BOPHA kunye ne-Active Directory® -Iinethiwekhi zeSME

Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo

Molweni zihlobo! Eyona njongo iphambili kweli nqaku kukubonisa ukuba singayidibanisa njani inkonzo ye-DNS esekwe kwi-BIND9 kwinethiwekhi yeMicrosoft, exhaphake kwii-SME ezininzi.

Ivela kwisicelo esisemthethweni somhlobo ohlala eLa Tierra del Fuego -I-Fuegian-ikhethekileyo kwiMicrosoft® Networks -Izatifikethi zibandakanyiwe- ukukukhokela kule ndawo yokufuduka kweeseva zakho ukuya kwiLinux. Iindleko ze Inkxaso Ingcali ehlawula iMicrosoft® sele ikhona Akunyamezeleki yeNkampani asebenza kuyo kwaye ikwiSabelo sakhe esiPhambili.

Umhlobo wam I-Fuegian Unoburharha, kwaye okoko wabona uthotho lweefilimu ezintathuINkosi yamakhonkco»Wayethathwe ngamagama amaninzi abalinganiswa bakhe abamnyama. Ke, mhlobo wokuFunda, sukumangaliswa ngamagama esizinda sakho kunye neeseva zakho.

Kwabafikayo kwesihloko, kwaye ngaphambi kokuqhubeka nokufunda, sicebisa ukuba ufunde kwaye ufunde la manqaku mathathu angaphambili kwiiNethiwekhi zeSME:

• I-DNS kunye ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
• I-DNS kunye ne-DHCP kwi-CentOS 7
• I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie"

Kufana nokubukela ezintathu zecandelo ezine ze «Ngaphantsi komhlaba»Ishicilelwe kude kube namhlanje, kwaye le yesine.

Iparamitha ngokubanzi

Emva kokutshintshana okuninzi nge emailEkugqibeleni ndacacisa malunga neeparameter eziphambili zenethiwekhi yakho yangoku, eyi:

Igama lesizinda mordor.fan LAN Inethiwekhi 10.10.10.0/24 ================================== == ========================================= iseva idilesi ye-IP Injongo (iiseva ezine-OS yeWindows = ========================================== == ========================== = sauron.mordor.fan. 10.10.10.3 Active Directory® 2008 SR2 imamba.mordor.fan. 10.10.10.4 iseva yefayile yeWindows emnyamalord.mordor.fan. 10.10.10.6 Ummeli, isango kunye ne-firewall kwi-Kerios troll.mordor.fan. 10.10.10.7 Ibhlog esekwe kwi ... andikhumbuli i-shadowftp.mordor.fan. 10.10.10.8 iseva ye-FTP emnyama black.mordor.fan. 10.10.10.9 Inkonzo ye-imeyile epheleleyo blackspider.mordor.fan. 10.10.10.10. 10.10.10.11 Ingxoxo kwi-Openfire yeWindows

Ndicele imvume I-Fuegian ukuseta ii-Aliases ezininzi kangangoko kunokwenzeka ukucoca ingqondo yam kwaye wandinika imvume:

I-CNAME yokwenyani ============================== i-sauron ad-dc imamba yefayile ye-darklord proxyweb troll blog shadowftp ftpserver i-blackelf mail i-blackspider www palantir openfire

Ndabhengeza zonke iirekhodi ezibalulekileyo ze-DNS kufakelo lwam lwe-Active Directory yeWindows 2008 ukuba ndanyanzelwa ukuba ndiyiphumeze ukuze indikhokele ekwenzeni lo myalezo.

Malunga neerekhodi ezisebenzayo zeRekhodi ye-SRV

Iirejista I-SRV o Indawo yokufumana iiNkonzo - esetyenziswa ngokubanzi kwiMicrosoft Active Directory - zichaziwe kwifayile ye- Isicelo seComment RFC 2782. Bavumela indawo yenkonzo esekwe kwi-TCP / IP protocol ngombuzo we-DNS. Umzekelo, umthengi kwinethiwekhi kaMicrosoft unokufumana indawo ekuyo i-Domain Controllers- Abalawuli beDomain ebonelela ngenkonzo ye-LDAP ngaphezulu kwenkqubo ye-TCP kwizibuko 389 ngombuzo omnye we-DNS.

Kuqhelekile ukuba emaHlathini - amahlathi, kunye neMithi - Imithi yenethiwekhi enkulu yeMicrosoft kukho abalawuli beDomain abaninzi. Ngokusebenzisa iirekhodi ze-SRV kwiiNdawo ezahlukeneyo ezenza iGama leNdawo yeGama lale Nethiwekhi, sinokugcina uLuhlu lweeSeva ezibonelela ngeenkonzo ezifanayo ezaziwayo, ezi-odolwe ngokhetho ngokomgaqo wezothutho kunye nezibuko nganye nganye. abancedisi.

Kulo Isicelo seComment RFC 1700 Amagama eSimboli aMazwe ngaMazwe eeNkonzo eziQhelekileyo achaziwe- Inkonzo eyaziwayo, kunye namagama anjenge «_netnet«,«_smtp»Ngeenkonzo Telnet y SMTP. Ukuba igama lokomfuziselo alichazwanga ngenkonzo eyaziwayo, igama lendawo okanye elinye igama linokusetyenziswa ngokokukhetha komsebenzisi.

Injongo yentsimi nganye «ezizodwa»Kusetyenziswe ukubhengezwa kweRekhodi yeziXhobo zeSRV zezi zilandelayo:

• thambeka: Msgstr "I - Pdc._msdcs.mordor.fan.«. Igama le-DNS lenkonzo ekubhekiswa kuyo irekhodi le-SRV. Igama le-DNS kumzekelo lithetha -ngaphezulu okanye ngaphantsi- Umlawuli weSizinda sePrayimari yommandla _nkwidlange.
• inkonzo: "_Ldap". Igama elingumqondiso wenkonzo ebonelelweyo ichazwe ngokwe Isicelo seComment RFC 1700.
• Protocol: "_Tcp". Ibonisa uhlobo lwenkqubo yothutho. Ngokwesiqhelo unokuthatha amaxabiso _tcp o _u, nangona-kwaye enyanisweni- naluphi na uhlobo lwenkqubo yothutho eboniswe kwi Isicelo seComment RFC 1700. Umzekelo, ngenkonzo ncokola umthetho olungiselelwe XMPP, Eli candelo liya kuba nexabiso le- yxmp.
• Priority: «0«. Xela okona kubalulekileyo okanye okhethwayo Umbuki zindwendwe unika le nkonzo esiya kuyibona kamva. Imibuzo ye-DNS yabathengi malunga nenkonzo echazwe yile rekhodi ye-SRV, yakufumana impendulo efanelekileyo, iya kuzama ukunxibelelana nomamkeli wokuqala okhoyo kunye nelona nani lisezantsi elidweliswe ebaleni. Priority. Uluhlu lwamaxabiso anokuthathwa yile ntsimi ngu 0 i65535.
• ubunzima: «100«. Ingasetyenziswa ngokudibeneyo Priority ukubonelela ngendlela yokulinganisa umthwalo xa kukho iiseva ezininzi ezibonelela ngenkonzo efanayo. Kuya kubakho irekhodi elifanayo le-SRV kwiserver nganye kwifayile yeZone, negama layo libhengezwe ebaleni Umbuki zindwendwe unika le nkonzo. Ngaphambi kweeseva ezinamaxabiso alinganayo ebaleni Priority, ixabiso lendawo ubunzima Ingasetyenziselwa njengenqanaba elongeziweyo lokukhetha ukufumana ukhetho oluchanekileyo lweseva yokulinganisa umthwalo. Uluhlu lwamaxabiso anokuthathwa yile ntsimi ngu 0 i65535. Ukuba ukulungelelaniswa komthwalo akufuneki, umzekelo kwimeko yeserver enye, kuyacetyiswa ukwabela ixabiso 0 ukwenza irekhodi le-SRV lifundeke lula.
• Inombolo yePort - iPort: «389«. Inombolo yePort in Umbuki zindwendwe unika le nkonzo ebonelela ngenkonzo ebonisiweyo ebaleni inkonzo. Inani lezibuko elicetyiswayo kuhlobo ngalunye lweNkonzo eyaziwayo libonisiwe kwi Isicelo seComment RFC 1700, nangona kunokuthatha ixabiso phakathi 0 kunye ne65535.
• Umamkeli obonelela ngale nkonzo-Ithagethi: «i-sauron.mordor.fan.«. Icacisa i FQDN echonga ngokungathandabuzekiyo umkhosi ebonelela ngenkonzo eboniswe yirekhodi ye-SRV. Uhlobo lwerekhodi «A»Kwindawo yegama lesizinda nganye FQDN ukusuka kwiseva okanye umkhosi ebonelela ngenkonzo. Elula, irekhodi yohlobo A kummandla othe ngqo.
  • Qaphela:
    Ukubonisa ngokusegunyeni ukuba inkonzo ebalulwe yirekhodi ye-SRV ayinikezelwanga kulo mbi, (.) inqaku.

Sifuna nje ukuphinda ukuba ukusebenza ngokuchanekileyo kwenethiwekhi okanye i-Active Directory® ixhomekeke kakhulu ekusebenzeni ngokuchanekileyo kweNkonzo yamagama eNdawo..

Iirekhodi ezisebenzayo ze-DNS

Ukwenza iiZones zeseva entsha ye-DNS ngokusekwe kwi-BIND, kufuneka sifumane zonke iirekhodi ze-DNS kwi-Active Directory®. Ukwenza ubomi bube lula, siya kwiqela i-sauron.mordor.fan -Isikhokelo esisebenzayo® sika-2008 SR2- nakwi-DNS Administration Console sisebenzisa iTransfer Transfer -direct and inverse- kwimimandla ephambili ebhengezwe kolu hlobo lwenkonzo, zezi:

• _nkwidlange
• mordor.fan
• 10.10.10.in- kongeza.arpa

Nje ukuba inyathelo elidlulileyo lenziwe kwaye ngokukhethekileyo kwikhompyuter yeLinux enedilesi ye-IP ikuluhlu lwe-subnet esetyenziswa yiWindows Network, senza:

buzz @ sysadmin: ~ $ dig @ 10.10.10.3 _msdcs.mordor.fan axfr> temp /yenzi_nkqubo.mordor.fan
buzz @ sysadmin: ~ $ dig @ 10.10.10.3 mordor.fan axfr> temp / rrs.mordor.fan
buzz @ sysadmin: ~ $ dig @ 10.10.10.3 10.10.10.in-addr.arpa axfr> temp / rrs.10.10.10.in-addr.arpa

• Khumbula kumanqaku angaphambili ukuba idilesi ye-IP yesixhobo sysadmin.desdelinux.umlandeli ngu-10.10.10.1 okanye 192.168.10.1.

Kwimiyalelo emithathu edlulileyo singasusa ukhetho @ 10.10.10.3 -buza iseva ye-DNS ngale dilesi-Ukuba sibhengeza kwifayile /etc/resolv.conf iseva IP i-sauron.mordor.fan:

buzz@sysadmin:~$ ikati /etc/resolv.conf # Iveliswe yiNethiwekhi yokukhangela desdelinux.fan nameserver 192.168.10.5 nameserver 10.10.10.3

Emva kokuhlela ngononophelo olukhulu, ngokuhambelana nayo nayiphi na ifayile yefayile kwi-BIND, siya kufumana le datha ilandelayo:

Iirekhodi zeRRs ezivela kwindawo yoqobo _msdcs.mordor.fan

buzz @ sysadmin: ~ $ ikati temp / rrs._msdcs.mordor.fan 
; Inxulumene ne-SOA kunye ne-NS _msdcs.mordor.fan. 3600 KWI-SOA sauron.mordor.fan. umphathi wenkosi.mordor.fan. 12 900 600 86400 3600 _msdcs.mordor.fan. I-3600 kwi-NS isuron.mordor.fan. ; ; IKHATHALOGI YONKE GC._msdcs.mordor.fan. 600 KWI-10.10.10.3; ; Iziteketiso-kugcino lwedatha ye-LDAP eguqulweyo kunye ne-Active Directory- yeSAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan I-600 KWI-CNAME sauron.mordor.fan. ; ; I-LDAP eguqulweyo yabucala ye-Active Directory _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 kwi-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. I-600 kwi-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. I-600 kwi-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. I-600 kwi-SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS iguqulwe kwaye yabucala kwi-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan.

Iirekhodi zeRRs ezivela kwindawo yoqobo mordor.fan

buzz @ sysadmin: ~ $ cat temp / rrs.mordor.fan 
; Inxulumene ne-SOA, i-NS, i-MX kunye neerekhodi ezirekhodiweyo; iGama leNdawo kwi-IP yeSAURON; Izinto ezivela kulawulo olusebenzayo lwemordor.fan. 3600 KWI-SOA sauron.mordor.fan. umphathi wenkosi.mordor.fan. 48 900 600 86400 3600 mordor.fan. 600 KWI-10.10.10.3 mordor.fan. I-3600 kwi-NS isuron.mordor.fan. mordor.fan. 3600 KWI-MX 10 emnyama. _nkwidlange. I-3600 kwi-NS isuron.mordor.fan. ; ; Kwakhona kubalulekile iirekhodi zeDomainDnsZones.mordor.fan. 600 KWI-10.10.10.3 ForestDnsZones.mordor.fan. 600 KWI-10.10.10.3; ; IKHATHALOGI YONKE _gc._tcp.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. ; ; I-LDAP eguqulweyo yabucala ye-Active Directory _ldap._tcp.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _dap._tcp.DomainDnsZones.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. IiflestDnsZones.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS eguqulweyo neyimfihlo evela kulawulo olusebenzayo _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan. _kwiindidi I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan. _kpasswd._tcp.mordor.fan. I-600 KWI-SRV 0 100 464 sauron.mordor.fan. _kwiindidi I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan. _kpasswd._udp.mordor.fan. I-600 KWI-SRV 0 100 464 sauron.mordor.fan. ; ; Iirekhodi ezinee-IPs ezisisigxina-> Blackelf.mordor.fan iiseva. 3600 KWI-10.10.10.9 blackspider.mordor.fan. 3600 KWI-10.10.10.10 emnyamalord.mordor.fan. 3600 KWI-10.10.10.6 imamba.mordor.fan. I-3600 KWI-10.10.10.4 palantir.mordor.fan. 3600 KWI-10.10.10.11 sauron.mordor.fan. 3600 KWI-10.10.10.3 shadowftp.mordor.fan. I-3600 KWI-10.10.10.8 troll.mordor.fan. 3600 KWI-10.10.10.7; ; Iirekhodi zeCNAME ad-dc.mordor.fan. 3600 KWI-CNAME sauron.mordor.fan. blog.mordor.fan. I-3600 KWI-CNAME troll.mordor.fan. ifayileserver.mordor.fan. I-3600 KWI-CNAME mamba.mordor.fan. I-ftpserver.mordor.fan. 3600 KWI-CNAME isithunzift.mordor.fan. imeyile.mordor.fan. 3600 KWI-CNAME balckelf.mordor.fan. imililo.mordor.fan. I-3600 KWI-CNAME palantir.mordor.fan. Ummeli weMordor.fan. 3600 KWI-CNAME darklord.mordor.fan. ulele.tv 3600 KWI-CNAME i-blackspider.mordor.fan.

Iirekhodi zeRRs ezivela kwindawo yoqobo 10.10.10.in-addr.arpa

buzz @ sysadmin: ~ $ cat temp / rrs.10.10.10.in-addr.arpa 
; Inxulumene ne-SOA kunye ne-NS 10.10.10.in-addr.arpa. 3600 KWI-SOA sauron.mordor.fan. umphathi wenkosi.mordor.fan. 21 900 600 86400 3600 10.10.10.in-addr.arpa. I-3600 kwi-NS isuron.mordor.fan. ; ; Iirekhodi ze-PTR 10.10.10.10.in-addr.arpa. 3600 KWI-PTR blackspider.mordor.fan. 11.10.10.10.in-addr.arpa. I-3600 KWI-PTR palantir.mordor.fan. 3.10.10.10.in-addr.arpa. I-3600 KWI-PTR yesuron.mordor.fan. 4.10.10.10.in-addr.arpa. 3600 KWI-PTR mamba.mordor.fan. 5.10.10.10.in-addr.arpa. I-3600 KWI-PTR dnslinux.mordor.fan. 6.10.10.10.in-addr.arpa. 3600 KWI-PTR darklord.mordor.fan. 7.10.10.10.in-addr.arpa. I-3600 KWIPR troll.mordor.fan. 8.10.10.10.in-addr.arpa. 3600 KWIPR shadowftp.mordor.fan. 9.10.10.10.in-addr.arpa. 3600 KWI-PTR emnyama.

Ukuza kuthi ga ngoku singacinga ukuba sinedatha eyimfuneko yokuqhubeka nokuzonwabisa, ngaphandle kokujonga kuqala IiTTL kunye nenye idatha ngendlela emfutshane kakhulu yokukhutshelwa kunye nokuqwalaselwa ngokuthe ngqo kwe-DNS yeMicrosft® Active Directory® 2008 SR2 64 bits isinika.

Imifanekiso yoMphathi we-DNS kwiSAURON

Iqela le-Dnslinux.mordor.fan.

Ukuba sijonga ngokusondeleyo, kwidilesi ye-IP 10.10.10.5 akukho gama labelwa lona ngokuchanekileyo ukuze libe nokuhlala ngegama le-DNS entsha ednlinux.mordor.fan. Ukufaka isibini se-DNS kunye ne-DHCP sinokukhokelwa ngamanqaku I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie" y I-DNS kunye ne-DHCP kwi-CentOS 7.

Inkqubo yokusebenza yesiseko

Umhlobo wam I-FuegianUkongeza ekubeni yingcali yokwenyani kwiMicrosoft® Windows-unezatifikethi ezimbalwa ezikhutshwe yile nkampani- ufundile wawenza amanye amanqaku malunga needesktops ezipapashwe kwi DesdeLinux., wandixelela ukuba ufuna isisombululo esisekwe eDebian. 😉

Ukukukholisa, siza kuqala ngokufakela okucocekileyo kweseva esekwe I-Debian 8 "uJessie". Nangona kunjalo, oko siza kubhala ngokulandelayo kuyasebenza kwi-CentOS kunye nokuhanjiswa okuvulekileyo kwe-SUSE amanqaku abo siwathethile ngaphambili. I-BIND kunye ne-DHCP ziyafana nakweyiphi na i-distro. Umahluko omncinci waziswa ngabagcini beephakheji kulwabiwo ngalunye.

Siza kwenza ufakelo njengoko kubonisiwe kwi I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie", unakekele ukusebenzisa i-IP 10.10.10.5 kunye nomnatha 10.10.10.0/24, naphambi kokumisela ISIBOPHO.

Silungiselela i-BIND kwisitayile seDebian

/etc/bind/igama.conf

Ifayile /etc/bind/igama.conf siyishiya njengoko ifakiwe.

/etc/bind/named.conf.options

Ifayile /etc/bind/named.conf.options kufuneka ishiywe nalo mxholo ulandelayo:

ingcambu @ dnslinux: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

ingcambu @ dnslinux: ~ # nano /etc/bind/named.conf.options
ukhetho {lawulo "/ var / cache / bind"; // Ukuba kukho i-firewall phakathi kwakho kunye ne-nameservers ofuna // ukuthetha nayo, unokufuna ukulungisa i-firewall ukuvumela amaninzi // amazibuko ukuba athethe. Bona http://www.kb.cert.org/vuls/id/800113 // Ukuba i-ISP yakho ibonelele ngedilesi enye okanye ezingaphezulu ze-IP ze-nameservers ezinzileyo, mhlawumbi ufuna ukuzisebenzisa njengabathumeli. // Uncomment kule bhloko ilandelayo, kwaye faka iidilesi endaweni ka-i-0's yonke isibambi-ndawo. // abathumeli {// 0.0.0.0; //}; // =============================================== ===================== $ // Ukuba BIND ungene kwimilayezo yemposiso malunga nengcambu yesitshixo iphelelwe lixesha, // kuyakufuneka uhlaziye amaqhosha akho. Bona https://www.isc.org/bind-keys // ================================= =================================== $

    // Asifuni i-DNSSEC
        dnssec-yenza hayi;
        //uqinisekiso lwe-dnssec auto;

        Author-nxdomain akukho; # Thobela i-RFC1035

 // Asifuni ukumamela iidilesi ze-IPv6
        // mamela-kwi-v6 {nayiphi na; };
    mamela-kwi-v6 {akukho; };

 // Ukukhangela kwi-localhost kunye ne-sysadmin
    // ngokusebenzisa // dig mordor.fan axfr // dig 10.10.10.in-addr.arpa axfr // dig _msdcs.mordor.fan axfr // Asinayo i-Slave DNS ... kude kube ngoku
 vumela-ukudlulisa {indawo yangaphakathi; 10.10.10.1; };
};

// Ukungena kwi-BUNG
ukuloga {

        imibuzo yesiteshi {
        ifayile "/var/log/named/queries.log" 3 versions 1 size XNUMXm;
        ulwazi lobukhali;
        ixesha lokuprinta ewe;
        Ubunzima bokuprinta ewe;
        Udidi lokuprinta ewe;
        };

        Impazamo yombuzo wejelo {
        ifayile "/var/log/named/query-error.log" uguqulelo 3 ubukhulu 1m;
        ulwazi lobukhali;
        ixesha lokuprinta ewe;
        Ubunzima bokuprinta ewe;
        Udidi lokuprinta ewe;
        };

                                
imibuzo yodidi {
         imibuzo;
         };

udidi lweempazamo zodidi {
         Impazamo yombuzo;
         };

};

• Sazisa ngokubanjwa kweengodo ze-BIND njenge I-NUEVO ukuvela kuthotho lwamanqaku ngalo mbandela. Sakha i-lifolda kunye neefayile ezifunekayo kwifayile ye Ukungena YOKUBOPHA:

ingcambu @ dnslinux: ~ # mkdir / var / log / named
ingcambu @ dnslinux: ~ # touch /var/log/named/queries.log
ingcambu @ dnslinux: ~ # touch /var/log/named/query-error.log
ingcambu @ dnslinux: ~ # chown -R bind: bind / var / log / named

Sijonga is syntax yeefayile eziqwalaselweyo

(Imeyile ikhuselwe): ~ # ogama lingu-checkconf 
ingcambu @ dnslinux: ~ #

/etc/bind/named.conf.local

Senza ifayile /etc/bind/zones.rfcFreeBSD enomxholo ofanayo njengoko kubonisiwe I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie".

ingcambu @ dnslinux: ~ # nano /etc/bind/zones.rfcFreeBSD

Ifayile /etc/bind/named.conf.local kufuneka ishiywe nalo mxholo ulandelayo:

// // Yenza naluphi na uqwalaselo lwasekhaya apha // // Cinga ukongeza imimandla ye-1918 apha, ukuba ayisetyenziswanga kumbutho wakho //
kubandakanya "/etc/bind/zones.rfc1918"; zibandakanya "/etc/bind/zones.rfcFreeBSD";

ummandla "mordor.fan" {uhlobo lwenkosi; Ifayile "/var/lib/bind/db.mordor.fan"; }; ummandla "10.10.10.in-addr.arpa" {type master; Ifayile "/var/lib/bind/db.10.10.10.in-addr.arpa"; };

ummandla "_msdcs.mordor.fan" {uhlobo lwenkosi;
 amagama okutshekisha awahoyi; Ifayile "/etc/bind/db._msdcs.mordor.fan"; }; (Imeyile ikhuselwe): ~ # ogama lingu-checkconf
ingcambu @ dnslinux: ~ #

Indawo yeFayile mordor.fan

ingcambu @ dnslinux: ~ # nano /var/lib/bind/db.mordor.fan
$ TTL 3H @ KWI-SOA dnslinux.mordor.fan. ingcambu.dnslinux.mordor.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H); ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila;
; QAPHELA KAKHULU NGEEREKHODI EZILANDELAYO
@ IN NS dnslinux.mordor.fan.
@ KWI-10.10.10.5
@ KWI-MX 10 emnyama. @ KWI-TXT "Uyakwamkelwa kubumnyama beLord kaMordor";
_nkcdlk. KWI-NS dnslinux.mordor.fan.
;
ednlinux.mordor.fan. KWI-10.10.10.5
; QEDA KAKHULU NGOKUQONELELE NGEENKCUKACHA EZILANDELAYO;
DomainDnsZones.mordor.fan. KWI-10.10.10.3 ForestDnsZones.mordor.fan. KWI-10.10.10.3; ; IKHATHALOGI YONKE _gc._tcp.mordor.fan. I-600 KWI-SRV 0 0 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 KWI-SRV 0 0 3268 sauron.mordor.fan. ; ; I-LDAP eguqulweyo yabucala ye-Active Directory _ldap._tcp.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. _dap._tcp.DomainDnsZones.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. IiflestDnsZones.mordor.fan. I-600 KWI-SRV 0 0 389 sauron.mordor.fan. ; ; I-KERBEROS eguqulweyo neyimfihlo evela kulawulo olusebenzayo _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 kwi-SRV 0 0 88 i-sauron.mordor.fan. _kwiindidi I-600 kwi-SRV 0 0 88 i-sauron.mordor.fan. _kpasswd._tcp.mordor.fan. I-600 KWI-SRV 0 0 464 sauron.mordor.fan. _kwiindidi I-600 kwi-SRV 0 0 88 i-sauron.mordor.fan. _kpasswd._udp.mordor.fan. I-600 KWI-SRV 0 0 464 sauron.mordor.fan. ; ; Iirekhodi ezinee-IPs ezisisigxina-> Blackelf.mordor.fan iiseva. KWI-10.10.10.9 blackspider.mordor.fan. KWI-10.10.10.10 emnyamalord.mordor.fan. KWI-10.10.10.6 imamba.mordor.fan. KWI-10.10.10.4 palantir.mordor.fan. KWI-10.10.10.11
i-sauron.mordor.fan. KWI-10.10.10.3
ngqube.mordor.fan. KWI-10.10.10.8 troll.mordor.fan. KWI-10.10.10.7; ; Iirekhodi zeCNAME ad-dc.mordor.fan. KWI-CNAME sauron.mordor.fan. blog.mordor.fan. KWI-CNAME troll.mordor.fan. ifayileserver.mordor.fan. KWI-CNAME mamba.mordor.fan. I-ftpserver.mordor.fan. KWI-CNAME shadowftp.mordor.fan. imeyile.mordor.fan. KWI-CNAME balckelf.mordor.fan. imililo.mordor.fan. KWI-CNAME palantir.mordor.fan. Ummeli weMordor.fan. KWI CNAME mnyamalord.mordor.fan. www.kordoc.goi KWI-CNAME blackspider.mordor.fan.

ingcambu @ dnslinux: ~ # igama-lokujonga indawo mordor.fan /var/lib/bind/db.mordor.fan 
zone mordor.fan/IN: ilayishwe uthotho 1 Kulungile

Amaxesha I-TTL 600 Kuzo zonke iirejista ze-SRV siya kuzigcina kwimeko yokufaka i-Slave BIND kumaxesha aseleyo. Ezo rekhodi zimele iinkonzo ze-Active Directory® ezifunda ikakhulu idatha kwiziko ledatha le-LDAP. Kuba isiseko sedatha sitshintsha rhoqo, amaxesha okuvumelanisa kufuneka agcinwe mfutshane, kwiskimu se-Master-Slave DNS. Ngokwentanda-bulumko kaMicrosoft eqatshelwe kwi-Active Directory 2000 ukuya ku-2008, ixabiso lama-600 ligcinwa kwezi ntlobo zeerekhodi ze-SRV.

Los IiTTL Iiseva ezine-IP ezisisigxina, ziphantsi kwexesha elibhengeziweyo kwi-SOA yeeyure ezi-3.

Indawo yeFayile 10.10.10.in-addr.arpa

ingcambu @ dnslinux: ~ # nano /var/lib/bind/db.10.10.10.in-addr.arpa
$ TTL 3H @ KWI-SOA dnslinux.mordor.fan. ingcambu.dnslinux.mordor.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H); ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila; @ IN NS dnslinux.mordor.fan. ; 10 KWI-PTR blackspider.mordor.fan. 11 KWI-PTR palantir.mordor.fan. 3 KWI-PTR sauron.mordor.fan. 4 KWI-PTR mamba.mordor.fan. 5 KWI-PTR dnslinux.mordor.fan. 6 KWI-PTR darklord.mordor.fan. 7 KWIPR troll.mordor.fan. 8 KWIPR shadowftp.mordor.fan. 9 KWI-PTR emnyama.

ingcambu @ dnslinux: ~ # igama-lokujonga indawo 10.10.10.in-addr.arpa /var/lib/bind/db.10.10.10.in-addr.arpa 
ummandla 10.10.10.in-addr.arpa/IN: ilayishwe uthotho 1 Kulungile

Ifayile yeZowuni _msdcs.mordor.fan

Masiqwalasele okucetyiswayo kwifayile /usr/share/doc/bind9/README.Debian.gz Malunga nendawo yeefayile zeMimandla emiMandla engakhange ibe phantsi kohlaziyo lwamandla yi-DHCP.

ingcambu @ dnslinux: ~ # nano /etc/bind/db._msdcs.mordor.fan
$ TTL 3H @ KWI-SOA dnslinux.mordor.fan. ingcambu.dnslinux.mordor.fan. (1; serial 1D; hlaziya i-1H; phinda uzame i-1W; phelisa i-3H); ubuncinci okanye; Ixesha elingalunganga lokugcina ixesha lokuphila; @ IN NS dnslinux.mordor.fan. ; ; ; IKHATHALOGI YONKE GC._msdcs.mordor.fan. 600 KWI-10.10.10.3; ; Iziteketiso-kugcino lwedatha ye-LDAP eguqulweyo kunye ne-Active Directory- yeSAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan I-600 KWI-CNAME sauron.mordor.fan. ; ; I-LDAP eguqulweyo neyimfihlo ye-Active Directory _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS eguqulweyo yabucala ye-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. I-600 KWI-SRV 0 100 88 i-sauron.mordor.fan.

Sijonga is syntax kwaye singayihoya impazamo esiyibuyisayo, kuba kulwakhiwo lwale Zoni kwifayile /etc/bind/named.conf.local siquka ingxelo amagama okutshekisha awahoyi;. Indawo iya kulayishwa ngokuLUNGILEYO.

(Imeyile ikhuselwe): ~ # igama-lokujonga i-_msdcs.mordor.fan /etc/bind/db._msdcs.mordor.fan 
/etc/bind/db._msdcs.mordor.fan:14: gc._msdcs.mordor.fan: igama elibi lomnini (amagama okujonga) indawo _msdcs.mordor.fan/IN: ilayishwe uthotho 1 Kulungile

ingcambu @ dnslinux: ~ # systemctl qala kwakhona bind9.service 
ingcambu @ dnslinux: ~ # systemctl ubume bind9.service 
● bind9.service-BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Iyasebenza: iyasebenza (iyasebenza) ukusukela ngeLanga 2017-02-12 08:48:38 EST; I-2s eyadlulayo amaXwebhu: man: named (8) Inkqubo: 859 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 864 (named) CGroup: /system.slice/bind9.service └─864 / usr / sbin / named -f -u bind Feb 12 08:48:38 dnslinux named [864]: zone 3.efip6.arpa/IN: serial serial 1 Feb 12 08:48:38 dnslinux ebizwa [864 ]: zone befip6.arpa/IN: ilayishwe uthotho 1 Feb 12 08:48:38 dnslinux named [864]: zone 0.efip6.arpa/IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864]: indawo 7.efip6.arpa/IN: ilayishwe uthotho 1 Feb 12 08:48:38 dnslinux ogama [864]: zone mordor.fan/IN: serial serial 1 Feb 12 08:48:38 dnslinux ebizwa [864]: zone zone .org / IN: ilayishwe uthotho 1 Feb 12 08:48:38 dnslinux named [864]: zone _msdcs.mordor.fan/IN: serial serial 1 Feb 12 08:48:38 dnslinux ebizwa [864]: zone invalid / IN : ilayishwe uthotho 1 Feb 12 08:48:38 dnslinux ogama [864]: yonke imimandla ilayishiwe
Feb 12 08: 48: 38 dnslinux ebizwa [864]: ukubaleka

Sibonisana BONISA

Ngaphambi Emva kokufaka i-DHCP, kufuneka senze uthotho lweetsheki ezibandakanya ukujoyina umxhasi weWindows 7 kwi-domain mordor.fan imelwe sisikhombisi esisebenzayo esifakwe kwikhompyuter i-sauron.mordor.fan.

Into yokuqala yokwenza kukumisa inkonzo ye-DNS kwikhompyuter i-sauron.mordor.fan, Kwaye ubhengeze kunxibelelwano lwakho lwenethiwekhi ukuba ukusukela ngoku iserver ye-DNS yakho iya kuba yiyo 10.10.10.5 dnslinux.mordor.fan.

Kwikhonsoli yeseva uqobo i-sauron.mordor.fan senza:

I-Microsoft Windows [Inguqulelo 6.1.7600]
Ilungelo lokushicilela (c) 2009 Microsoft Corporation. Onke amalungelo agciniwe.

C: \ Abasebenzisi \ uMlawuli> nslookup
Iseva emiselweyo: dnslinux.mordor.fan Idilesi: 10.10.10.5

> gc._msdcs
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 Igama: gc._msdcs.mordor.fan Idilesi: 10.10.10.3

> mordor.fan
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 Igama: mordor.fan Idilesi: 10.10.10.3

> 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 Igama: sauron.mordor.fan Idilesi: 10.10.10.3 Izivumelwano: 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan

> uhlobo lokuseta = i-SRV
> _kerberos._tcp.I-Default-yokuqala-yeSiza-igama._sites.dc._msdcs
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan SRV serv indawo yeqhwa: kuqala = 0 ubunzima = 100 port = 88 svr hostname = sauron.mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan idilesi ye-intanethi = 10.10.10.3 dnslinux.mordor.fan idilesi ye-intanethi = 10.10.10.5
> _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan Indawo yeenkonzo ze-SRV: ephambili = 0 weight = 100 port = 389 svr hostname = sauron .mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan idilesi ye-intanethi = 10.10.10.3 dnslinux.mordor.fan idilesi ye-intanethi = 10.10.10.5
> phuma

C: \ Abasebenzisi \ uMlawuli>

Imibuzo ye-DNS eyenziwe i-sauron.mordor.fan kuyanelisa.

Inyathelo elilandelayo iya kuba kukwakha omnye umatshini oqinisekileyo ngeWindows 7 efakiweyo. Njengangoku singenayo inkonzo ye-DHCP efakiweyo, siya kuyinika ikhompyuter ngegama elithi «win7»Idilesi ye-IP 10.10.10.251. Sikwazisa ukuba iseva yakho ye-DNS iya kuba yiyo 10.10.10.5 dnslinux.mordor.fan, kwaye indawo yokukhangela iya kuba mordor.fan. Asiyi kubhalisa loo khompyutha kwi-DNS kuba siza kuyisebenzisa ukuvavanya inkonzo ye-DHCP emva kokuba siyifakile.

Emva koko sivula ikhonsoli CMD kwaye kuyo senza:

I-Microsoft Windows [Inguqulelo 6.1.7601]
Ilungelo lokushicilela (c) 2009 Microsoft Corporation. Onke amalungelo agciniwe.

C: \ Abasebenzisi \ buzz> nslookup
Iseva emiselweyo: dnslinux.mordor.fan Idilesi: 10.10.10.5

> mordor.fan
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 Igama: mordor.fan Idilesi: 10.10.10.3

> uhlobo lokuseta = i-SRV
> _ldap._tcp.DomainDnsZones
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 _ldap._tcp.DomainDnsZones.mordor.fan Indawo yeenkonzo ze-SRV: ephambili = 0 weight = 0 port = 389 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor. .fan sauron.mordor.fan idilesi ye-intanethi = 10.10.10.3 dnslinux.mordor.fan idilesi ye-intanethi = 10.10.10.5
> _kpasswd._udp
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 _kpasswd._udp.mordor.fan Indawo yeenkonzo ze-SRV: kuqala = 0 ubunzima = 0 port = 464 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan idilesi ye-intanethi = 10.10.10.3 dnslinux.mordor.fan idilesi ye-intanethi = 10.10.10.5
> _ldap._tcp.I-Default-yokuqala-yeSiza-segama._iindawo.ForestDnsZones
Umncedisi: dnslinux.mordor.fan Idilesi: 10.10.10.5 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan SRV serv ice location: priority = 0 weight = 0 port = 389 svr hostname = sauron. mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan idilesi ye-intanethi = 10.10.10.3 dnslinux.mordor.fan idilesi ye-intanethi = 10.10.10.5
> Phuma

C: \ Abasebenzisi \ buzz>

Imibuzo ye-DNS eyenziwe ngumthengi «win7»Ziyanelisa.

Kwi-Directory esebenzayo senza umsebenzisi «Saruman«, Ngenjongo yokusebenzisa xa ujoyina umxhasi win7 kwi-domain mordor.fan., usebenzisa indlela «Isazisi senethiwekhi«, Usebenzisa amagama abasebenzisi saruman@mordor.fan y umlawuli@mordor.fan. Ukujoyina kube yimpumelelo kwaye kungqinwa yile skrini ilandelayo:

Malunga noHlaziyo lweDynamic kwiMicrosoft® DNS kunye ne-BIND

Njengoko inkonzo ye-DNS imisiwe kwi-Active Directory® ibingenakwenzeka ukuba iklayenti «win7»Bhalisa igama lakho nedilesi ye-IP kuloo DNS. Ngaphantsi kakhulu kwi ednlinux.mordor.fan kuba khange senze naliphi na ingxelo vumela uhlaziyo kuyo nayiphi na imimandla ebandakanyekayo.

Kwaye kulapho umlo olungileyo nomhlobo wam wasekwa khona I-Fuegian. Kwi-imeyile yam yokuqala malunga nalo mba ndiphawule:

• Amanqaku kaMicrosoft malunga nokusetyenziswa kwe-BIND kunye ne-Active Directory® bacebisa ukuba, ngakumbi iZowuni ngqo, bavunyelwe ukuba bahlaziywe-kungene- ngokuthe ngqo Ngabathengi beWindows abasele bejoyine i-Domain Directory esebenzayo.
• Kungenxa yoko le nto, ngokungagqibekanga, kwimimandla ye-DNS yoVavanyo oluSebenzayo oluQinisekisiweyo lweDynamic luvumelekile. Ngabathengi beWindows abasele bejoyine i-Domain Directory esebenzayo. Ukuba abamanyananga, bayazishiya iziphumo.
• I-DNS yoLawulo olusebenzayo ixhasa uhlaziyo olunamandla "Ukhuselekile kuphela", "Ukungaqiniseki kunye nokukhuseleka", okanye "Akukho" kufana nokuthi HAYI Uhlaziyo okanye Akukho.
• Ewe, ngokwenene IMicrosoft Philosophy ayivumi ukuba abathengi bayo ABAYI KUHLAZIYA idatha yabo kwii-DNS (s) zabo, ayizukushiya ivulekileyo ithuba lokukhubaza uhlaziyo olunamandla kwii-DNS (s) zabo, ngaphandle kokuba olo khetho luya kushiywa ngeenjongo ezifihlakeleyo..
• IMicrosoft inikezela "ngoKhuseleko" ngokutshintshela ebumnyameni, njengomntu endisebenza naye kunye nomhlobo ophumelele izifundo zakwizatifikethi zeMicrosft® wandixelela. Kuyinyani. Ukongeza, uEl Fueguino ukuqinisekisile kum.
• Umthengi ofumana idilesi ye-IP nge-DHCP efakwe kumatshini we-UNIX® / Linux umzekelo, ngekhe akwazi ukusombulula idilesi ye-IP yegama lakhe de ube ujoyine i-Domain Directory esebenzayo, okoko nje iMicrosoft® okanye UKUBopha kusetyenziswe njenge-DNS ngaphandle kohlaziyo olutshintshayo yi-DHCP.
• Ukuba ndifaka i-DHCP kwi-Active Directory ® uqobo, kuya kufuneka ndibhengeze ukuba iiNdawo zihlaziywa yi-Microsoft® DHCP.
• Ukuba siza kusebenzisa i-BIND njenge-DNS yenethiwekhi yeWindows, into esengqiqweni necetyiswayo kukuba sifake i-BIND-DHCP iperi, kunye nokuhlaziywa okunamandla kwe-BIND kwaye umcimbi ugqityiwe.
• Kwilizwe lothungelwano lwe-LAN kwi-UNIX® / Linux, kuba uhlaziyo olunamandla lwenziwa kwi-BIND, kuphela nguMnu DHCP ovumelekileyo «ukungena»KuNkskz. BOPHELA nohlaziyo lwakhe. Ukuphumla okuneodolo, nceda.
• Xa ndibhengeza kummandla mordor.fan umzekelo: vumela uhlaziyo {10.10.10.0/24; };, ZIBOPHELE ngokwawo ngokwazisa xa uqala okanye ukuqala kwakhona ukuba:

  • zone 'mordor.fan' ivumela uhlaziyo ngedilesi ye-IP, engakhuselekanga

• Kwilizwe le-UNIX® / Linux yehlabathi le-sacrosanct, isosi enjalo ene-DNS ayamkelekanga.

Unokuyicinga into eseleyo yokutshintshiselana nomhlobo wam I-Fuegian mediante imeyili, Incoko yocingo, umnxeba ohlawulelwa nguye (ewe, ndoda, andinayo ikhilogram yaloo nto), nditsho nemiyalezo ephumela kwihobe eliphetheyo ngenkulungwane ye-XXI!

Uye wasongela nokuba angandithumeli unyana wesilwanyana sakhe, uIguana wakhe «Petra»Ukuba wayendithembisile njengenxalenye yentlawulo. Apho ndandisoyika nyhani. Ndiye ndaqala kwakhona, kodwa kwelinye icala.

• I "phantse" Ulawulo olusebenzayo olunokufezekiswa ngeSamba 4, isombulula le nto ngendlela yobuchule, zombini xa sisebenzisa i-DNS yangaphakathi, okanye i-BIND ehlanganiselwe ukuxhasa imimandla ye-DLZ - Iindawo eziLayishwe yiDinamyc, okanye iiNdawo eziLayishwe ngokuMandla.
• Iyaqhubeka nokuhlupheka ngokufanayo: xa umthengi efumana idilesi ye-IP nge-DHCP efakwe kuyo enye Umatshini we-UNIX® / Linux, ngekhe ukwazi ukusombulula idilesi ye-IP yegama lakho ide ijoyine i-domain ye-Samba 4 AD-DC.
• Dibanisa i-BIND-DLZ kunye ne-DHCP duo kumatshini omnye apho I-AD-DC Samba 4 ngumsebenzi wengcali yokwenyani.

I-Fuegian Undibizele kwisahluko wandikhwaza: Asithethi ngayo I-AD-DC Samba 4, kodwa iMicrosoft® Active Directory®!. Kwaye ndaphendula ngokuzithoba ukuba ndonwabile ngenxalenye yamanqaku alandelayo endiza kuwabhala.

Kulapho ndamxelela khona ukuba isigqibo sokugqibela kuhlaziyo olunamandla lweekhompyuter zabaxhasi kwinethiwekhi yakhe sishiyekele kwintando yakhe ekhululekileyo. Ndiza kumnika i tip kubhalwe ngaphambili malunga vumela uhlaziyo {10.10.10.0/24; };, kwaye ngaphezulu akukho nto. Ukuba andinalo uxanduva loko kubangelwe kukuziphatha kakubi ngokwesini ukuba umthengi ngamnye weWindows -okanye iLinux- kwinethiwekhi yabo «iya kungena»Ngaphandle kohlwaywa ku-BONISA.

Ukuba ubusazi, mhlobo wam, Reader, ibiyindawo yokuphela kwaloo ngxabano, ubungekhe uyikholelwe. Umhlobo wam I-Fuegian wamkele isisombululo- kwaye uya kundithumela i-iguana «UPetrica«- ngoku ndibelana nawe.

Sifaka kwaye simisela i-DHCP

Ngolwazi oluthe kratya funda I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie".

(i-imeyile ikhuselwe): ~ # ukufaneleka ukufaka isc-dhcp-server

ingcambu @ dnslinux: ~ # nano / njl / okungagqibekanga / isc-dhcp-server .... # Kukuphi konxibelelwano ekufuneka umncedisi we-DHCP (dhcpd) azise izicelo ze-DHCP? # Yahlulahlula ujongano lwezithuba, umz. "Eth0 eth1". I-INTERFACES = "eth0" ingcambu @ dnslinux: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-isitshixo
Isitshixo seKdhcp. + 157 + 29836

(Imeyile ikhuselwe): ~ # ikati Kdhcp-isitshixo. + 157 + 29836
Ifomathi yesitshixo sangasese: v1.3 Algorithm: 157 (HMAC_MD5) Isitshixo: 3HT / bg / 6YwezUShKYofj5g == Iibhithi: AAA = Yenziwe: 20170212205030Shicilela: 20170212205030Yenza: 20170212205030

ingcambu @ dnslinux: ~ # nano dhcp.key
Isitshixo se-dhcp-isitshixo {algorithm hmac-md5; Imfihlo "3HT / bg / 6YwezUShKYofj5g =="; };

ingcambu @ dnslinux: ~ # faka -o ingcambu -g ubopha -m 0640 dhcp.key /etc/bind/dhcp.key
ingcambu @ dnslinux: ~ # faka -o ingcambu -g ingcambu -m 0640 dhcp.key /etc/dhcp/dhcp.key

ingcambu @ dnslinux: ~ # nano /etc/bind/named.conf.local
// // Yenza naluphi na ulungelelwaniso lwasekhaya apha // // Cinga ukongeza imimandla ye-1918 apha, ukuba ayisetyenziswanga kumbutho wakho // kubandakanya "/etc/bind/zones.rfc1918"; zibandakanya "/etc/bind/zones.rfcFreeBSD";
// Ungalibali ... ndilibele kwaye ndibhatale ngempazamo. ;-)
kubandakanya "/etc/bind/dhcp.key";


ummandla "mordor.fan" {uhlobo lwenkosi;
        vumela uhlaziyo {10.10.10.3; Isitshixo se-dhcp-isitshixo; };
        Ifayile "/var/lib/bind/db.mordor.fan"; }; ummandla "10.10.10.in-addr.arpa" {type master;
        vumela uhlaziyo {10.10.10.3; Isitshixo se-dhcp-isitshixo; };
        Ifayile "/var/lib/bind/db.10.10.10.in-addr.arpa"; }; ummandla "_msdcs.mordor.fan" {uhlobo lwenkosi; amagama okutshekisha awahoyi; Ifayile "/etc/bind/db._msdcs.mordor.fan"; };

(Imeyile ikhuselwe): ~ # ogama lingu-checkconf 
ingcambu @ dnslinux: ~ #

ingcambu @ dnslinux: ~ # nano /etc/dhcp/dhcpd.conf
I-ddns-uhlaziyo-lwendlela yethutyana; uhlaziyo lwe-ddns kwi; ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; ungaluhoyi uhlaziyo lwabaxhasi; isigunyaziso Ukudlulisa ukhetho kwi-ip; ukhetho lesizinda-igama "mordor.fan"; kubandakanya "/etc/dhcp/dhcp.key"; ummandla we-mordor.fan. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } ummandla 10.10.10.in-addr.arpa. {ephambili 127.0.0.1; Isitshixo se-dhcp-isitshixo; } ulwabelwano lwenethiwekhi ekwabelwana ngayo {subnet 10.10.10.0 netmask 255.255.255.0 {iindlela ezikhethiweyo 10.10.10.1; ukhetho lwe-subnet-mask 255.255.255.0; ukhetho losasazo-idilesi ye-10.10.10.255; ukhetho lwegama ledomain-server-10.10.10.5; ukhetho lwe-netbios-name-server-10.10.10.5; Uluhlu lwe-10.10.10.30 10.10.10.250; }} # ISIPHELO dhcpd.conf

ingcambu @ dnslinux: ~ # dhcpd -t
IiNkqubo zeIntanethi I-Consortium DHCP Server 4.3.1 Ilungelo lokushicilela 2004-2014 IiNkqubo zeIntanethi zeKhonkco. Onke amalungelo agciniwe. Ngolwazi, nceda undwendwele i-https: //www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

ingcambu @ dnslinux: ~ # systemctl qala kwakhona bind9.service 
ingcambu @ dnslinux: ~ # systemctl ubume bind9.service 

ingcambu @ dnslinux: ~ # systemctl qala isc-dhcp-server.service
(Imeyile ikhuselwe): ~ # isimo se-systemctl isc-dhcp-server.service

Yintoni enxulumene Ukujonga kunye nabaxhasikunye Ukulungiswa kwesandla kweefayile zoMmandla, Sishiya kuwe, mhlobo mfundi, ukuba usifunde ngokuthe ngqo I-DNS kunye ne-DHCP kwi-Debian 8 "Jessie", kwaye uyisebenzise kwimeko yakho yokwenyani. Senze zonke iitsheki eziyimfuneko kwaye safumana iziphumo ezanelisayo. Ewe sithumela ikopi yabo bonke I-Fuegian. Ayisayi kubakho!

Iingcebiso

Jikelele

• Fumana umonde omninzi ngaphambi kokuba uqale.
  
• Kuqala faka kwaye uqwalasele ISIBOPHO. Jonga yonke into kwaye ubone zonke iirekhodi ozivakalisileyo kwifayile nganye yeendawo ezintathu okanye ezingaphezulu, zombini ezivela kuLawulo olusebenzayo nakwiseva ye-DNS uqobo kwiLinux. Ukuba kunokwenzeka, kumatshini weLinux ongadibaniswanga kwisizinda, yenza imibuzo eyimfuneko ye-DNS kwi-BIND.
  
• Joyina iklayenti yeWindows enedilesi ye-IP emiselweyo kwidomain esele ikho, kwaye uphinde ujonge zonke iisetingi ze-BIND kumxhasi weWindows.
• Emva kokuba uqinisekile ngokungathandabuzekiyo ukuba ubumbeko lwe-BIND yakho entsha ichanekile ngokugqibeleleyo, qiniseka ukufaka, ukumisela kunye nokuqala inkonzo ye-DHCP.
• Kwimeko yeempazamo, phinda yonke inkqubo ukusuka kwi-zero 0.
• Lumka ikopi kwaye uncamathisele! kunye nezithuba ezisele kumgca ngamnye weefayile ezinamagama.conf.xxxx
  
• Emva koko, akazange akhalaze-ngakumbi kumhlobo wam u-Fuegian-ukuba akazange acetyiswe ngokufanelekileyo.

Ezinye iingcebiso

• Yahlulahlula kwaye woyise.
• Kwinethiwekhi ye-SME kukhuselekile kwaye kuluncedo ngakumbi ukufaka i-BIT egunyazisiweyo yeZones zangaphakathi ze-LAN ezingabuyeli nakweyiphi na ingcambu iseva: ukuphindaphinda akukho;.
• Kwinethiwekhi yeSME ebekwe phantsi koMboneleli woFikelelo kwi-Intanethi- ISP, mhlawumbi iinkonzo proxy y SMTP kufuneka basombulule amagama ezizinda kwi-Intanethi. Yena Isikwati Unokhetho lokubhengeza i-DNS yakho ngaphandle okanye hayi, ngelixa ukwiseva yeposi esekwe kwi Iposi o MDaemon® Singabhengeza kwakhona iiseva ze-DNS esiza kuzisebenzisa kuloo nkonzo. Kwiimeko ezinje, oko kukuthi, iimeko ezinganikezeli ngeenkonzo kwi-Intanethi kwaye ziphantsi kwe- Umboneleli weNkonzo yeeInternet, unokufaka i-BIND nge Abaphambili esalatha kwi-DNS ISP, Kwaye ubhengeze njenge-DNS yesibini kwiiseva ezifuna ukusombulula imibuzo yangaphandle kwi-LAN, kungenjalo kunokwenzeka ukuyichaza kwiifayile zazo zoqwalaselo.
• Ukuba unommandla oGunyazisiweyo phantsi koxanduva lwakho lonkeEmva koko enye inkuku ilila:
  • Faka iseva ye-DNS esekwe kwi I-NSD, Eligunyazisiweyo iseva ye-DNS ngokwenkcazo, ephendula imibuzo evela kwiikhompyuter kwi-Intanethi. Ngolunye ulwazi ukufaneleka ukubonisa nsd. Nceda uyikhusele kakuhle nangodonga lomlilo kangangoko kufuneka. Zombini izixhobo zekhompyutha kunye nesoftware. Iya kuba yi-DNS kwi-Intanethi, kwaye «ubuso»Kufuneka singayiniki ngeebhulukhwe ezisezantsi. 😉
  • Njengoko ndingazange ndizibone kwimeko enje, oko kukuthi, ndinoxanduva ngokupheleleyo kwiNdawo eNikezelweyo, kuya kufuneka ndicinge kakuhle ukuba mandithini ukucebisa ukusonjululwa kwamagama wesizinda ngaphandle kweLAN yethu yeenkonzo eziyifunayo. Abaxhasi beeNethiwekhi zeSME abayifuni ngokwenene. Qhakamshelana noncwadi olukhethekileyo, okanye ingcali kwezi zifundo, kuba ndikude ukuba ndingomnye wazo. Ngokukrakra.
  • Ukuphindaphinda akukho kwiiseva zoGunyaziwe. Kulungile?. Kwimeko apho umntu othile ecinga ukuyenza NGOKUBOPHA.
• Nangona sichaza ngokucacileyo kwifayile /etc/dhcp/dhcpd.conf isibhengezo ungaluhoyi uhlaziyo lwabaxhasi;, ukuba siqhuba kwikhompyuter yekhonsoli ednlinux.mordor.fan iodolo Ijenali-f, Siza kubona ukuba xa uqala umxhasi iphumelele7 Sifumana le mpazamo ilandelayo:

  • Feb 12 16:55:41 dnslinux ogama [900]: umxhasi 10.10.10.30 # 58762: hlaziya 'mordor.fan/IN' uyaliwe
    Feb 12 16:55:42 dnslinux ogama [900]: umxhasi 10.10.10.30 # 49763: hlaziya 'mordor.fan/IN' uyaliwe
    Feb 12 16:56:23 dnslinux ogama [900]: umxhasi 10.10.10.30 # 63161: hlaziya 'mordor.fan/IN' uyaliwe
    

  • Ukuphelisa le miyalezo, kufuneka siye kukhetho olusebenzayo loqwalaselo lwekhadi lenethiwekhi kwaye ungakhangeli ukhetho «Bhalisa ezi dilesi zonxibelelwano kwi-DNS«. Oko kuyakuthintela umthengi ekuzameni ukubhalisa kwi-Linux DNS ngonaphakade kunye nokuphela kwengxaki. Uxolo, kodwa andinayo ikopi yeWindows 7 ngesiSpanish. 😉
• Ukufumana malunga nayo yonke imibuzo enzulu-kunye nephambeneyo eyenziwa ngumthengi yeWindows 7, jonga Imibuzo yelog ukuba into siyibhengeza kulwakhiwo lwe-BIND. Umyalelo uya kuba:

  • ingcambu @ dnslinux: ~ # umsila -f /var/log/named/queries.log

• Ukuba awuvumeli iikhompyuter zakho ukuba zixhume ngqo kwi-Intanethi, kutheni ufuna iiseva ze-DNS? Oku kuya kunciphisa kakhulu imveliso yomyalelo Ijenali-f Ukusuka kweyangaphambili, ukuba iseva yakho enegunya ye-DNS yeZones zangaphakathi ayinxibelelani ngqo kwi-Intanethi, ekucetyiswa kakhulu kuyo ukusuka kwindawo yokhuseleko.

  ingcambu @ dnslinux: ~ # cp /etc/bind/db.root /etc/bind/db.root.original
  ingcambu @ dnslinux: ~ # cp / dev / null /etc/bind/db.root

• Ukuba awudingi kubhengezwa kweengcambu ze-server, kutheni le nto ufuna ukuphinda ubuye - Ukuphindaphinda?

  ingcambu @ dnslinux: ~ # nano /etc/bind/named.conf.options
  ukhetho {
   ....
   ukuphindaphinda akukho;
   ....
  };

Ingcebiso ekhethekileyo endingekacaci ncam ngayo

El umntu dhcpd.conf Isixelela oku kulandelayo phakathi kwezinto ezininzi- ezininzi- ezinye izinto:

        Isiteyitimenti sokwenza ngcono uhlaziyo

            uhlaziyo-ulungiso lweflegi;

            Ukuba iparameter yokulungiselela ukuhlaziywa ayiyonyani kumthengi onikiweyo, iseva iya kuzama uhlaziyo lwe-DNS lwalo mthengi ngalo lonke ixesha umthengi ehlaziya ukuqeshisa kwakhe, kunokuba azame nje uhlaziyo xa kubonakala ngathi luyimfuneko. Oku kuyakuvumela i-DNS ukuba iphilise kwizikhombisi zolwazi ngokulula, kodwa iindleko kukuba iseva ye-DHCP kufuneka yenze uhlaziyo oluninzi lwe-DNS. Sincoma ukuba sifunde olu khetho lwenziwe ukuba lube lolungagqibekanga. Olu khetho luchaphazela kuphela indlela yokuziphatha kweskimu sohlaziyo lwe-DNS, kwaye alunampembelelo kwisikimu sokuhlaziya i-DNS. Ukuba le parameter ayichazwanga, okanye iyinyani, umncedisi we-DHCP uya kuhlaziya kuphela xa ulwazi lomthengi lutshintsha, umthengi ufumana ingqeshiso eyahlukileyo, okanye ingqeshiso yomthengi iphela.

Ukutolikwa okanye ukutolikwa ngokuthe ngqo okanye okungaphantsi kushiyelwe kuwe, mfundi othandekayo.

Ngokwam, yenzekile kum-kwaye yenzekile ngexesha lokwenziwa kweli nqaku- ukuba xa ndidibanisa i-BIND kwi-Active Directory®, ivela kwi-Microsft® okanye i-Samba 4, ukuba nditshintsha igama lekhompyuter yomthengi ebhaliswe kwi i-Active Directory® domain okanye ye I-AD-DC ye-Samba 4, igcina igama layo elidala kunye nedilesi ye-IP kwiNdawo ngqo, hayi enye indlela ejikeleze yona, ehlaziywa ngokuchanekileyo ngegama elitsha. Ngamanye amagama, amagama amadala kunye namatsha abhalwe kwimephu enye ye-IP kwi-Direct Zone, ngelixa libuyela umva kuphela igama elitsha. Ukuze undiqonde kakuhle, kufuneka uzame ngokwakho.

Ndicinga ukuba luhlobo lokuziphindezela I-Fuegian -hayi kum, nceda- ngokuzama ukufudusa iinkonzo zakho ziye kwiLinux.

Ewe igama elidala liya kunyamalala xa I-TTL 3600, okanye ixesha esilibhengezileyo kuqwalaselo lwe-DHCP. Kodwa sifuna inyamalale kwangoko njengoko isenzeka kwi-BIND + DHCP ngaphandle kwesikhombisi esisebenzayo nge.

Isisombululo kule meko ndisifumene ngokufaka ingxelo uhlaziyo-ulungiso lobuxoki; Ekupheleni komphezulu wefayile /etc/dhcp/dhcpd.conf:

I-ddns-uhlaziyo-lwendlela yethutyana; uhlaziyo lwe-ddns kwi; ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; ungaluhoyi uhlaziyo lwabaxhasi;
uhlaziyo-ulungiso lobuxoki;

Ukuba kukho uMfundi osazi ngakumbi ngayo, nceda undikhanyisele. Ndiyayixabisa kakhulu.

Isishwankathelo

Siye sonwaba kakhulu ngesihloko, akunjalo? Akukho kubandezeleka ngenxa yokuba SINESIBOPHO esisebenza njengeseva ye-DNS kwinethiwekhi kaMicrosoft®, enikezela zonke iirekhodi ze-SRV kwaye iphendula ngokufanelekileyo kwimibuzo ye-DNS eyenziwe kubo. Kwelinye icala sineseva ye-DHCP enika iidilesi ze-IP kunye nokuhlaziya ngokunamandla iZowuni ze-BIND ngokuchanekileyo.

Kodwa asinakho ukubuza ... okomzuzwana.

Ndiyathemba mhlobo wam I-Fuegian Yonwaba kwaye waneliseke linyathelo lokuqala lokufudukela kwakho kwiLinux ukwenza iindleko ezinganyamezelekiyo zeMicrosft® yeNkxaso yeNkxaso yezobuGcisa.

Inqaku elibalulekileyo

Uphawu "I-Fuegian»Yintsomi kwaphela kwaye iyimveliso yokucinga kwam. Nakuphi na ukufana okanye ukungangqinelani nabantu bokwenyani yinto enye: Ukuzibandakanya ngokungazenzisiyo kwinqanaba lam. Ndiyenzile nje ukuba ndibhale kwaye ndifunde eli nqaku ndikonwabele. Ngoku ukuba ungandixelela ukuba umba we-DNS umnyama. 😉