Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
Molweni zihlobo! Sinikezela eli nqaku ku dnsmasq Inkqubo elula kakhulu ebonelela ngeenkonzo DNS - DHCP usebenzisa isoftware enye. Olona xwebhu lubalaseleyo malunga nale software yile ifakelwe iphakheji ngokwayo ebekwe kuyo /usr/share/doc/dnsmasq-2.66/, ifayile yoqwalaselo-egcwele imizekelo- /etc/dnsmasq.conf, kunye naleyo ifunyenwe ngomyalelo indoda dnsmasq. Kusempilweni kakhulu ukutyelela i- Indawo esemthethweni.
[(Imeyile ikhuselwe) ~] # ls -l / usr/share/doc/dnsmasq-2.66/ Iyonke i-136 -rw-r-r--. Ingcambu ye1 ingcambu 18007 Epreli 17 2013 UKUKOPISHA -rw-r-r--. Ingcambu ye-1 ingcambu 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Ingcambu ye-1 ingcambu 5164 17 Apr 2013 1 DBus-interface -rw-r-r--. Ingcambu ye-5009 ingcambu 17 Apr 2013 1 doc.html -rw-r-r--. Ingcambu ye-25075 ingcambu 17 Apr 2013 1 FAQ -rw-r-r--. Ingcambu ye-12019 ingcambu 17 Apr 2013 XNUMX setup.html
- Inkqubo echazwe eposini iyasebenza nakwi-Debian 8 "Jessie". Ifayile yoqwalaselo / njl / dnsmasq iyafana. KuJessie, mhlawumbi kuya kufuneka ufake ifayile yakho ye-dnsmasq kwaye ayikho enye into. Ndiyibhala kuba ndiyibona ingafuneki ukwenza inqaku elahlukileyo leDnsmasq eDebian. Ngethamsanqa, imikhombandlela enxulumene namaxwebhu kunye noqwalaselo ziyafana. 😉
I-Dnsmaq yindalo ye USimon Kelley.
Yintoni iDnsmasq?
Isoftware yasimahla dnsmasq ngumncedisi DNS Umdlulisi y DHCP iinethiwekhi zekhompyuter ezincinci. Umzekelo oqhelekileyo ziinethiwekhi ezikhoyo kwii-SMEs zethu. Ifuna izixhobo ezimbalwa zehardware ekusebenzeni kwayo kwaye inokuqhutywa kumaqonga awahlukeneyo anje ngeLinux, BSD, Android kunye ne-OS X. Ifakiwe phantse kuzo zonke iindawo zokugcina zeLinux kunye neBSD.
Umncedisi DHCP del dnsmasq Unokuqeshisa iidilesi ze-IP ngamandla nangokubala, kwiinethiwekhi ezininzi ezinobubanzi obahlukeneyo beedilesi ze-IP. Idityaniswe neseva DNS kwaye ivumela oomatshini bendawo abafumana idilesi ye-IP ukuba babonakale njengabhaliswe kwi-DNS kunye neerekhodi zabo ezichanekileyo ze-DNS, zombini ngokuthe ngqo nangokubuyela umva.
Indlela yemveli yokusebenza dnsmasq ukufihla iirekhodi ze-DNS ezifunyenwe ngemibuzo yabo Abaphambili, kunciphisa umthwalo kwezi kwaye kuphucula ukusebenza ngokubanzi kwesantya sokuphendula kwimibuzo eyahlukeneyo ye-DNS.
Ixhasa imigangatho yale mihla efana IPv6 y DNSSEC, Qala - yokuMisela ngaphezulu kwenethiwekhi ngenkxaso yeenkqubo IBHOOTP, I-TFTP, kwaye I-PXE.
Kwindalo yeLinux, iDnsmasq isetyenziswa ngokubanzi kumaseva oomatshini ngaphandle kweHard Disk kunye nabaThengi abaNgcono. KwiMicrosoft® yeWindows, kunye nesoftware I-ARDENCE®, elinganayo -kuDnsmasq- isetyenziswa njengeseva ye-DHCP ebizwa ngokuba Xelela.
Yeyiphi imeko esinokuthi siyisebenzise iDnsmasq?
Ukuba siyaphumeza indoda dnsmasq Kwi-CentOS, siya kulifumana iphepha lale ncwadana kulwimi lwesiNgesi. KwiFayile dnsmasq.8.gz -kwiSpanish- efakwe kusasazo lwe-Debian 8 «Jessie», iyabonakala ngokuchanekileyo Okulandelayo:
Imida
- Amaxabiso asisiseko emida yemithombo ngokubanzi ayalondolozwa, kwaye kufanelekile ukuba asetyenziswe kwizixhobo zohlobo lwe-router. ibambelele kwiiprosesa ezicothayo kunye nememori ephantsi. Kwizixhobo zekhompyutha ngakumbi onako, kunokwenzeka ukuba wandise imida, kwaye axhase uninzi ngakumbi abathengi. Oku kulandelayo kuyasebenza kwi-dnsmasq-2.37: iinguqulelo zangaphambili azenzi njalo benyuka kakuhle kakhulu.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS kunye ne-DHCP ubuncinci iwaka (1,000) abathengi. Amaxesha okuqeshisa akufuneki abemfutshane kakhulu (ngaphantsi kwesinye ixesha). Ixabiso le -dns-phambili-max linokunyuswa: qala nge inani elilinganayo labathengi kunye nokunyusa ukuba ngaba I-DNS. Qaphela ukuba ukusebenza kwe-DNS kuxhomekeke nakwiseva Ukunyuka kwe-DNS. Ubungakanani be-cache ye-DNS bunokunyuswa: umda Ifunwa ngamagama ayi-10,000 kwaye okungagqibekanga (150) kuphantsi kakhulu. Ukuthumela i-SIGUSR1 kwi-dnsmasq kwenza ulwazi nge-bitacore iluncedo kulungelelwaniso lobungakanani becache. Jonga icandelo AMANQAKU iinkcukacha.
- Umncedisi we-TFTP owakhelweyo uyakwazi ukuxhasa ukuhanjiswa okuninzi iifayile ezifanayo ngaxeshanye: umda opheleleyo unxulumene nenani leziphatho zefayile ezivunyelwe kwinkqubo kunye nokubanakho kwe sys‐tem call select () ukuxhasa inani elikhulu lokuphatha iifayile. Ukuba umda ucwangciselwe phezulu kakhulu nge –tftp-max uyakucuthwa kwisikali kwaye owona mda uza kuvalwa ekuqaliseni. Qaphela ukuba ukuhambisa ngakumbi zinokwenzeka xa ifayile enye ithunyelwe ntoni xa kuthunyelwa nganyeI-ferencia ithumela ifayile eyahlukileyo. Kuyenzeka ukuba usebenzise i-dnsmasq ukukhanyela intengiso yeWebhu usebenzisa uluhlu lwe ii-banner ezaziwa kakuhle, zonke zisombulula kwi-127.0.0.1 okanye 0.0.0.0 kwi / njl / yenginginya okanye kwifayile eyongezelelweyo yemikhosi. Uluhlu lunako yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Obu bungakanani befayile budinga i-1GHz CPU kunye noqikeleloI-RAM engama-60MB.
Khange ndibhale okanye ndilungise le mihlathi ingentla kwaphela. Ziyabonakaliswa njengoko ziza kwifayile ye- Ndoda ngeSpanish ukusuka dnsmasq 2.72 ukusuka kwindawo yokugcina i-Debian 8.6. Ukusuka kubo nakwindlela yokusebenza ekusebenziseni le software, sinokuthi yinto enqabileyo- ayinakwenzeka - ukufumana imeko kwiinethiwekhi zethu ze-SME ezigqitha inani 1000 abathengi okanye iikhompyuter ezixhumeke kwi-LAN.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS kunye ne-DHCP ubuncinci iwaka (1,000) bathengi.
Ukuqwalaselwa komda
Ihlala indibetha ukuba isoftware ephumelele amabhaso I-ClearOS Enterprise 5.2 SP1 iya kusebenzisa i-Dnsmasq -dibene nayo NTP-NjengeSeva yeZiseko ezingagqibekanga, kwaye uqhubeke nokuyisebenzisa ngolu hlobo-ubuncinci kude kube ziinguqulelo 7.xxx- in kukhutshwa uhlawula ngokufaka i-Active Directory® esekwe kwiSamba 4. Kubi kuthi, abathandi beSoftware yasimahla, ukuba inkampani Isiseko soLwaziiyakuyeka ukubonelela ngesoftware yolo mgangatho kwiinguqulelo kamva kune-5.xxx ngenxa yokufumana okungcono kwemali. Ndicinga ukuba ayisebenzi kwinkampani uqobo.
Nangona ndiyi umqhubi Debian -kwaye andifuni ukwenza ipropaganda yokhetho lwamNdihlala ndiyithanda iNkampani I-Red Hat®, Inc. Imodeli yeshishini lakhe eliyibeke njengenkokeli engenakuphikiswa yeSoftware yasimahla. Ukongeza, nguMxhasi we-CentOS ye-clone-100% yesoftware yasimahla-yenkqubo yayo yokusebenza kweenkwenkwezi ILinux yeRed Hat® yeLinux -RHEL. Kwinto ethile kuthiwa i-CentOS yi-RHEL engaxhaswanga 😉
- Ndibaleke a ISamba Clasic NT 4.0 yoLawulo lweSiseko seDomain isekwe kwi- I-ClearOS Enterprise 5.2 SP1 ngaphezulu kweminyaka emi-4 kuthungelwano lwenkampani enabaxhasi iWindows XP, 7, 8, Windows Server 2003 kunye neWindows server ka-2012. Yintoni ekufuneka ikhathaze isibini samaxabiso obhaliso kumthengi ngamnye weWindows wenguqulo ephezulu kune-XP? Kuyinyani. Yintoni esebenzayo eyona ilungileyo? Ngaba inani lamaqela alifikeleli kwi-100?
Ingqondo yokucinga
- Nangona kum «Ingqondo yesiqhelo yeyona inqabileyo kwizivamvo», zibeke kwindawo yokuqala kwiimfuno zakho emva koko ukhethe indawo yobugcisa ngokwento ekufuneka uyivakalisile uyisombulule ngokweSkripthi Sakho.
- Sukusebenzisa imijukujelwa enqamlezayo ukubulala ingcongconi. Musa ukubenza nzima ubomi ngokungeyomfuneko: qala ngesona sisombululo silula. Ukuba awusombululi ngaloo nto, phakamisa ubunzima inqaku elinye, njalo njalo.
Masifake i-CentOS 7 kunye ne-Dnsmasq
Ukufakwa kwenkqubo yesiseko sikhokelwa linqaku I-CentOS 7 Ihypervisor I kwaye ekukhetheni iiphakeji siphawula kuphela ukhetho «Izibonelelo Server«. Iiparameter ngokubanzi esiza kuzisebenzisa ekulungiseleleni eli nqaku zezi zilandelayo:
Nombre FQDN de la máquina virtual: dns.desdelinux.umlandeli Idilesi ye-IP: 10.10.10.5
I-CentOS 7 ifaka i-dnsmasq emiselweyo
Ewe bafundi abathandekayo, kwi-CentOS 7 iphakheji dnsmasq ifakwe ngexesha lofakelo lweSiseko seZibonelelo kwaye Ndicinga ukuba kunolunye ukhetho.
[(Imeyile ikhuselwe) ~] # yum ulwazi dnsmasq Iiplagi ezilayishiwe: i-fastestmirror, i-langpacks Ukulayisha isantya sesipili kwifayile egcinwe kwifayile efakiweyo Igama leephakheji: Uyilo lwe-dnsmasq: x86_64 Inguqulelo: 2.66 Ukukhutshwa: 21.el7 Ubungakanani: 464 k Indawo yokugcina: ifakiwe Ukusuka kwindawo yokugcina izinto: isishwankathelo se-centos-base: Isisindo se-DHCP / i-caching ye-URL ye-DNS: http://www.thekelleys.org.uk/dnsmasq/ Ilayisensi: GPLv2 Inkcazo: I-Dnsmasq ayikhaphukhaphu, kulula ukuyilungiselela ukuhambisa phambili kwe-DNS kunye ne-DHCP: iseva . Yenzelwe ukubonelela nge-DNS kwaye, ngokhetho, i-DHCP, kwi: inethiwekhi encinci. Ingasebenza ngamagama oomatshini bendawo aba: hayi kwi-DNS yehlabathi. Iseva ye-DHCP idityaniswa ne-DNS: iseva kwaye ivumela oomatshini abaneedilesi ezabelwe i-DHCP ukuba zivele: kwi-DNS enamagama amiselweyo nokuba kukwinginginya nganye okanye kwifayile yoqwalaselo esembindini. I-Dnsmasq ixhasa ukuma okungaguqukiyo kunye nokuguqukayo: ukuqeshisa kwe-DHCP kunye ne-BOOTP yenethiwekhi yokuqalisa koomatshini abangenantambo.
Inguqulelo ye dnsmasq ifakiwe yi-2.66, kwaye iyahambelana nohlobo lweCentOS:
[(Imeyile ikhuselwe) ~] # ikati / inkqubo / ingxelo Inguqulelo yeLinux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc inguqulo 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017
Masenze sikwazi ukuqwalasela i-dnsmasq
[(Imeyile ikhuselwe) ~] # nano / njl / imikhosi 127.0.0.1 indawo yangaphakathihosthost.localdomain localhost4hosthost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.5 dns.desdelinux.fan dns [(Imeyile ikhuselwe) ~] # igama lenginginya dns [(Imeyile ikhuselwe) ~] # igama lenginginya -f dns.desdelinux.umlandeli [(Imeyile ikhuselwe) ~] # inkquboctl yenza i-dnsmasq [(Imeyile ikhuselwe) ~] # systemctl qala dnsmasq [(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq ● dnsmasq.service-DNS caching server. Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/dnsmasq.service; yenziwe; umthengisi usetwe kwangaphambili: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela nge-Sat 2017-02-18 11:47:19 EST; I-4s eyadlulayo i-PID ephambili: 1179 (dnsmasq) Iqela: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokugcina i-DNS .. Feb 18 11:47:19 dns systemd [1]: Ukuqala i-DNS caching server .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: qokelela ixesha onokukhetha kulo: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukutyeshela nameserver 127.0.0.1 -kungingqi e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njl / iinginginya - iidilesi ezi-3 Ingcebiso: Eminye imigca yandiswa, sebenzisa -l ukubonisa ngokupheleleyo.
Ungalibali inyathelo elilandelayo:
[(Imeyile ikhuselwe) ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.
Iidilesi ze-IP ezizinzileyo
Nge-Dnsmasq, iidilesi zeeseva okanye iikhompyuter ezifuna i-IP echanekileyo -i-IPv4 kunye ne-IPv6- zibhengezwe kwifayile. / njl / imikhosi:
[(Imeyile ikhuselwe) ~] # nano / njl / imikhosi 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Servidores 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 fileserver.desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.fan blog 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 mail.desdelinux.fan mail
Masenze ifayile /etc/dnsmasq.conf
[(Imeyile ikhuselwe) ~] # nano /etc/dnsmasq.conf # ------------------------------------------------------------------- # O P C I O N E S G E N E R A L E S # ------------------------------------------------------------------- domain-needed # No pasar nombres sin la parte del dominio bogus-priv # No pasar direcciones en el espacio no enrutado expand-hosts # Adiciona automaticamente el dominio al host interface=eth0 # Interface. OJO con la Interface # except-interface=eth1 # NO escuchar por esta NIC strict-order # Orden en que consulta el archivo /etc/resolv.conf # Incluya muchas mas opciones de configuración # mediante un archivo o ubicando los archivos # de configuración adicionales en un directorio # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Relativos al Nombre del Dominio domain=desdelinux.fan # Nombre del dominio # El Servidor de Tiempo es 10.10.10.1 address=/time.windows.com/10.10.10.1 # Envía una opción vacía del valor WPAD. Se requiere para que # se comporten bien los clientes Windos 7 y posteriores. ;-) dhcp-option=252,"\n" # Archivo donde declararemos los HOSTS que serán "baneados" addn-hosts=/etc/banner_add_hosts # ------------------------------------------------------------------- # R E G I S T R O S C N A M E M X T X T # ------------------------------------------------------------------- # Este tipo de registro requiere de una entrada # en el archivo /etc/hosts # ej: 10.10.0.7 blog.desdelinux.fan blog # cname=ALIAS,REAL_NAME cname=www.desdelinux.fan,blog.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi yeMX enegama "desdelinux.fan" imiselwe # kwiqela lemeyile.desdelinux.umlandeli kunye nokuphambili kwe-10 mx-host=desdelinux.umlandeli,imeyile.desdelinux.fan,10 # Indawo emiselweyo yokusingwa yeerekhodi zeMX ezenziwe # kusetyenziswa ukhetho lwe localmx luyakuba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi ye-MX ekhomba ku-mx-kujoliswe kuko BONKE # oomatshini bendawo localmx # iirekhodi zeTXT. Sinokubhengeza irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, su Blog dedicado al Software Libre" # ------------------------------------------------------------------- # ------------------------------------------------------------------- # R A N G O Y S U S O P C I O N E S # ------------------------------------------------------------------- # Rango IPv4 y tiempo de arrendamiento # De la 1 a la 29 son para los Servidores y otras necesidades dhcp-range=10.10.10.30,10.10.10.250,8h dhcp-ukuqeshisa-max = 222 # Elona nani liphezulu leedilesi zokuqeshisa # ngokungagqibekanga yi-150 # Rango IPV6 # dhcp-range=1234::, ra-only # Opciones para el RANGO # O P C I O N E S dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER GATEWAY dhcp-option=6,10.10.10.5 # DNS Servers dhcp-option=15,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # option ip-forwarding ON dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-option=40,DCH # NIS Domain Name # dhcp-option=41,10.10.10.5 # NIS Server # SERVIDOR WINS SAMBA4 EXTERNO # # dhcp-option=44,10.10.10.5 # WINS # dhcp-option=45,10.10.10.5 # Datagramas NetBIOS # SERVIDOR WINS SAMBA4 EXTERNO # # dhcp-option=46,8 # Nodo NetBIOS # dhcp-option=73,10.10.10.3 # Finger Server dhcp-authoritative # DHCP Autoritario en la subnet # ------------------------------------------------------------------- # ------------------------------------------------------------------- # L O G G I N G A L /var/log/messages # ------------------------------------------------------------------- log-queries # ISIPHELO sefayile /etc/dnsmasq.conf # ------------------------------------------------- ------------------
Makhe sijonge is syntax kwaye siqale inkonzo kwakhona
[(Imeyile ikhuselwe) ~] # dnsmasq -ukuvavanya dnsmasq: ujonge syntax KULUNGILE. [(Imeyile ikhuselwe) ~] # systemctl qala kwakhona dnsmasq [(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq ● dnsmasq.service-DNS caching server. Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/dnsmasq.service; yenziwe; umthengisi usetwe kwangaphambili: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela nge-Sat 2017-02-18 12: 48: 05 EST; I-5s eyadlulayo iPID ephambili: 1288 (dnsmasq) Iqela: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokugcina i-DNS .. Feb 18: 12: 48 dns systemd [05]: Ukuqala i-DNS caching server .... Feb 1 18:12:48 dns dnsmasq [05]: started, version 1288 cachesize 2.66 Feb 150 18:12:48 dns dnsmasq [05 ]: Qokelela iinketho zexesha: IPv1288 GNU-getopt DB ... th Feb 6 18:12:48 dns dnsmasq-dhcp [05]: DHCP, IP Uluhlu 1288 - 10.10.10.30 .... h Feb 10.10 18:12 : 48 dns dnsmasq [05]: ukufunda /etc/resolv.conf Feb 1288 18: 12: 48 dns dnsmasq [05]: ukutyeshela nameserver 1288-local in ... ce Feb 127.0.0.1 18:12:48 dns dnsmasq [ 05]: funda / njl / imikhosi - iidilesi ezili-1288 Feb 18 12: 48: 05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama ukusuka /etc/banner_ad...ry Inqaku: Eminye imigca idlulisiwe, sebenzisa -l ukubonisa ngokupheleleyo.
Qaphela ukuba kwimveliso yangaphambili ubume benkquboctl dnsmasq Ibuyisa impazamo:
Feb 18 12: 48: 05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama ukusuka /etc/banner_ad...ry
ukhalaza ukuba awuyifumani ifayile / njl / i-banner_add_hosts.
[(Imeyile ikhuselwe) ~] # ukuchukumisa / njl / banner_add_hosts [(Imeyile ikhuselwe) ~] # systemctl qala kwakhona dnsmasq.service [(Imeyile ikhuselwe) ~] # systemctl qala kwakhona dnsmasq.service [(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq.service ● dnsmasq.service-DNS caching server. Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/dnsmasq.service; yenziwe; umthengisi usetwe kwangaphambili: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela nge-Sat 2017-02-18 12:54:26 EST; 7s eyadlulayo i-PID ephambili: 1394 (dnsmasq) Iqela: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokugcina i-DNS .. Feb 18: 12: 54 dns systemd [26]: Ukuqala i-DNS caching server .... Feb 1 18:12:54 dns dnsmasq [26]: started, version 1394 cachesize 2.66 Feb 150 18:12:54 dns dnsmasq [26 ]: Hlanganisa ixesha lokukhetha: IPv1394 GNU-getopt DB ... th Feb 6 18:12:54 dns dnsmasq-dhcp [26]: DHCP, IP Uluhlu 1394 - 10.10.10.30 .... h Feb 10.10 18:12 : 54 dns dnsmasq [26]: reading /etc/resolv.conf Feb 1394 18:12:54 dns dnsmasq [26]: ukutyeshela nameserver 1394-local in ... ce Feb 127.0.0.1 18:12:54 dns dnsmasq [ 26]: funda / njl / imikhosi - iidilesi ezili-1394 ngoFebhu 11 18:12:54 dns dnsmasq [26]: funda / njl / banner_add_hosts - iidilesi ezi-1394 Icebo: Eminye imigca yagqitywa, sebenzisa -l ukubonisa ngokupheleleyo.
Kwaye sele sineenkonzo ze-DNS kunye ne-DHCP esebenzayo.
Kubalulekile
- Ukuba silungisa ifayile /etc/dnsmasq.conf, kufuneka siqale inkonzo ukuze utshintsho luqale ukusebenza.
- Ukuba siyayiguqula / njl / ifayile yenginginya ukuze sisuse, silungise okanye songeze i-IP esisigxina enegama lomamkeli elihambelanayo, kufuneka siqale inkonzo ukuze utshintsho luqale ukusebenza..
- Inkqubo yokulayisha kwakhona i-dnsmasq.inkonzo ayinakusetyenziswa kule nkonzo.
Sivula amazibuko ayimfuneko kwiFirewall
Kwinqaku lomhlobo wam kunye no-Luigys Toro -aka lizard- "Uwavula njani amazibuko kwiCentos 7 Firewall»Inkqubo ekufuneka siyilandele ukuvula amazibuko kwiFirewall efakwa yiCentOS ngokungagqibekanga ichazwe kakuhle. Andazi nangoku ukuba ungayisebenzisa njani imigaqo yomxholo weSelinux kwinkonzo ye-dnsmasq kwi-CentOS. Ukuba kukho umntu omaziyo, nceda usikhanyisele.
Iifayile / njl / iiprotocol y / njl / iinkonzo Sisikhokelo esihle kakhulu sokwazi ukuba zeziphi izibuko ekufuneka sizivulele iinkonzo ze-DNS kunye ne-DHCP ebonelelwe yi-Dnsmasq ukuze isebenze kakuhle.
[root @ dns ~] # firewall-cmd -indawo ezisebenzayo ujongano loluntu: eth0
INkonzo thambeka o Umncedisi wegama leDomain (dns). Umgaqo kwefasilithi «IP kunye Encryption»
[(Imeyile ikhuselwe) ~] # firewall-cmd -zone = yoluntu -add-port = 53 / tcp-esisigxina impumelelo [(Imeyile ikhuselwe) ~] # firewall-cmd -zone = yoluntu -add-port = 53 / udp -isigxina impumelelo
INkonzo ukuqhuba o I-BOOTP iseva (Dhcp). Umgaqo ippc «I-Intanethi yePluribus Packet Core»
[(Imeyile ikhuselwe) ~] # firewall-cmd -zone = yoluntu -add-port = 67 / tcp-esisigxina impumelelo [(Imeyile ikhuselwe) ~] # firewall-cmd -zone = yoluntu -add-port = 67 / udp -isigxina impumelelo [(Imeyile ikhuselwe) ~] # i-firewall-cmd -phinda ulayishe impumelelo [(Imeyile ikhuselwe) ~] # i-firewall-cmd-uluhlu lonke esidlangalaleni (esebenzayo) ekujoliseni: icmp-block-inversion engagqibekanga: akukho ndawo: imithombo ye-eth0: iinkonzo: dhcpv6-client ssh port: 53 / udp 67 / tcp 53 / tcp 67 / udp protocols: masquerade: no forward-port: sourceports: iibhloko ze-icmp: imithetho etyebileyo:
Kubalulekile
- Ukuba siza kubonelela ngeenkonzo zokuqeshisa nge-IPv6, kufuneka sivule namazibuko e-dhcpv6-server 547 / tcp kunye ne-dhcpv6-server 547 / udp.
Itshekhi
Makhe sijonge imibuzo emininzi ye-DNS ukuba isebenza njani i-Dnsmasq entsha kraca. Kule nto sikhetha iqela elaziwayo sysadmin.desdelinux.umlandeli, nakule khomputha iqhagamshelwe kwi-LAN, siya kwenza imibuzo eliqela, kodwa hayi ngaphambi kokujonga ukuba ifayile iqulunqwe ngokufanelekileyo /etc/resolv.conf:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Yenziwe kukhangelo lweNethiwekhi yomphathi desdelinux.iseva yegama lomlandeli 10.10.10.5
Useto lwefayile /etc/resolv.conf ichanekile. Masiqale ukubonisana
buzz @ sysadmin: ~ $ umgcini dns dns.desdelinux.fan has address 10.10.10.5 Host dns.desdelinux.fan not found: 5(REFUSED) dns.desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli.
Ngokucwangciswa okucetywayo, sinokulahla imveliso umkhosi ngaphandle kokhetho xa kuziwa kwi-Dnsmasq, xa ubuyisela imigca ngolu hlobo lulandelayo:
Host dns.desdelinux.fan not found: 5(REFUSED)
Ukuba asilufuni olo hlobo lokuphuma, kufuneka sisebenzise lo myalelo umkhosi kunye neenketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Yabona umphathi wendoda ngolwazi oluthe kratya:
buzz@sysadmin:~$ host -t A dns.desdelinux.umlandeli dns.desdelinux.fan inedilesi 10.10.10.5 [(Imeyile ikhuselwe) ~] # umgcini -t Kwi-dns dns.desdelinux.fan inedilesi 10.10.10.5 buzz @ sysadmin: ~ $ dig dns buzz @ sysadmin: ~ $ umkhosi 10.10.10.5 5.10.10.10.in-addr.arpa domain name pointer dns.desdelinux.umlandeli.
I-Dnsmasq ayenzelwanga iskimu se-Master-Slave
buzz@sysadmin:~$ host -t AXFR desdelinux.umlandeli Trying "desdelinux.fan" Host desdelinux.fan not found: 5(REFUSED) ; Transfer failed.
Ayenzelwanga ukubuyisela iirekhodi ze-NS kunye nee-SOA
buzz@sysadmin:~$ host -t NS desdelinux.umlandeli host desdelinux.fan not found: 5(REFUSED) buzz@sysadmin:~$ host -t SOA desdelinux.umlandeli host desdelinux.fan not found: 5(REFUSED) buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli buzz@sysadmin:~$ dig IN NS desdelinux.umlandeli
Ukuba ixhasa iirekhodi ze-MX, CNAME, kunye ne-TXT
buzz @ sysadmin: ~ $ host -t Ukuya kwi-www www.desdelinux.fan is an alias for blog.desdelinux.fan. blog.desdelinux.fan inedilesi 10.10.10.7 buzz@sysadmin:~$ host -t MX desdelinux.umlandeli desdelinux.imeyile yabalandeli iphathwa yiimeyile enye.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umphathi -t CNAME www www.desdelinux.fan is an alias for blog.desdelinux.umlandeli. buzz@sysadmin:~$ host -t A blog.desdelinux.umlandeli blog.desdelinux.fan inedilesi 10.10.10.7 buzz@sysadmin:~$ host -t TXT desdelinux.umlandeli desdelinux.fan descriptive text "DesdeLinux, su Blog dedicado al Software Libre" desdelinux.fan descriptive text "v=spf1 a -all"
PTR irekhoda imibuzo
buzz @ sysadmin: ~ $ umgcini -t PTR 10.10.10.7 7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umkhosi 10.10.10.7 7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli.
Abaxhasi beMicrosoft® yeWindows
Isempilweni kakhulu kukuqhuba kwikhonsoli yeseva dns.desdelinux.umlandeli umthetho Ijenali-f NGAPHAMBI kokuvula umatshini osebenzisa inkqubo yeMicrosoft® yeWindows, ukubona isixa esikhulu semibuzo ye-DNS eyenzayo kwiindawo ezahlukeneyo. Kuyonwabisa kakhulu. 😉
Ukuba sifuna ukukhusela imibuzo enxulumene nezinye zale ndawo ekuhambeni kwii-Roots server - Iiseva zeengcambu okanye ngase Abaphambili ukuba sibhengeza kwifayile /etc/resolv.conf, singayisebenzisa kakuhle ifayile / njl / i-banner_add_host, ukugcwalisa ngamasayithi amaninzi esifuna ukuwabhengeza. Umzekelo:
[(Imeyile ikhuselwe) ~] # nano / njl / banner_add_hosts 127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 khuphela.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com [(Imeyile ikhuselwe) ~] # dnsmasq -ukuvavanya dnsmasq: ujonge syntax KULUNGILE. [(Imeyile ikhuselwe) ~] # systemctl qala kwakhona dnsmasq.service [(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq.service [(Imeyile ikhuselwe) ~] # umgcini -t Ukuhlola i-spynet4.microsoft.com ispynet4.microsoft.com ineedilesi 127.0.0.1 [(Imeyile ikhuselwe) ~] # umphathi -t Ukuya ku-www.download.windowsupdate.com Ukukhuphela, iiwindowsupdate.com zineedilesi 127.0.0.1
- Ifomathi yefayile / etc / banner_add_hosts iyafana / njl. Khumbula ukuba uluhlu lweendawo eziza "ukuvalwa" lunokude lube lude kangangoko sifuna, ngokwento echazwe kwicandelo Imida kweli nqaku.
Ukujonga kumthengi Sixhengxe.desdelinux.umlandeli enike idilesi ye-IP:
buzz @ sysadmin: ~ $ host -t Ezisixhenxe Sixhengxe.desdelinux.fan has address 10.10.10.115
siwenza umthetho kumxhasi weWindows uqobo cmd:
I-Microsoft Windows [Inguqulelo 6.1.7601] Ilungelo lokushicilela (c) 2009 Microsoft Corporation. Onke amalungelo agciniwe. C: \ Abasebenzisi \ buzz> nslookup Default Server: dns.desdelinux.fan Address: 10.10.10.5 > dns Server: dns.desdelinux.fan Address: 10.10.10.5 Name: dns.desdelinux.fan Address: 10.10.10.5 > ftpserver Server: dns.desdelinux.fan Address: 10.10.10.5 Name: ftpserver.desdelinux.fan Address: 10.10.10.8 > www Server: dns.desdelinux.fan Address: 10.10.10.5 Name: blog.desdelinux.fan Address: 10.10.10.7 Aliases: www.desdelinux.fan > mail Server: dns.desdelinux.fan Address: 10.10.10.5 Name: mail.desdelinux.fan Address: 10.10.10.9 > sysadmin Server: dns.desdelinux.fan Address: 10.10.10.5 Name: sysadmin.desdelinux.fan Address: 10.10.10.1 > www.download.windowsupdate.com Server: dns.desdelinux.fan Address: 10.10.10.5 Name: www.download.windowsupdate.com Address: 127.0.0.1 > quit C:\Users\buzz>
Isishwankathelo
Ukuza kuthi ga ngoku sibone izinto ezimbalwa eziphambili zeDnsmasq. Ndiyacebisa Funda kwaye ufunde iifayile ezikhankanywe kumhlathi wokuqala wale nqaku, ukuba ufuna ukwazi okungakumbi ngale nkqubo intle-kwaye iyamangalisa- inkqubo. Ngokusebenzisa kwayo sinokubenza lula ubomi bethu.
Malunga ne-2014 ndifunde inqaku «Njani: Samba4 AD PDC + Windows XP, Vista kunye no-7«. Umyili wenqaku uxela ngaphandle kokuhlutha: «Ndiyakucaphukela ukubopha, ke yi-dnsmasq ukuhlangula»(Sic) ezingaphezulu okanye ngaphantsi iindlela«Ndikuthiyile UKUBAMBA, ke iDnsmasq iza kubahlangula«. Kwirekhodi, elo binzana alitsho kum.
Ngokudlula, ndiza kuphawula ukuba kwelo nqaku uMlobi akayicacisi imvelaphi yeerekhodi ze-DNS kwaye ngokubanzi ayisosikhokelo silungileyo sokuphumeza i-Active Directory® esekwe kwi-Samba 4. Ukuba ndibethwe kukuthanda kwakho Dnsmasq.
Andikuthandi ukubopha konke konke. Kubonakalisiwe ngamanqaku amane -4- angaphambili:
- I-DNS kunye ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
- I-DNS kunye ne-DHCP kwi-CentOS 7
- I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie"
- BOPHA kunye ne-Active Directory®
Njengoko ndibhalile kumaxesha angaphambili, phantse ngekhe Ndicebisa, kodwa Ndiyacebisa. Kwimeko ye-Dnsmasq ewe Ndicebisa Ukusetyenziswa kwayo kwiiNethiwekhi zeSME.
Ukuhanjiswa okulandelayo
Isavenge esilandelayo -Ndicinga ukuba ndiyacinga-Ndiza kuyinikela ekuhlanganisweni kwe-Dnsmasq kunye neMicrosoft® Active Directory®. Iya kuba yindawo elungileyo yokungena kwinqaku-kakhulu-Ixesha elizayo liza kujongana nendlela yokwenza i-AD-DC ngeSamba 4 kunye neDnsmasq.
Molo kusasa !!! Ndiyangqinelana nayo yonke into oyithethayo kwaye inyani kukuba ukusebenza kwenethiwekhi ukuza kuthi ga ngoku akuniki sizathu sokukhalaza. Andiseyiyo i-sysadmin yenethiwekhi, kuba uyazi iingxaki ebendinazo ... kodwa ngelixa bendiphethe inethiwekhi kude kube ngoku ndinxibelelana nalowo uphambi kwayo, akukho sizathu sokukhalaza. Amava am amnandi nge-ClearOS kunye ne-DNSmasq.
Umhlobo Joan, Enkosi ngoncedo lwakho ekuqinisekiseni into endiyibhalileyo malunga nenkampani kunye ne-ClearOS.
Into endiyithandayo kakhulu malunga ne-dnsmasq yindlela enokubakho ngayo, kwifayile enye oyilungiselela i-DNS kunye ne-DHCP. Ngokubhekisele ekusebenzeni andinasikhalazo, ngexesha elithile elidlulileyo ndicime iseva ka-2003R2 eyayisebenza njenge-DC, abathengi abaninzi beLinux abavela koomasipala abakude "babexhonyiwe" kwaye kuba bendingenayo indlela yokuguqula ukuthanda kwabo i-DNS, into endiyenzileyo kukuphakamisa uJessie ngale IP kunye dnsmasq caching i-DNS entsha, konke kulungile.
Inqaku elilunge kakhulu Fico, malunga nam.
Ucinga ntoni ngomda olondolozayo wokusebenza ukuya kwiikhompyuter ezili-1000? Ndinethuba lokuqinisekisa idatha kunye nomhlobo ozinikele ekunikezeleni iinkonzo ze «Captive» iwebhusayithi ngeWiFi, kwaye kutshanje unike inkonzo -ngokuBopha + i-Isc-dhcp- ukuya ngaphezulu kwe-mobiles e-Karl Marx Theatre. . Undiqeshele ukuba ndimenze umncedisi kunye nokusetyenziswa kwezixhobo eziphantsi kakhulu, kuloo msebenzi.
Kuya kucaca gca ukuba la ekuthiwa "yimida" kwakulinganiswa kwiminyaka embalwa edlulileyo kunye nezixhobo zentsimbi ezingaphantsi komgangatho wangoku, zombini i-dnsmasq kunye nabaxhasi baye bavela kakhulu, ndiqinisekile ukuba izakubamba umthwalo waba basebenzisi. Soloko ubhala kwaye uvimbele iwaka kunye nemibuzo enye eyenziwa yi-Android ukuzama ukufowunela ekhaya, hehe. Masinwabe
Ndiza kulithatha kakhulu icebo lakho, dhunter. Enkosi kwakhona
Njengokuba kuqhelekile kolu ngcelele lwee-SMEs, esi sithuba sikwi- "DNSMASQ" lelinye inqaku elihle umbhali asinika lona kwii-sysadmins ukuba siziphucule kwezobuchwephesha nakwithiyori.
Kwimeko yam yobuqu, ndandisazi ngokungathandabuzekiyo i-dnsmasq njengoko ndibeka phambili i-DNS (Bind) kunye ne-DHCP njengeenkonzo ezimbini ezizimeleyo. Kum KUKHULU! Into ye-dnsmasq yokuvumela ukuqwalasela zombini kwinkonzo enye (ngokusebenzisa ifayile /etc/dnsmasq.conf).
Kakhulu! Elikwazi ukuxhasa ubuncinci abathengi be-1,000 nge-DNS kunye ne-DHCP ngaphandle kokuchaphazela ukusebenza kwayo.
Enye into elungileyo yi-TIP malunga nendlela yokuthintela imibuzo enxulumene nee-Root Servers okanye i-Forwarders esebenzisa i- / etc / banner_add_host file where we insert the "N" sites that we need to declare as they were "localhosts".
Okokugqibela nanjengoko kuqhelekile kumbhali ngecandelo lakhe "lezavenge zilandelayo", ngoku uceba ukuhambisa enye into "indibaniselwano yeDnsmasq neMicrosoft® Active Directory®".
Ewe, sele sijonge phambili kuyo.
Bendixakekile kwaye andikwazi ukulandela amanqaku akho. Ndiziphosile ezinye. Ubhalo lwakho ngalunye olutsha luyamangalisa kwaye luqulathe iimfundiso ezintsha. Yigcine, mfondini uFico
I-Dnsmasq, ndibona ukusebenza kwayo yonke imihla, yeyona ilungileyo. Ndihlala ndikuxelela kwaye ndinyanzelisa ukudityaniswa kwe-bind9 kunye ne-isc-dhcp-server (isisombululo endisithandayo kakhulu, kuba ukuzama amaxesha amaninzi ndafunda ndabona kwaye ndafumana into encinci endiyaziyo malunga ne-dns kunye ne-dhcp, VIIII, ndiyayibona into iMicrosoft ayikuvumeli ukuba uyigcine, into abangafuni ukuba uyifunde kwaye ikugcine kwigumbi elimnyama nelitshixwayo, ziinkonzo ekuthethwa ngazo ngokungathi zizilo kwaye bangabantu abalungileyo, ungabaphatha ngenyaniso), kwaye enkosi Kule nto wanyanzelwa ukuba uziphucule nangakumbi, enyanisweni sele sizibona zonke iziphumo zalo mzamo kwaye siyabulela ngomgangatho wezithuba zakho.
Le yona ibaluleke kakhulu, andithathi tyala kuyo yonke le nto, NGOKUQINILEYO, NANGONA UCINGA NGAYO; Kodwa kungenxa yakho ndadibana nomhlobo wam dnsmasq kwaye inethiwekhi yendawo yokuhlala yam ihlala ngaphezulu kokonwaba ukudibana nomlingane wethu omtsha owenziwe nguSimon Kelley. Enkosi naye.
IWO: Awuyi kulinda ixesha elide kwisithuba esilandelayo. Khange ndiyigqibe kuba ndixakeke kakhulu ngumsebenzi wam wemihla ngemihla. Ixesha ... Kodwa ngokuqinisekileyo uya kuba nalo kule veki izayo.
I-Crespo88: Andinakongeza enye into kumagqabaza akho apheleleyo. Kwaye sele ndilifutshane ixesha kuba ngentsimbi yesi-7 ngoku ndiphelelwe kukuhamba navigation
Enkosi!.
Molo, FICO. Inqaku elilunge kakhulu.
Ndingathanda ukwazi ukuba ungayisebenzisa njani i-dnsmasq kwi-baremetal (HP Proliant gen 8) yokubamba oomatshini ababonakalayo be-KVM.
Ngaba ulungiso lwe-dnsmasq lwenziwe kumamkeli okanye kwenye ye-VM esebenza njengeseva ye-dnsmasq?
Ndixakekile.
Ukubulisa