

Tallaabada xigta waxay noqon doontaa in la abuuro mashiin kale oo dalwad leh Windows 7 oo lagu rakibay. Maaddaama aynaan weli haysan adeegga DHCP, waxaan siin doonnaa kombuyuutarka magaca «win7»Cinwaanka IP-ga 10.10.10.251. Waxaan sidoo kale cadeyneynaa in adeegahaaga DNS uu noqon doono 10.10.10.5 dnslinux.mordor.fan, iyo in bogga raadinta uu noqon doono mordor.fan. Kama diiwaangelin doonno kumbuyuutarkaas DNS maxaa yeelay waxaan sidoo kale u isticmaali doonnaa inaan ku tijaabino adeegga DHCP ka dib markaan rakibno.

Marka xigta waxaan fureynaa konsole CMD oo gudaheeda ayaannu ku fulinnaa:

Microsoft Windows [Nooca 6.1.7601]
Xuquuqda daabacaadda (c) 2009 Shirkadda Microsoft. Xuquuqda daabacaadu way xifdisan.

C: \ Users \ buzz> nslookup
Server Default: dnslinux.mordor.fan Cinwaanka: 10.10.10.5

> mordor.fan
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 Magaca: mordor.fan Cinwaanka: 10.10.10.3

> nooca loo dejiyey = SRV
> _ldap._tcp.DomainDnsZones
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 _ldap._tcp.DomainDnsZones.mordor.fan Goobta adeegga SRV: mudnaanta = 0 miisaanka = 0 dekedda = 389 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor .fan sauron.mordor.fan cinwaanka internetka = 10.10.10.3 dnslinux.mordor.fan cinwaanka internetka = 10.10.10.5
> _kpasswd._udp
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 _kpasswd._udp.mordor.fan Goobta adeegga SRV: mudnaanta = 0 miisaanka = 0 dekedda = 464 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor.fan cinwaanka internetka sauron.mordor.fan = 10.10.10.3 dnslinux.mordor.fan cinwaanka internetka = 10.10.10.5
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones
Server: dnslinux.mordor.fan Cinwaanka: 10.10.10.5 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan SRV serv goobta barafka: mudnaanta = 0 miisaanka = 0 dekedda = 389 svr hostname = sauron. mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan cinwaanka internetka = 10.10.10.3 dnslinux.mordor.fan cinwaanka internetka = 10.10.10.5
> bixitaanka

C: \ Users \ buzz>

Weydiimaha DNS ee laga sameeyay macmiilka «win7»Sidoo kale waa lagu qancay.

Diiwaanka Firfircoon waxaan ku abuureynaa isticmaaleha «sarumanka«, Ujeeddadeeduna tahay isticmaalkeeda markaad ku biirto macmiilka win7 ilaa domainka mordor.fan, iyadoo la adeegsanayo habka «Aqoonsiga Shabakadda«, Isticmaalida magacyada isticmaalaha saruman@mordor.fan y maamule@mordor.fan. Ku biiritaanku wuxuu ahaa mid guuleystey waxaana lagu caddeeyey shaashadda soo socota:

Ku saabsan Cusbooneysiinta Dynamic ee Microsoft® DNS iyo BIND

Maaddaama aan hayno adeegga DNS-ka ee ku jira Diiwaanka Firfircoon ® macquul uma ahayn macmiilka «win7»Ku qor magacaaga iyo cinwaankaaga IP-gaas. In badan ayaa ka yar dnslinux.mordor.fan maadaama aanan wax hadal ah sameyn allow-cusbooneysii mid ka mid ah meelaha ku lugta leh.

Halkaana waxay ahayd meeshii dagaalka wanaagsan ee saaxiibkay laga sameeyay Fuegiyanka. E-maylkeygii ugu horreeyay ee ku saabsan dhinacan waxaan ka faallooday:

• Maqaallada Microsoft ee ku saabsan isticmaalka BIND iyo Active Directory® waxay ku talinayaan in, gaar ahaan Aagga Tooska ah, loo oggolaado in la cusbooneysiiyo -dhexgalay- toos ah macaamiisha Windows ee horay ugu biiray qaybta Diiwaanka Firfircoon.
• Taasi waa sababta, asal ahaan, aagagga DNS ee Diiwaanka Firfircoon® Cusbooneysii Cusboonaysiinta Dynamic Updates Macaamiisha Windows ayaa horay ugu biirey qaybta Diiwaanka Firfircoon. Haddii aysan midaysnayn, way ka waantoobaan cawaaqibka.
• DNS-ka Tilmaamaha Firfircoon wuxuu taageeraa cusbooneysiinta firfircoonaanta "Sug oo keliya", "Wax-qabad la'aan iyo ammaan", ama "Midna" oo la mid ah iyadoo la leeyahay MAYA Cusbooneysiin ama Midna.
• Haa, runtii Falsafada Microsoft kuma raacsan tahay in macaamiisheeda aysan ku cusbooneysiin doonin xogtooda DNS (yada), kama tagayaan furitaanka suurtagalnimada curyaaminta cusbooneysiinta firfircoonaanta ee DNS (yada), illaa ikhtiyaarkaas mooyee ayaa looga tagi doonaa ujeedooyin badan oo qarsoon.
• Microsoft waxay bixisaa "Amni" oo loogu beddelo Mugdi, sida saaxiibkey iyo saaxiibkay oo ku aflaxay koorsooyinka Shahaadooyinka Microsft® ay ii sheegeen. Run. Intaas waxaa sii dheer, El Fueguino ayaa ii xaqiijiyay.
• Macaamiil ku hela cinwaanka IP-ga iyada oo loo marayo DHCP lagu rakibay mashiin UNIX® / Linux tusaale ahaan, ma awoodi doono inuu xalliyo cinwaanka IP-ga ee magaciisa ilaa lagugu daro qaybta Diiwaanka Firfircoon, ilaa iyo inta Microsoft® ama BIND loo adeegsado sidii DNS bilaa casriyeyn firfircoon oo DHCP ah.
• Haddii aan ku rakibo DHCP qaybta 'Active Directory®' lafteeda, markaa waa inaan caddeeyaa in aagagga ay cusboonaysiisay Microsoft® DHCP.
• Haddii aynu BIND u adeegsanayno inay tahay DNS-ka shabakadda Windows, waa macquul oo waxaa lagu talinayaa inaan rakibno labada BIND-DHCP, iyadoo kan dambe si firfircoon loo cusbooneysiinayo BIND-ga arrintiina la soo gabagabeeyay.
• Adduunyada shabakadaha LAN-ka ee UNIX® / Linux, maaddaama cusbooneysiin firfircoon laga sameeyay BIND, kaliya Mr. DHCP ayaa loo oggol yahay «dhex gasho»Ku socota Mrs. BIND iyada oo cusbooneysiinteeda. Nasashada ku jirta nidaamka, fadlan.
• Marka aan ku dhawaaqo aagga mordor.fan tusaale ahaan: u oggolaan-cusbooneysiin {10.10.10.0/24; };, BIND lafteeda ayaa igu wargalinaysa marka aan bilaabayo ama dib u bilaabayo taas:

  • aagga 'mordor.fan' wuxuu kuu oggolaanayaa cusbooneysiinta cinwaanka IP, oo aan ammaan ahayn

• Dunida muqadaska ah ee UNIX® / Linux, saucy-ka noocaas ah ee leh 'DNS' waa wax aan la aqbali karin.

Waad qiyaasi kartaa inta ka hartay sarrifka aniga iyo saaxiibkay Fuegiyanka iyada oo loo marayo e-mails, Wadahadal Telegram, wicitaanada taleefanada ee uu isagu bixiyo (dabcan nin, uma lihi kiilo taas), iyo xitaa farriimaha xamaamka xambaara qarnigii XXI!

Xitaa wuxuu ku hanjabay inuusan ii soo dirin wiil xayawaankiisa ah, Iguana «Petra»Inuu ii ballanqaaday qayb ahaan bixinta. Halkaas runtii waan ka baqay. Marka waan bilaabay markale, laakiin xagal kale.

• Tusaha Firfircoon ee "ku dhowaad" ee lagu gaari karo Samba 4, wuxuu ku xallinayaa dhinacan si heer sare ah, labadaba markaan isticmaaleyno DNS Gudaha, ama BIND oo la soo ururiyey si loo taageero aagagga DLZ - Aagagga Dinamyc, ama Aagagga Dynamically Loaded.
• Waxay kusii socotaa isla isla: marka macmiilku helo cinwaan IP ah iyada oo loo marayo DHCP lagu rakibay kale Mashiinka UNIX® / Linux, ma awoodi doontid inaad xalliso cinwaanka IP-ga ee magacaaga ilaa ay ku biirayaan xayndaabka Samba 4 AD-DC.
• Isku-darka labada BIND-DLZ iyo DHCP isla mashiinka halka ay AD-DC Samba 4 waa shaqo takhasus dhab ah.

Fuegiyanka Wuxuu iigu yeeray cutubka wuuna igu qayliyay: MA ka hadlayno AD-DC Samba 4, laakiin Microsoft® Active Directory®!. Aniguna waxaan si khushuucsan ugu jawaabay inaan ku faraxsanahay qayb ka mid ah qodobbada soo socda ee aan qori doono.

Taasi waa markii aan u sheegay taas, go'aanka ugu dambeeya ee casriyeynta firfircoon ee kombiyuutarada macmiilka ee shabakadiisa ayaa looga tagay ikhtiyaari ikhtiyaari ah. Taasi waxaan siin lahaa oo keliya isaga tip qoran ka hor ku saabsan u oggolaan-cusbooneysiin {10.10.10.0/24; };, iyo in ka badan waxba. In aanan mas'uul ka ahayn waxa ka dhashay dhillaysigaas oo macmiil kasta oo Windows ah - ama Linux - shabakaddooda «dhex geli doono»Iyadoo aan ciqaab lagu mutaysan doonin XANUUNKA.

Hadaad ogaan laheyd, saaxiibkey, Akhriste taasi waa meesha ugu dambeysa ee dagaalku, ma rumaysan doontid. Saaxiibkay Fuegiyanka wuu aqbalay xalka - wuuna ii soo diri doonaa iguana «petrika«- in hadda aan kula wadaago.

Waxaan rakibnaa oo aan qaabeynaa DHCP

Faahfaahin dheeri ah akhri DNS iyo DHCP ee Debian 8 "Jessie".

xididka @ dnslinux: ~ # aptitude rakib isc-dhcp-server

xididka @ dnslinux: ~ # nano / etc / default / isc-dhcp-server .... # Waa kuwee isweydaarsiga ay tahay inuu adeegaha DHCP (dhcpd) ugu adeego codsiyada DHCP? # Kala sooc farabadan oo fara badan oo kala bannaan ah, tusaale "eth0 eth1". INTERFACES = "eth0" root @ dnslinux: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
Kdhcp-fure. + 157 + 29836

xididka @ dnslinux: ~ # bisad Kdhcp-key. +157 + 29836.private
Qaab-furaha gaarka ah: v1.3 Algorithm: 157 (HMAC_MD5) Furaha: 3HT / bg / 6YwezUShKYofj5g == Gabdhaha: AAA = Waxaa la Abuuray: 20170212205030 Daabac: 20170212205030 Waxqabad: 20170212205030

xididka @ dnslinux: ~ # nano dhcp.key
fure dhcp-key {algorithm hmac-md5; qarsoodi ah "3HT / bg / 6YwezUShKYofj5g =="; };

xididka @ dnslinux: ~ # rakibi -o xidid -g xidho -m 0640 dhcp.key /etc/bind/dhcp.key
xididka @ dnslinux: ~ # rakibi -o xididka -g xididka -m 0640 dhcp.key /etc/dhcp/dhcp.key

xididka @ dnslinux: ~ # nano /etc/bind/named.conf.local
// // Wax kasta oo qaabeynta deegaanka ah halkan ku samee // // Tixgeli inaad ku darto aagagga 1918 halkan, haddii aan loo isticmaalin hay'addaada // ku dar "/etc/bind/zones.rfc1918"; ku dar "/etc/bind/zones.rfcFreeBSD";
// Ha iloobin ... Waan ilaaway oo waxaan ku bixiyay qaladaad. ;-)
ka mid ah "/etc/bind/dhcp.key";


soonaha "mordor.fan" {type master;
        u oggolow-cusbooneysiin {10.10.10.3; furaha dhcp-key; };
        faylka "/var/lib/bind/db.mordor.fan"; }; soonaha "10.10.10.in-addr.arpa" {type master;
        u oggolow-cusbooneysiin {10.10.10.3; furaha dhcp-key; };
        faylka "/var/lib/bind/db.10.10.10.in-addr.arpa"; }; soonaha "_msdcs.mordor.fan" {type master; magacyada hubinta ayaa iska indhatira; faylka "/etc/bind/db._msdcs.mordor.fan"; };

xididka @ dnslinux: ~ # magacaabay-jeegga kontoroolka 
xididka @ dnslinux: ~ #

xididka @ dnslinux: ~ # nano /etc/dhcp/dhcpd.conf
ddns-cusbooneysiin-qaab kumeel gaar ah; ddns-cusbooneysiinta; ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; iska indha-cusboonaysiinta macmiilka; awood leh; ikhtiyaarka ip-gudbinta; ikhtiyaar ikhtiyaar ah magac-domain "mordor.fan"; ka mid ah "/etc/dhcp/dhcp.key"; aagga mordor.fan. {aasaasiga ah 127.0.0.1; furaha dhcp-key; } aagga 10.10.10.in-addr.arpa. {aasaasiga ah 127.0.0.1; furaha dhcp-key; } iskuxirka shabakad iskuxirka ah {subnet 10.10.10.0 netmask 255.255.255.0 {option router 10.10.10.1; ikhtiyaarka subnet-mask 255.255.255.0; ikhtiyaarka baahinta-cinwaanka 10.10.10.255; ikhtiyaar ikhtiyaar ah magac-magac-uyaal 10.10.10.5; ikhtiyaar netbios-magaca-server 10.10.10.5; kala duwan 10.10.10.30 10.10.10.250; }} # DHAMMAAD dhcpd.conf

xididka @ dnslinux: ~ # dhcpd -t
Dalada Nidaamyada Internetka Serverka DHCP 4.3.1 Xuquuqda daabacaadda 2004-2014 Dalladda Nidaamyada Internetka. Xuquuqda daabacaadu way xifdisan. Macluumaad ahaan, fadlan booqo https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Faylka Database: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

xididka @ dnslinux: ~ # systemctl dib u bilaabi bind9.service 
xididka @ dnslinux: ~ # systemctl status bind9.service 

xididka @ dnslinux: ~ # systemctl bilaw isc-dhcp-server.service
xididka @ dnslinux: ~ # systemctl status isc-dhcp-server.service

Maxaa la xiriira Hubinta macaamiisha, iyo Wax ka beddelka gacanta ee faylasha Aagga, adiga ayaan kuu dhaafnay, aqriste saaxiib, inaad si toos ah uga aqriso DNS iyo DHCP ee Debian 8 "Jessie", oo ku dabakh xaaladaada dhabta ah. Waxaan sameynay dhamaan jeegaga lama huraanka ah waxaana helnay natiijooyin lagu qanco. Dabcan waxaan u dirnaa koobi dhammaantood Fuegiyanka. Ma jiri doonaan wax intaa ka badan!

Talooyin

Guud

• Qaado dulqaad wanaagsan kahor intaadan bilaabin.
  
• Marka hore rakib oo isku xir BIND-ga. Hubi wax walba oo arag dhammaan diiwaanada aad ku dhawaaqday fayl kasta oo ka mid ah saddexda-ama in ka badan-, labadaba laga helo Diiwaanka Firfircoon iyo server-ka DNS laftiisa Linux. Hadday suurogal tahay, ka mashiin Linux ah oo aan ku biirin aagga, ka dhig su'aalaha lagama maarmaanka ah ee loo yaqaan 'DNS' ee loo yaqaan 'BIND'.
  
• Ku soo biir macmiil Windows ah oo leh cinwaan IP-giisu go'an yahay cinwaanka hadda jira, oo dib u hubi dhammaan dejinta BIND ee macmiilka Windows.
• Ka dib markii aad shaki la'aan hubto in qaabeyntaada cusub ee BIND-ga ay gebi ahaanba sax tahay, ku dhiirrigel inaad rakibto, qaabeyso, oo aad bilowdo adeegga DHCP.
• Haddii qalad jiro, ku celi nidaamka oo dhan eber 0.
• Ka taxaddar nuqulka & dhajinta! iyo meelaha dheeriga ah ee khad kasta oo ka mid ah faylasha loo magacaabay.conf.xxxx
  
• Intaa ka dib, kama cabanin - waxbadanna wuu uga hooseeyaa saaxiibkay Fuegian - oo aan si habboon loogula talin.

Talooyin kale

• Qaybi oo guuleysta.
• Shabakada SME waa amaan iyo faa iido badan in lagu rakibo XIDHIIDHKA AQOONSAN ee Aagagga LAN-ka Gudaha ee aan dib ugu laabanaynin salka server kasta: dib u noqoshada maya;.
• Shabakad SME ah oo ku hoos taal Bixiye Helitaanka Internetka - ISP, laga yaabee adeegyada Wakiil y SMTP waxay u baahan yihiin inay xalliyaan magacyada domainka ee internetka. Isaga Squid waxaad ikhtiyaar u leedahay inaad ku dhawaaqdo DNS-kaaga banaanka ah ama maahan, inta aad ku jirto server-ka boostada oo ku saleysan Postfix o MDaemon® Waxaan sidoo kale sheegi karnaa server-yada DNS-ka ah ee aan u adeegsan doonno adeeggaas. Xaaladaha sidan oo kale ah, taasi waa, kiisaska aan adeegyo ka bixin internetka oo ka hooseeya a Bixiyaha Adeegga Internetka, waxaad ku rakibi kartaa BIND leh Hagayaasha oo tilmaamaya DNS ka ISP, oo ku dhawaaq inay tahay DNS-ka sare ee server-yada u baahan in lagu xalliyo weydiimaha dibedda ee LAN, haddii kale waxaa suurtagal ah in lagu caddeeyo feylasha qaabeynta u gaarka ah
• Haddii aad leedahay Aag loo xilsaaray oo mas'uuliyadaada oo dhan ka hoosaysaDabadeed diiq kale ayaa ciyey:
  • Ku rakib server DNS ah oo ku saleysan NSD, oo ah adeege DNS ah oo awood leh oo qeexan, oo ka jawaaba su'aalaha kombiyuutarada internetka. Wixii macluumaad ah bandhigid karti nsd. 😉 Fadlan sifiican ugu ilaali inta badan darbiyada dabka sida ugu macquulsan. Labada qalab iyo softiweer. Waxay noqon doontaa DNS-ka internetka, iyo in «cara»Waa inaanu ku siinin surwaal hoose. 😉
  • Maaddaama aanan waligey isku arkin kiis sidan oo kale ah, taas oo ah in la yiraahdo, gebi ahaanba mas'uul ka ah Aag Loo Diray, Waa inaan si fiican uga fikiraa waxa aan ku talin lahaa xallinta magacyada domainka ee bannaanka ka ah LAN-keena adeegyada u baahan. Macaamiisha Shabakada SME runti uma baahna. La tasho suugaan gaar ah, ama khabiir ku ah maadooyinkan, maadaama aan aad uga fogahay ka mid ahaanshahooda. Dhab ahaan.
  • Dib-u-noqoshada kuma jiraan server-yada sharci-dejiyaha ah. Waayahay ?. Haddii ay dhacdo in qof uu ku fikiro inuu ku sameeyo XANUUN.
• In kasta oo aan si cad u qeexnay faylka /etc/dhcp/dhcpd.conf bayaanka iska indhatir cusboonaysiinta macmiilka;, haddii aan ku soconno qalabka kumbuyuutarka dnslinux.mordor.fan amarkii joornaall-f, waan arki doonaa taas marka la bilaabayo macmiilka guul7.mordor.fan waxaan heleynaa fariimaha qaladka soo socda:

  • Feb 12 16:55:41 dnslinux oo la magacaabay [900]: macmiilka 10.10.10.30 # 58762: cusboonaysii 'mordor.fan/IN' waa la diiday
    Feb 12 16:55:42 dnslinux oo la magacaabay [900]: macmiilka 10.10.10.30 # 49763: cusboonaysii 'mordor.fan/IN' waa la diiday
    Feb 12 16:56:23 dnslinux oo la magacaabay [900]: macmiilka 10.10.10.30 # 63161: cusboonaysii 'mordor.fan/IN' waa la diiday
    

  • Si loo baabi'iyo farriimahan, waa inaan tagnaa xulashooyinka horumarsan ee qaabeynta kaarka shabakadda oo aan iska baaraanno xulashada «Isdiiwaangeli cinwaanada iskuxirka cinwaankan DNS«. Taasi waxay ka hortageysaa macmiilka inuu isku dayo inuu iska diiwaangeliyo Linux DNS weligiis dhibaataduna way dhammaataa. Waan ka xumahay, laakiin ma haysto nuqul Windows 7 ah oo Isbaanish ah. 😉
• Si aad u ogaato dhammaan su'aalaha halista ah - iyo waalan - ee macmiilka Windows 7 sameeyo, hubi gal su'aalaha.log in wax uun aan ugu dhawaaqno qaabeynta QAYBTA. Amarku wuxuu noqon lahaa:

  • xididka @ dnslinux: ~ # tail -f /var/log/named/queries.log

• Haddii aadan u oggolaan kombiyuutaradaada macmiilka inay si toos ah ugu xirmaan internetka, markaa maxaad ugu baahan tahay Root DNS Servers? Tani waxay si weyn hoos ugu dhigi doontaa wax soo saarka amarka joornaall-f iyo kii hore, haddii adeegahaaga DNS ee loo yaqaan 'Authoritarian DNS server' ee aagagga gudaha uusan si toos ah ugu xirneyn internetka, taas oo si weyn loogu taliyay dhinaca amniga.

  xididka @ dnslinux: ~ # cp /etc/bind/db.root /etc/bind/db.root.original
  xididka @ dnslinux: ~ # cp / dev / null /etc/bind/db.root

• Haddii aadan u baahnayn cadeynta adeegaha asalka ah, markaa maxaad ugu baahan tahay Dalxiis - Dib u noqoshada?

  xididka @ dnslinux: ~ # nano /etc/bind/named.conf.options
  doorashooyinka {
   ....
   dib u noqoshada maya;
   ....
  };

Talo qaas ah oo aanan wali cadeyn

El nin dhcpd.conf wuxuu noo sheegayaa waxyaabaha soo socda ee waxyaabo badan oo badan ah:

        Bayaanka cusbooneysiinta-cusbooneysiinta

            calanka cusbooneysiinta-cusbooneysiinta;

            Haddii cabbirka cusbooneysiinta-cusbooneysiintu uu been u yahay macmiil la siinayo, adeeguhu wuxuu isku dayi doonaa cusbooneysiinta DNS ee macmiilkaas mar kasta oo macmiilku cusbooneysiiyo qandaraaskiisa, halkii uu kaliya isku deyi lahaa cusbooneysi marka ay u muuqato inay lagama maarmaan tahay. Tani waxay u oggolaaneysaa DNS-ka inuu ka bogsado is-waafajinta xogta si fudud, laakiin kharashka ayaa ah in server-ka DHCP ay tahay inuu sameeyo cusbooneysiin badan oo DNS ah. Waxaan kugula talineynaa inaad aqriso ikhtiyaarkan karti leh, taas oo ah tan caadiga ah. Doorashadan waxay kaliya saameyneysaa habdhaqanka nidaamka cusbooneysiinta kumeel gaarka ah ee DNS, wax saameyn ahna kuma lahan nidaamka cusbooneysiinta ee ad-hoc Haddii cabbirkan aan la cayimin, ama uu run yahay, serverka DHCP wuxuu cusbooneysiin doonaa oo keliya marka macluumaadka macmiilka la beddelo, macmiilku helo heshiis kiro kale, ama heshiiska macmiilka oo dhammaado.

Tarjumaadda ama tarjumaadda saxda ah ee ka badan ama ka yar ayaa lagaa tagay, akhristaha qaaliga ahow.

Shakhsiyan, way igu dhacday aniga - waxayna dhacday intaan sameynayay maqaalkan - in markaan isku xidho BIND iyo Tusaha Firfircoon®, waxay ka timid Microsft® ama Samba 4, hadii aan badalo magaca macmiil macmiil ka diiwaan gashan Active Directory® ama ka mid ah AD-DC ee Samba 4, waxay ku haysaa magaceedii hore iyo cinwaanka IP-ga Aaga Tooska ah, mana aha tan kale, ee sida saxda ah loogu cusbooneysiiyo magaca cusub. Si kale haddii loo dhigo, magacyadii hore iyo kuwii cusbaa waxaa lagu sawiray isla cinwaanka IP-ga ee Aagga Tooska ah, halka dhinaca kale kaliya magaca cusub ka muuqdo. Si aad si fiican ii fahanto, waa inaad adigu iskudaydaa.

Waxaan u maleynayaa inay tahay nooc aargudasho ah Fuegiyanka - aniga maahan, fadlan - isku day inaad u haajirto adeegyadaada Linux.

Dabcan magacii hore wuu baabi'i doonaa markuu yahay XAD 3600, ama waqtiga aan ku dhawaaqnay qaabeynta DHCP. Laakiin waxaan dooneynaa inay isla markiiba baaba'do sida ku dhacda BIND + DHCP iyada oo aan lahayn Tusaha Firfircoon.

Xalka xaaladaas waxaan ku helay adoo galinaya bayaanka cusbooneysiin-cusbooneysiin been ah; dhamaadka kore ee faylka /etc/dhcp/dhcpd.conf:

ddns-cusbooneysiin-qaab kumeel gaar ah; ddns-cusbooneysiinta; ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; iska indhatir cusboonaysiinta macmiilka;
cusbooneysiin-cusbooneysiin been ah;

Haddii Akhriste kasta uu wax badan ka ogaado, fadlan ii iftiimi. Aad baan u qadarin doonaa.

Resumen

Waxaan ku raaxeysanay maaddo badan, sax? Dhibaato malahan maxaa yeelay waxaan haynaa BIND oo u shaqeynaya sidii server-ka DNS ee shabakadda Microsoft®, oo bixisa dhammaan diiwaanada SRV iyo ka jawaab celinta habboon ee weydiimaha DNS ee iyaga la sameeyay. Dhinaca kale waxaan haynaa adeege DHCP ah oo bixiya cinwaanada IP-ga isla markaana si firfircoon u cusbooneysiiya AAGA BAYNAHA si sax ah.

Laakiin ma weydiisan karno ... xilligan.

Waxaan rajeynayaa saaxiibkay Fuegiyanka ku farax kuna qanac talaabada ugu horeysa ee u guuridaada Linux si aad uga dhigto qarashyada aan loo dulqaadan karin ee Microsft® Taageerada Farsamada

Ogeysiis muhiim ah

DabeecadFuegiyanka»Gebi ahaanba waa male-awaal iyo wax soo saar mala-awaalkayga ka mid ah. U ekaansho ama isku mid ahaanshaha dadka dhabta ah waa wax isku mid ah: Isku dheelitirnaan aan khasab ahayn oo ku saabsan qaybtayda. Waxaan kaliya u abuuray inaan ka dhigo qorista iyo aqrinta maqaalkan xoogaa raaxo. Hada hadaad ii sheegi karto arinta DNS waa mugdi. 😉