Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo
Molweni bahlobo!. Emva kwesibini samanqaku angaphambili kwi Domain Name System kunye Iprogram yokuQinisekisa iMicrosoft ipapashwe kwi «I-DNS kunye ne-DHCP kwi-openSUSE 13.2 'Harlequin'" kwaye "I-DNS kunye ne-DHCP kwi-CentOS 7«, zombini ukusuka kuthotho Iinethiwekhi zeSME, kufuneka siqwalasele ezi nkonzo kwiDebian.
Siphinda ukuba isiqalo esihle sokufunda malunga neengcamango zethiyori ye-DNS kunye ne-DHCP yi-Wikipedia.
Ukufaka inkqubo yokusebenza
Siza kuqala ngofakelo olusisiseko lomncedisi ngeDebian 8 "Jessie" inkqubo yokusebenza ngaphandle kokufaka nayiphi na imeko yegraphical okanye enye inkqubo. Umatshini wenyani kunye ne-512 MB ye-RAM kunye ne-20 GB hard drive ingaphezulu kokwaneleyo.
Ngexesha lenkqubo yofakelo-ngokukhethekileyo kwimowudi yombhalo- kwaye ngokulandela ulandelelwano lwezikrini sikhethe ezi parameters zilandelayo:
- ULwimi: IsiSpanish – iSpanish
- Ilizwe, ummandla okanye indawo: EU.S
- Imephu yekhibhodi enokusetyenziswa: IsiNgesi saseMelika
- Qwalasela inethiwekhi ngesandla:
- Idilesi ye-IP: 192.168.10.5
- Imaski yomnatha: 255.255.255.0
- Isango: 192.168.10.1
- Iidilesi ze-Nameserver: 127.0.0.1
- Igama lomatshini: dns
- Igama lommandla: desdelinux.umlandeli
- Igama eligqithisiweyo lomsebenzisi: YourPassword (emva koko ucela isiqinisekiso)
- Igama elipheleleyo lomsebenzisi omtsha: Debian First OS Buzz
- Igama lomsebenzisi le-akhawunti: buzz
- Khetha igama lokugqithisa lomsebenzisi omtsha: YourPassword (emva koko ucela isiqinisekiso)
- Khetha ixesha lakho: Bucala ngasekhohlo
- Indlela yokwahlulahlula: Ikhokelwe – sebenzisa idiski yonke
- Khetha idiski ukuya kulwahlulo: IDiski eyi-Virtual 1 (vda) - 21.5 GB Virto Block Device
- Iskimu sokwahlula-hlula: Zonke iifayile kwisahlulelo esinye (zinconyelwe abaqalayo).
- Gqibezela ukwahlula kwaye ubhale utshintsho kwidiski
- Ngaba uyafuna ukubhala utshintsho kwiidiski?
- Ngaba uyafuna ukuhlalutya enye iCD okanye iDVD?:
- Ngaba uyafuna ukusebenzisa ikopi ye-red?:
- Ngaba uyafuna ukuthatha inxaxheba kuphando lokusetyenziswa kwephakheji?:
- Khetha iinkqubo oza kuzihlohla:
[ ] Debian desktop bume
[*] Izinto eziluncedo zesistim
- Ngaba uyafuna ukufakela i-GRUB isilayidi sokuqala kwirekhodi engundoqo yokuqalisa?
- /dev/vda
- "Ufakelo lugqityiwe":
Ngokombono wam othobekileyo, ukufaka iDebian kulula. Kufuneka uphendule kuphela imibuzo ngeendlela ezichazwe kwangaphambili kunye nolunye ulwazi. Ndide ndibe nobuganga bokuthi kulula ukulandela amanyathelo angaphambili kunokusebenzisa ividiyo, umzekelo. Xa ndifunda andiphulukani neconcentration. Omnye umba kukubukela, ukufunda, ukutolika, nokubuyela umva naphambili kwividiyo, xa ndikhumbula okanye ndingayiqondi intsingiselo ethile ebalulekileyo. Iphepha elibhalwe ngesandla, okanye ifayile yombhalo ocacileyo ekhutshelwe kwiselfowuni yakho, iya kusebenza ngokugqibeleleyo njengesikhokelo esisebenzayo.
Useto lokuqala
Emva kokugqiba ukufakela okusisiseko kunye nokuqalisa ngokutsha, siqhubeka nokubhengeza iiNdawo zogcino lweNkqubo.
Xa uhlela ifayile imithombo yolwazi, siphawula onke amangeno akhoyo ngokungagqibekanga kuba siza kusebenza kuphela ngogcino lwasekuhlaleni. Umxholo wokugqibela wefayile - ngaphandle kwemigca ephawulweyo - iya kuba:
ingcambu@dns:~# nano /etc/apt/sources.list deb http://192.168.10.1/repos/jessie/debian/ jessie main contrib deb http://192.168.10.1/repos/jessie/debian-security/ jessie/updates main contrib
Sihlaziya inkqubo
ingcambu @ dns:~# uhlaziyo lokufaneleka ingcambu @ dns:~# uphuculo lobuchule ingcambu @ dns:~# qala kwakhona
Sifaka i-SSH ukufikelela ukude
ingcambu @ dns:~# Ubuchule bokufaka i-ssh
Ukuvumela umsebenzisi ukuba aqale iseshoni ekude nge-SSH Ingcambu -ukusuka kwi-LAN yeShishini kuphela- silungisa ifayile yayo yoqwalaselo:
ingcambu @ dns:~# nano /etc/ssh/sshd_config .... PermitRootLogin ewe .... ingcambu@dns:~# systemctl qala kwakhona ssh.service ingcambu@dns:~# systemctl ubume be-ssh.service
Singena ukude nge-SSH kwi "dns" kumatshini "sysadmin":
buzz@sysadmin:~$ rm .ssh/known_hosts buzz@sysadmin:~$ ssh root@192.168.10.5 ... ingcambu@192.168.10.5's password: ... root@dns:~#
Iifayile zoqwalaselo eziphambili
Iifayile zoqwalaselo lwenkqubo ephambili ziya kuba ngokokhetho lwethu ngexesha lofakelo:
ingcambu@dns:~# ikati /etc/hosts 127.0.0.1 localhost 192.168.10.5 dns.desdelinux.fan dns # Le migca ilandelayo iyanqweneleka kwi-IPv6 iinginginya ezikwaziyo ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ingcambu@dns:~# ikati /etc/resolv.conf ukufuna desdelinux.iseva yegama lomlandeli 127.0.0.1 ingcambu@dns:~# igama lomamkeli dns ingcambu@dns:~# igama lomamkeli -f dns.desdelinux.umlandeli ingcambu@dns:~# ikati /etc/network/interfaces # Le fayile ichaza unxibelelwano lwenethiwekhi olukhoyo kwindlela yakho # kunye nendlela yokuyenza isebenze. Ngolwazi oluthe vetshe, jonga ujongano (5). umthombo /etc/network/interfaces.d/* # I-loopback network interface auto lo iface lo inet loopback # Ujongano olusisiseko lwenethiwekhi luvumela-hotplug eth0 iface eth0 inet idilesi engatshintshiyo 192.168.10.5 netmask 255.255.255.0 inethiwekhi 192.168.10.0. 192.168.10.255 isango 192.168.10.1 # dns-* iinketho ziphunyezwe ngepakethe ye-resolvconf, ukuba ifakelwe i-dns-nameservers 127.0.0.1 dns-search desdelinux.umlandeli
Sifaka iiphakheji zamava aphezulu
ingcambu @ dns: ~ # ubuchule bokufaka i-htop mc deborphan
Ukucoca iipakethe ezikhutshelweyo ukuba zikhona
ingcambu @ dns:~# ukufaneleka kokufaka -f ingcambu @ dns:~# i-aptitude purge ~c ingcambu @ dns:~# i-aptitude ecocekileyo ingcambu@dns:~# i-aptitude autoclean
Sifaka i-BIND9
- PHAMBI kokufaka BIND sincoma kakhulu ndwendwela iphepha Iindidi zerekhodi ze-DNS kwiWikipedia, zombini kwiinguqulelo zayo zeSpanish nesiNgesi. Ezi ntlobo zeerekhodi zizona esiya kuzisebenzisa ekucwangcisweni kweefayile zeMimandla, zombini ngokuNgqo kunye nokuBuyisa. Kufundisa kakhulu ukwazi into esijongene nayo.
- Kwakhona sicebisa funda oku kulandelayo Isicelo seComment RFC -Izicelo zezimvo, ezinxulumene ngokusondeleyo nokusebenza okunempilo kwenkonzo ye-DNS, ngakumbi ngokubhekiselele kwiRecursion kwi-Root Servers:
- RFCs 1912, 5735, 6303, kunye ne-BCP 32: enxulumene ne localhost
- RFCs 1912, 6303: Indawo yesimbo ye-IPv6 idilesi yendawo yokuhlala
- RFCs 1912, 5735 kunye 6303: enxulumene neNethiwekhi yeNdawo - "Le" Network
- RFCs 1918, 5735 kunye 6303: IiNethiwekhi zokuSetyenziswa kwaBucala
- RFC 6598: Isithuba seedilesi ekwabelwana ngaso
- RFCs 3927, 5735 kunye 6303: Ikhonkco-yasekuhlaleni/APIPA
- RFCs 5735 kunye 5736: Izabelo zeprotocol yobuNjineli boMsebenzi we-Intanethi
- RFCs 5735, 5737 kunye 6303: UVAVANYO-NET-[1-3] kuxwebhu
- RFCs 3849 kunye 6303: IPv6 Umzekelo Uluhlu loxwebhu
- BCP32: Amagama eDomain kuXwebhu kunye noVavanyo
- RFCs 2544 kunye 5735: UVavanyo lweBenchmark yeRouter
- RFC 5735: IANA iGciniwe – iSithuba seClass E esiDala
- RFC 4291: IPv6 Iidilesi ezingabiwanga
- RFCs 4193 kunye 6303: IPv6 ULA
- RFCs 4291 kunye 6303: IPv6 Link Local
- I-RFCs 3879 kunye ne-6303: IPv6 Iidilesi Ezichithiweyo zeSiza-zeNdawo
- RFC 4159: IP6.INT Ihoxisiwe
Ukufakwa
ingcambu@dns:~# ukhangelo lobuchule bopha9 p bind9 - Iseva yeDomain ye-Intanethi ye-Intanethi p bind9-doc - Uxwebhu lwe-BIND i-bind9-host - Uguqulelo lwe-'host' edityaniswe ne-BIND 9.X p bind9utils - Izinto eziluncedo ze-BIND p gforge-dns-bind9 - isixhobo sophuhliso lwentsebenziswano - ulawulo lweDNS (usebenzisa i-Bind9) i A libbind9-90 - BIND9 iThala leeNcwadi eKwabelwana ngalo elisetyenziswa yi-BIND
Zama ukubaleka ukukhangela ubuchule ~dbind9
ingcambu @ dns: ~ # ubuchule bokufaka i-bind9 ingcambu@dns:~# systemctl qala kwakhona bind9.service ingcambu@dns:~# systemctl ubume bind9.service ● bind9.service - BIND Domain Name Server Ilayishiwe: ilayishiwe (/lib/systemd/system/bind9.service; inikwe amandla) UkuLahla-ngaphakathi: /run/systemd/generator/bind9.service.d └─50-insserv.conf-$named.conf Esebenzayo: esebenzayo (esebenzayo) ukusukela Fri 2017-02-03 10:33:11 EST; 1s eyadlulayo Amaxwebhu: indoda: egama (8) Inkqubo: 1460 ExecStop=/usr/sbin/rndc stop (ikhowudi=iphumile, isimo=0/SUCCESS) Eyona PID: 1465 (igama) CGroup: /system.slice/bind9.service └─1465 /usr/sbin/igama -f -u bopha Feb 03 10:33:11 dns igama[1465]: indawo engenanto ngokuzenzekelayo: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns igama[1465]: umyalelo isitishi ukumamela 127.0.0.1#953 Feb 03 10:33:11 dns igama[1465]: umyalelo isitishi ukumamela ::1#953 Feb 03 10:33:11 dns igama[1465]: -indawo yezitshixo: elayishiweyo isiriyali 2 Feb 03 10:33:11 dns enegama[1465]: indawo 0.in-addr.arpa/IN: elayishiweyo isiriyeli 1 Feb 03 10:33:11 dns egama lingu[1465]: indawo yendawo yokusingatha /IN: elayishiweyo i-serial 2 Feb 03 10:33:11 dns ebizwa ngegama[1465]: indawo 127.in-addr.arpa/IN: elayishiweyo i-serial 1 Feb 03 10:33:11 dns egama lingu[1465]: indawo 255.in -addr.arpa/IN: elayishiweyo isiriyeli 1 Feb 03 10:33:11 dns ethiwe igama[1465]: zonke iindawo zilayishiwe Feb 03 10:33:11 dns ezithiwe thaca[1465]: Ingcebiso esebenzayo: Eminye imigca yenziwe ngeellipsed, sebenzisa -l ukubonisa ngokupheleleyo.
Iifayile zoqwalaselo ezifakwe yi-BIND9
Ngokwahlukileyo kancinane kunokuqwalasela inkonzo ye-DNS kwi-CentOS kunye ne-openSUSE, kwiDebian ezi fayile zilandelayo zenziwe kulawulo. / njl / bopha:
ingcambu @ dns:~# ls -l /etc/bind/ iyonke 52 -rw-r-r-- 1 ingcambu ingcambu 2389 Jun 30 2015 bind.izitshixo -rw-r--r- 1 ingcambu ingcambu 237 Jun 30 2015 db.0 -rw-r--r- 1 ingcambu ingcambu 271 Jun 30 2015 db.127 -rw-r--r-- 1 ingcambu ingcambu 237 Jun 30 2015 db.255 -rw-r--r-- 1 ingcambu ingcambu 353 Jun 30 2015 db.engenanto -rw- r-r-- 1 ingcambu ingcambu 270 Jun 30 2015 db.local -rw-r--r- 1 ingcambu ingcambu 3048 Jun 30 2015 db.root -rw-r-r- 1 ingcambu ibophe 463 Jun 30 2015 igama.conf -rw-r--r-- 1 ingcambu bopha 490 Jun 30 2015 ebizwa.conf.default-zones -rw-r--r-- 1 ingcambu ibophe 165 Jun 30 2015 ebizwa.conf.local -rw -r--r-- ingcambu e-1 idibanisa 890 Feb 3 10:32 inikwe igama.conf.options -rw-r----- 1 bind bind 77 Feb 3 10:32 rndc.key -rw-r--r- - 1 ingcambu ingcambu 1317 Jun 30 2015 iindawo.rfc1918
Zonke ezi fayile zingentla zikumbhalo ongenanto. Ukuba sifuna ukwazi intsingiselo kunye nomxholo wayo nganye yazo, sinokuyenza sisebenzisa imiyalelo Ngaphantsi o cat, olu luqheliselo oluhle.
Amaxwebhu akhaphayo
Kwincwadi yeedilesi /usr/share/doc/bind9 siza kuba:
ingcambu@dns:~# ls -l /usr/share/doc/bind9 iyonke 56 -rw-r-r-- 1 ingcambu ingcambu 5927 Jun 30 2015 copyright -rw-r--r-- 1 ingcambu ingcambu 19428 Jun 30 2015 changelog.Debian.gz -rw-r--r-- 1 ingcambu ingcambu 11790 Jan 27 2014 FAQ.gz -rw-r--r-- 1 ingcambu ingcambu 396 Jun 30 2015 NEWS.Debian.gz -rw-r--r-- 1 ingcambu ingcambu 3362 Jun 30 2015 README.Debian. gz -rw-r-r-- 1 ingcambu ingcambu 5840 Jan 27 2014 README.gz
Kumaxwebhu angaphambili siya kufumana i-Abundant Study Material esicebisa ukuba siyifunde PHAMBI kokumisela i-BIND, naPHAMBI kokukhangela i-Intanethi amanqaku anxulumene ne-BIND kunye ne-DNS ngokubanzi.. Masifunde umxholo wezinye zezo fayile:
FAQs o Frhoqo ASked Qimibuzo malunga ne-BOND 9
- Imibuzo yokuHlanganisa nokuFakela – Ukuqulunqa kunye noFakelo lwemibuzo
- Uqwalaselo kunye neMibuzo yokuSeta -Imibuzo malunga noqwalaselo kunye nohlengahlengiso
- Imibuzo yeMisebenzi – Imibuzo malunga nokuSebenza
- Imibuzo Jikelele - Imibuzo ngokubanzi
- Imibuzo ethile yeNkqubo yokuSebenza – Imibuzo ethile malunga neNkqubo yokuSebenza nganye
- HPUX
- Linux
- Windows
- FreeBSD
- Solaris
- I-Apple Mac OS X
IINDABA.Debian.gz
IINDABA.Debian Isixelela ngesishwankathelo ukuba iiparamitha vumela-umbuzo-cache y vumela-ukuphindaphinda zenziwe ngokungagqibekanga kwii-ACL ezakhelwe kwi-BIND -eyakhelwe ngaphakathi- 'iminatha yasekuhlaleni'kwaye'localhost'. Ikwasixelela ukuba utshintsho olungagqibekanga lwenziwa ukwenza iiseva ze-cache zibe nomtsalane kuhlaselo olulunya. Ukufafaza ukusuka kuthungelwano lwangaphandle.
Ukujonga oko kubhaliweyo kumhlathi odlulileyo, ukuba uvela kumatshini kuthungelwano ngokwalo 192.168.10.0/24 eyona kumzekelo wethu, senza isicelo se-DNS kwisizinda desdelinux.net, kwaye kwangaxeshanye kumncedisi ngokwawo dns.desdelinux.umlandeli senza umsila -f / var / log / syslog Siza kufumana oku kulandelayo:
buzz@sysadmin:~$ dig localhost .... ;; KHETHA UKUTHETHA:; EDNS: uguqulelo: 0, iiflegi:; udp: 4096 ;; ICANDELO LOMBUZO: ;localhost. KWI ;; ICANDELO LEMPENDULO: localhost. 604800 KWI-A 127.0.0.1 ;; ICANDELO LEGUNYA: ihostela yendawo. 604800 IN NS localhost. ; ICANDELO OLONGEZELELWEYO: i-localhost. 604800 KWI-AAAA ::1 buzz@sysadmin:~$ dig desdelinux.net .... ; KHETHA UKUTHETHA:; EDNS: uguqulelo: 0, iiflegi:; udp: 4096 ;; ICANDELO LOMBUZO:;desdelinux.net. KWI ....
ingcambu @ dns:~# umsila -f /var/log/syslog .... Feb 4 13:04:31 dns enegama[1602]: impazamo (inethiwekhi ayifikeleleki) iyasonjululwa 'desdelinux.net/A/IN': 2001:7fd::1#53 Feb 4 13:04:31 dns enegama[1602]: impazamo (inethiwekhi ayifikeleleki) iyasonjululwa 'desdelinux.net/A/IN': 2001:503:c27::2:30#53 ....
Iziphumo ze syslog inde kakhulu ngenxa ye-BIND yokukhangela abancedisi beengcambu. Ngokuqinisekileyo ifayile /etc/resolv.conf kwiqela sysadmin.desdelinux.umlandeli ikhomba kwi-DNS 192.168.10.5.
Ukususela ekuphunyezweni kwemiyalelo yangaphambili sinokufikelela kwizigqibo ezininzi kuqala:
- I-BIND iqwalaselwe ngokungagqibekanga njengomncedisi weCache osebenzayo ngaphandle kwesidingo soqwalaselo olungaphaya, kwaye iphendula imibuzo yeDNS ye iminatha yasekuhlaleni kunye localhost
- Ukuphindaphinda- Ukuphindaphinda yenziwe ukuba iminatha yasekuhlaleni kunye localhost
- Ayikabi ngumncedisi ogunyazisiweyo
- Ngokungafaniyo ne-CentOS, apho kwafuneka sibhengeze ipharamitha «mamela-kwizibuko 53 { 127.0.0.1; 192.168.10.5; };» ngokucacileyo ukuze imamele izicelo ze-DNS kujongano lwenethiwekhi 192.168.10.5 ye DNS ngokwayo, kwiDebian akuyomfuneko kuba ixhasa izicelo zeDNS ze iminatha yasekuhlaleni kunye localhost ukungagqibeki. Phonononga umxholo wefayile /etc/bind/named.conf.options kwaye uya kubona ukuba akukho sibhengezo mamela-on.
- Imibuzo ye-IPv4 kunye ne-IPv6 yenziwe yasebenza
Ukuba ngokufunda nje nokutolika - itoti njengoko sithetha eCuba - ifayile IINDABA.Debian.gz Sifikelele kwizigqibo ezinomdla ezisivumela ukuba sifunde ngakumbi malunga neFilosofi yoLungiselelo lweQela leDebian malunga ne-BIND Yeyiphi eminye imiba enomdla esinokuyifunda ngokuqhubeka sifunda iifayile zoxwebhu olukhaphayo?.
FUNDA.Debian.gz
FUNDA.Debian iyasazisa - phakathi kweminye imiba emininzi - ukuba Izandiso zokhuseleko zeNkqubo yeGama leDomain - Izandiso zoKhuseleko lweSixokelelwano seGama leDomain o DNSSEC, yenziwe; kwaye iqinisekisa ukuba uqwalaselo olungagqibekanga lusebenza kuninzi lweeseva (abancedisi bamagqabi - abancedisi bamagqabi ebhekisa kumagqabi omthi wesizinda) ngaphandle kwesidingo sokungenelela komsebenzisi.
- DNSSEC ngokutsho kweWikipedia: Izandiso zoKhuseleko lweSistim yegama leDomain, okanye i-DNSSEC, yiseti yeenkcukacha ezisuka kwi-Internet Engineering Task Force (IETF) ukukhusela iintlobo ezithile zolwazi olunikezwa yinkqubo yegama igama lesizinda (DNS) elisetyenziswe kwiProtocol ye-Intanethi (IP). Olu luhlu lwezandiso kwi-DNS ezibonelela ngabaxhasi be-DNS (okanye abasombululi) ngemvelaphi yedatha ye-DNS ungqinisiso, ukukhanyelwa okungqiniweyo kobukho bedata kunye nemfezeko, kodwa ubukho okanye ubumfihlo.
Malunga nalo Inkqubo yoqwalaselo isixelela ukuba zonke iiFayile zoLungiselelo lweStatic, iiFayile zeZowuni zeeSeva zeeNgcambu, kunye neMimandla eNgqo kunye neReverse ye localhost bangena / njl / bopha.
Uluhlu oluSebenzayo lweDemon ogama es / var / cache / ukubopha ukuze nayiphi na ifayile yexeshana eyenziwe yi ogama njengoovimba beenkcukacha esebenza kubo njengoMncedisi wekhoboka, zibhalwe kwiNkqubo yeFayile / var, apho bahlala khona.
Ngokungafaniyo neenguqulelo zangaphambili ze-BIND iphakheji ye-Debian, i igama.conf kunye db.* zinikezelwe, zibhalwe njengefayile zoqwalaselo. Ke ukuba sifuna iseva ye-DNS esebenza ikakhulu njengeSeva yeCache kwaye ayiGunyaziwe nakubani na, sinokuyisebenzisa njengoko ifakiwe kwaye iqwalaselwe ngokungagqibekanga.
Ukuba ufuna ukuphumeza i-DNS egunyazisiweyo, bacebisa ngokubeka iifayile zoMmandla woMmandla kulawulo olufanayo. / njl / bopha. Ukuba ubunzima beendawo apho i ogama Ukuba iGunyaziwe liyayifuna, sicebisa ukwenza ulwakhiwo loluhlu olungaphantsi, ireferensi yeefayile zone ngokupheleleyo kwifayile. igama.conf.
Nayiphi na iFayile yoMmandla apho i ogama sebenza njengeSeva yekhoboka kufuneka ibekwe kuyo / var / cache / ukubopha.
IiFayile zeZowuni ziphantsi koHlaziyo oluNgqobileyo ngeDHCP okanye umyalelo uhlaziyo, kufuneka igcinwe ngaphakathi / var / lib / ukubopha.
Ukuba inkqubo yokusebenza isebenzisa izixhobo, inkangeleko efakiweyo isebenza kuphela ngoqwalaselo olungagqibekanga lwe-BIND. Utshintsho olulandelayo kuqwalaselo lwe ogama Basenokufuna utshintsho kwiprofayile ye-armor. NONE https://wiki.ubuntu.com/DebuggingApparmor phambi kokugcwalisa uxwebhu olutyhola a bug kuloo nkonzo.
Kukho imiba emininzi enxulumene nokuqhuba i-Debian BIND kwiChroot Cage - ejele chroot. Ndwendwela http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html ngolwazi olungakumbi.
Olunye ulwazi
indoda egama lingu, indoda egama lingu.conf, indoda enegama-checkconf, indoda enegama-checkzone, indoda rndc, njalo njalo
ingcambu@dns:~# igama -v BIND 9.9.5-9+deb8u1-Debian (Uguqulelo lweNkxaso eyandisiweyo) ingcambu@dns:~# igama -V BIND 9.9.5-9+deb8u1-Debian (Uguqulelo lweNkxaso eyandisiweyo) yakhiwe ngokwenza nge '--prefix=/usr' '--mandir=/usr/share/man' \ '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' \ '- -localstatedir=/var' '--vula-imisonto-yenza' '--vula-ifayile-enkulu' \ '--nge-libtool' '-yenza-ekwabelwana ngayo' '--vula-i-static' \ '--nge-openssl= /usr' '--nge-gssapi=/usr' '--with-gnu-ld' \ '--with-geoip=/usr' '--with-atf=no' '--enable-ipv9' ' --vula-i-rrl' \ '--vula-isihluzi-yyyy' \ 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O8' iqulunqwe yi-GCC 50 isebenzisa inguqulelo ye-OpenSSL : OpenSSL 6k 2 Jan 4.9.2 usebenzisa i-libxml1.0.1 version: 8 ingcambu@dns:~# ps -e | grep igama 408 ? 00:00:00 igama ingcambu@dns:~# ps -e | grep bopha 339 ? 00:00:00 i-rpcbind ingcambu@dns:~# ps -e | grep bind9 ingcambu @ dns:~# ingcambu @ dns:~# ls /var/run/named/ igama.pid session.key ingcambu@dns:~# ls -l /var/run/named/named.pid -rw-r--r-- 1 bind bind 4 Feb 4 13:20 /var/run/named/named.pid ingcambu@dns:~# rndc ubume inguqulo: 9.9.5-9+deb8u1-Debian I-CPUs zifunyenwe: 9 imisonto yabasebenzi: 8 Umphulaphuli we-UDP kwi-interface nganye: 50 inani lezowuni: 1 inqanaba lokulungisa: 1 xfers esebenzayo: 1 xfers irhoxisiwe: 100 imibuzo yesoa iyaqhubeka: 0 umbuzo wokuloga KUVALIWE abaxhasi abaphindaphindayo: 0/0/0 tcp abathengi: 0/0 umncedisi uphezulu kwaye uyasebenza
- Ukubaluleka kokubonisana noXwebhu olufakwe kunye nephakheji ye-BIND9 ayinakuphikiswa. phambi kwayo nayiphi na enye.
bind9-uxwebhu
ingcambu @ dns: ~ # ubuchule bokufaka i-bind9-doc links2 ingcambu @ dns:~# dpkg -L bind9-doc
Iphakheji bind9-uxwebhu ifakela, phakathi kolunye ulwazi oluluncedo, i-BIND 9 Administrator's Reference Manual Ukufikelela kwincwadana - ngesiNgesi - siphumeza:
ingcambu@dns:~# amakhonkco2 ifayile:///usr/share/doc/bind9-doc/arm/Bv9ARM.html
I-BIND 9 Incwadi yeSikhokelo soMlawuli Copyright (c) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (c) 2000-2003 Internet Software Consortium.
Siyathemba ukuba uyakonwabela ukuyifunda.
- Ngaphandle kokushiya ikhaya, sinoXwebhu olusemthethweni olukwi-Abundant Official malunga ne-BIND kunye nenkonzo ye-DNS ngokubanzi..
Silungiselela i-BIND kwisitayile seDebian
/etc/bind/named.conf "eyona iphambili"
ingcambu@dns:~# nano /etc/bind/named.conf // Le yifayile yoqwalaselo ephambili yomncedisi we BIND DNS onikwe igama. // // Nceda ufunde /usr/share/doc/bind9/README.Debian.gz ngolwazi malunga // ubume beefayile zoqwalaselo ze-BIND kwiDebian, *PHAMBI* kokuba wenze ngokwezifiso // le fayile yoqwalaselo. // // Ukuba wongeza nje iindawo, nceda wenze oko kwi /etc/bind/named.conf.local ziquka "/etc/bind/named.conf.options"; ziquka "/etc/bind/named.conf.local"; ziquka "/etc/bind/named.conf.default-zones";
Ngaba isihloko esihloliweyo sifuna ukuguqulelwa?
/etc/bind/named.conf.options
ingcambu@dns:~# cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original
ingcambu@dns:~# nano /etc/bind/named.conf.options
ukhetho {lawulo "/ var / cache / bind"; // Ukuba kukho i-firewall phakathi kwakho kunye ne-nameservers ofuna // ukuthetha nayo, unokufuna ukulungisa i-firewall ukuvumela amaninzi // amazibuko ukuba athethe. Bona http://www.kb.cert.org/vuls/id/800113 // Ukuba i-ISP yakho ibonelele ngedilesi enye okanye ezingaphezulu ze-IP ze-nameservers ezinzileyo, mhlawumbi ufuna ukuzisebenzisa njengabathumeli. // Uncomment kule bhloko ilandelayo, kwaye faka iidilesi endaweni ka-i-0's yonke isibambi-ndawo. // abathumeli {// 0.0.0.0; //}; // =============================================== ===================== $ // Ukuba BIND ungene kwimilayezo yemposiso malunga nengcambu yesitshixo iphelelwe lixesha, // kuyakufuneka uhlaziye amaqhosha akho. Bona https://www.isc.org/bind-keys // ================================= =================================== $
// Asifuni i-DNSSEC
dnssec-yenza hayi;
//uqinisekiso lwe-dnssec auto;
Author-nxdomain akukho; # Thobela i-RFC1035
// Asifuni ukumamela iidilesi ze-IPv6
// mamela-kwi-v6 {nayiphi na; };
mamela-kwi-v6 {akukho; };
// Ukukhangela kwi-localhost kunye ne-sysadmin
// nge dig desdelinux.fan axfr // Asinayo i-Slave DNS... kude kube ngoku
vumela-ukudlulisa {indawo yangaphakathi; 192.168.10.1; };
};
ingcambu @ dns:~# igama-tsheckconf
ingcambu @ dns:~#
/etc/bind/named.conf.local
Kwisihloko esihloliweyo sale fayile bacebisa ukuquka iZowuni ezibonisiweyo kwi I-RFC-1918 ichazwe kwifayile /etc/bind/zones.rfc1918. Ukufakwa kwezi zowuni ekuhlaleni kubonelela ukuba nawuphi na umbuzo onxulumene nawo awushiyi uthungelwano lwasekhaya kwiiseva zeengcambu, ezinoncedo ezimbini ezibalulekileyo:
- Isisombululo sasekhaya esikhawulezayo kubasebenzisi basekhaya
- Akukho mfuneko - okanye inkohliso - itrafikhi yenziwe ngakwiseva yeengcambu.
Ngokwam, andinalo uqhagamshelo lwe-Intanethi ukuvavanya iRecursion okanye uThumelo. Nangona kunjalo, kwaye ekubeni singakhange singasebenzi iRecursion kwifayile enegama.conf.options -hayi ngokuphindaphinda-singabandakanya iindawo ezikhankanywe ngasentla kunye nezinye endizichaza ngezantsi..
Xa ufaka i-BIND 9.9.7 kwi-FreeBSD 10.0 Operating System, ekwayiyo- kwaye ngengozi - Free Software, ifayile yoqwalaselo. /usr/local/etc/namedb/named.conf.sample Iqulethe lonke uthotho lweendawo ezicebisa ukuba zisebenze ekuhlaleni ukuze -kwakho- ukufumana uncedo olukhankanywe ngasentla.
Ukuze ungalutshintshi uqwalaselo lokuqala lwe-BIND kwiDebian, sicebisa ukwenza ifayile /etc/bind/zones.rfcFreeBSD kwaye uyifake kwi /etc/bind/named.conf.local ngomxholo oboniswe ngezantsi, kunye neendlela - iindlela kwiifayile esele zihlengahlengiswe kwiDebian:
ingcambu@dns:~# nano /etc/bind/zones.rfcFreeBSD
// Indawo yeDilesi ekwaBelwana ngayo (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Ikhonkco-lendawo / i-APIPA (RFCs 3927, 5735 kunye ne-6303)
ummandla "254.169.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// Izabelo ze-IETF protocol (RFCs 5735 kunye no-5736)
ummandla "0.0.192.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// TEST-NET- [1-3] yamaXwebhu (RFCs 5735, 5737 kunye 6303)
ummandla "2.0.192.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "100.51.198.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "113.0.203.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 Umzekelo woRhwebo lwamaXwebhu (RFCs 3849 kunye 6303)
ummandla "8.bd0.1.0.0.2.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// Amagama eDomeyini amaXwebhu noVavanyo (BCP 32)
zone "test" {uhlobo inkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "umzekelo" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "ongasebenziyo" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "example.com" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "example.net" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "example.org" {type master; Ifayile "/etc/bind/db.empty"; };
// Uvavanyo lweBenchmark yoVavanyo (RFCs 2544 kunye no-5735)
ummandla "18.198.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "19.198.in-addr.arpa" {uhlobo inkosi; Ifayile "/etc/bind/db.empty"; };
// IANA igcinwe-indawo yakudala yeklasi e (RFC 5735)
ummandla "240.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "241.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "242.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "243.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "244.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "245.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "246.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "247.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "248.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "249.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "250.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "251.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "252.in-addr.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "253.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "254.in-addr.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; };
// Iidilesi ezingasetyenziswanga ze-IPv6 (RFC 4291)
ummandla "1.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "3.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "5.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "6.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "8.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "9.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "a.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "b.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "c.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "d.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "e.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "0.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "1.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "2.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "3.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "5.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "6.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "8.f.ip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "9.f.ip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "afip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "bfip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "0.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "1.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "2.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "3.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "4.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "5.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "6.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "7.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 kunye 6303)
ummandla "cfip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "dfip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IPv6 Ikhonkco laseKhaya (RFCs 4291 kunye 6303)
ummandla "8.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "9.efip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "aefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "befip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// Iidilesi eziShiyekileyo zeNdawo ye-IPv6 (ii-RFCs 3879 kunye ne6303)
ummandla "cefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "defip6.arpa" {uhlobo lwenkosi; Ifayile "/etc/bind/db.empty"; }; ummandla "eefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; }; ummandla "fefip6.arpa" {type master; Ifayile "/etc/bind/db.empty"; };
// IP6.INT isusiwe (RFC 4159)
ummandla "ip6.int" {type master; Ifayile "/etc/bind/db.empty"; };
Nangona sikuyekile ukumamela izicelo ze-IPv6 kumzekelo wethu, kufanelekile ukuquka iizowuni ze-IPv6 kwifayile yangaphambili kwabo bazidingayo.
Umxholo wokugqibela we /etc/bind/named.conf.local :
ingcambu@dns:~# nano /etc/bind/named.conf.local
// // Yenza naluphi na uqwalaselo lwasekhaya apha // // Cinga ukongeza imimandla ye-1918 apha, ukuba ayisetyenziswanga kumbutho wakho //
kubandakanya "/etc/bind/zones.rfc1918"; zibandakanya "/etc/bind/zones.rfcFreeBSD";
// Isibhengezo segama, uhlobo, indawo, kunye nemvume yokuhlaziya
// yeeNdawo zeRekhodi zeDNS // Zombini iZones ziyi-MASTERS
indawo"desdelinux.umlandeli" {
uhlobo lwenkosi;
ifayile "/var/lib/bind/db.desdelinux.umlandeli";
};
ummandla "10.168.192.in-addr.arpa" {
uhlobo lwenkosi;
ifayile "/var/lib/bind/db.10.168.192.in-addr.arpa";
};
ingcambu @ dns: ~ # igama-tsheckconf ingcambu @ dns: ~#
Senza iifayile zoMmandla ngamnye
Singakopa umxholo weefayile kwindawo nganye ngokwenyani kwinqaku «I-DNS kunye ne-DHCP kwi-CentOS 7«, okoko sikhathalela ukutshintsha uvimba weefayili ukuya / var / lib / ukubopha:
[ingcambu @ dns ~] # nano /var/lib/bind/db.desdelinux.umlandeli $TTL 3H @ IN SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. ( 1 ; uthotho 1D ; hlaziya 1H ; zama kwakhona 1W ; iphelelwa 3H); ubuncinane okanye ; Ixesha le-caching elibi lokuphila; @ IN NS dns.desdelinux.umlandeli. @ IN MX 10 email.desdelinux.umlandeli. @ IN TXT "Ukusuka kwiLinux, iBlog yakho inikezelwe kwiSoftware yasimahla"; sysadmin KWI-192.168.10.1 ad-dc KWI-192.168.10.3 iseva yefayile KWI-192.168.10.4 dns KWI-192.168.10.5 proxyweb KWI-192.168.10.6 iseva ye-192.168.10.7 192.168.10.8. 192.168.10.9 imeyile A XNUMX [ingcambu @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa $TTL 3H @ IN SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. ( 1 ; uthotho 1D ; hlaziya 1H ; zama kwakhona 1W ; iphelelwa 3H); ubuncinane okanye ; Ixesha le-caching elibi lokuphila; @ IN NS dns.desdelinux.umlandeli. ; 1 KWI-PTR sysadmin.desdelinux.umlandeli. 3 KWI-PTR ad-dc.desdelinux.umlandeli. 4 IN PTR iseva yefayile.desdelinux.umlandeli. 5 KWI-PTR dns.desdelinux.umlandeli. 6 KWI-PTR yewebhu yommeli.desdelinux.umlandeli. 7 KWI-PTR blog.desdelinux.umlandeli. 8 IN PTR ftpserver.desdelinux.umlandeli. 9 KWI-imeyile ye-PTR.desdelinux.umlandeli.
Sijonga i-syntax yendawo nganye
ingcambu @ dns:~# indawo yokukhangela desdelinux.fan /var/lib/bind/db.desdelinux.umlandeli izowuni desdelinux.fan/IN: ilayishiwe uthotho 1 Kulungile ingcambu@dns:~# igama-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa ummandla 10.168.192.in-addr.arpa/IN: ilayishwe uthotho 1 Kulungile
Ijonga uqwalaselo BIND jikelele
ingcambu @ dns:~# igama-checkconf -zp
- Ukulandela inkqubo yokulungisa i igama.conf Ngokweemfuno zethu kwaye ujonge, kwaye wenze ifayile nganye yommandla kwaye uyiqwalasele, sithandabuza ukuba kuya kufuneka sijongane neengxaki ezinkulu zokumisela. Ekugqibeleni siyaqonda ukuba ngumdlalo wenkwenkwe, onamaqondo amaninzi kunye nesintaksi yokuxabana.
Ukutshekishwa kubuyise iziphumo ezonelisayo, ke ngoko sinokuyiqala kwakhona i-BIND- ogama.
Siqala kwakhona i-BIND kwaye sijonge isimo sayo
[ingcambu @ dns ~]# inkquboctl qalisa kwakhona i-bind9.service [ingcambu @ dns ~]# inkquboctl ubume bind9.service ● bind9.service - BINDLELA i-Domain Name Server Ilayishiwe: ilayishiwe (/lib/systemd/system/bind9.service; yenziwe yasebenza) I-Lap-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- I-$named.conf Iyasebenza: esebenzayo (esebenzayo) ukususela ngeLanga 2017-02-05 07:45:03 EST; 5s eyadlulayo Amaxwebhu: indoda: egama (8) Inkqubo: 1345 ExecStop=/usr/sbin/rndc stop (ikhowudi=iphumile, isimo=0/SUCCESS) Eyona PID: 1350 (igama) CGroup: /system.slice/bind9.service └─1350 /usr/sbin/igama -f -u bopha ngoFebhruwari 05 07:45:03 dns egama lingu[1350]: indawo 1.f.ip6.arpa/IN: elayishiweyo serial 1 Feb 05 07:45:03 dns enegama [1350]: indawo afip6.arpa/IN: elayishiweyo i-serial 1 Feb 05 07:45:03 dns egama lingu[1350]: indawo yendawo/IN: elayishiweyo i-serial 2 Feb 05 07:45:03 dns egama lingu[1350]: uvavanyo lwendawo /IN: elayishiweyo i-serial 1 Feb 05 07:45:03 dns enegama [1350]: umzekelo wendawo / IN: elayishiweyo i-serial 1 Feb 05 07: 45: 03 i-dns enegama [1350]: indawo 5.efep6.arpa/IN: ilayishiwe uthotho 1 Feb 05 07:45:03 dns enegama[1350]: indawo bfip6.arpa/IN: elayishiweyo isiriyeli 1 Feb 05 07:45:03 dns enegama[1350]: indawo ip6.int/IN: elayishiweyo isiriyali 1 Feb 05 07:45:03 i-dns ebizwa ngegama[1350]: zonke iizowuni zilayishiwe Feb 05 07:45:03 i-dns ebizwa ngegama[1350]: iyasebenza
Ukuba sifumana naluphi na uhlobo lwempazamo kwimveliso yomyalelo wokugqibela, kufuneka siqale kwakhona igama lenkonzo kwaye uphinde ukhangele eyakho isimo. Ukuba iimpazamo zanyamalala, inkonzo iqale ngempumelelo. Ngaphandle koko, kufuneka senze uphononongo olucokisekileyo lwazo zonke iifayile eziguqulweyo kunye nezenziweyo, kwaye siphinda inkqubo.
Itshekhi
Iitsheki zinokuqhutywa kwiseva enye okanye kumatshini oxhunywe kwi-LAN. Sikhetha ukuzenza kwiqela sysadmin.desdelinux.umlandeli esinike imvume yokubonisa ukuze ikwazi ukuTshintshela iZowuni. Ifayile /etc/resolv.conf Kweli qela kukho oku kulandelayo:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Yenziwe kukhangelo lweNethiwekhi yomphathi desdelinux.iseva yegama lomlandeli 192.168.10.5 buzz@sysadmin:~$ dig desdelinux.umlandeli axfr ; <<>> DiG 9.9.5-9 + deb8u1-Debian <<>> desdelinux.umlandeli axfr ;; iinketho zehlabathi: +cmd desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 desdelinux.umlandeli. 10800 KWI-NS dns.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN MX 10 email.desdelinux.umlandeli. desdelinux.umlandeli. 10800 KWI-TXT "Ukusuka kwiLinux, iBlog yakho enikezelwe kwiSoftware yasimahla" ad-dc.desdelinux.umlandeli. 10800 IN A 192.168.10.3 blog.desdelinux.umlandeli. 10800 IN A 192.168.10.7 dns.desdelinux.umlandeli. 10800 UKUYA 192.168.10.5 iseva yefayile.desdelinux.umlandeli. 10800 IN A 192.168.10.4 ftpserver.desdelinux.umlandeli. 10800 IN A 192.168.10.8 imeyile.desdelinux.umlandeli. 10800 IN A 192.168.10.9 proxyweb.desdelinux.umlandeli. 10800 IN A 192.168.10.6 sysadmin.desdelinux.umlandeli. 10800 UKUYA KU-192.168.10.1 desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; ixesha lombuzo: 1 msec ;; INKONZO: 192.168.10.5#53(192.168.10.5);; NINI: NgeCawa Feb 05 07:49:01 EST 2017 ; XFR ubukhulu: 13 iirekhodi (imiyalezo 1, bytes 385) buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr ;; iinketho zehlabathi: +cmd 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 KWI-NS dns.desdelinux.umlandeli. 1.10.168.192.in-addr.arpa. 10800 KWI-PTR sysadmin.desdelinux.umlandeli. 3.10.168.192.in-addr.arpa. 10800 KWI-PTR ad-dc.desdelinux.umlandeli. 4.10.168.192.in-addr.arpa. 10800 IN PTR iseva yefayile.desdelinux.umlandeli. 5.10.168.192.in-addr.arpa. 10800 KWI-PTR dns.desdelinux.umlandeli. 6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux.umlandeli. 7.10.168.192.in-addr.arpa. 10800 IN PTR blog.desdelinux.umlandeli. 8.10.168.192.in-addr.arpa. 10800 IN PTR ftpserver.desdelinux.umlandeli. 9.10.168.192.in-addr.arpa. 10800 IN PTR imeyile.desdelinux.umlandeli. 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 ;; ixesha lombuzo: 1 msec ;; INKONZO: 192.168.10.5#53(192.168.10.5);; NINI: NgeCawa Feb 05 07:49:47 EST 2017 ; XFR ubukhulu: 11 iirekhodi (imiyalezo 1, bytes 333) buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli buzz@sysadmin:~$ dig IN MX desdelinux.fan buzz@sysadmin:~$ dig IN TXT desdelinux.umlandeli buzz@sysadmin:~$host proxyweb iproxyweb.desdelinux.fan inedilesi 192.168.10.6 buzz@sysadmin:~$hoster ftpserver ftpserver.desdelinux.fan inedilesi 192.168.10.8 buzz @ sysadmin: ~ $ umkhosi 192.168.10.9 9.10.168.192.in-addr.arpa igama lommandla we-imeyile yesalathisi.desdelinux.umlandeli.
…Kwaye naluphi na olunye uqinisekiso esiludingayo.
Sifaka kwaye simisela i-DHCP
Kwi-Debian, inkonzo ye-DHCP inikezelwa yiphakheji Isc-dhcp-umncedisi:
ingcambu@dns:~# ukhangelo lobuchule isc-dhcp i isc-dhcp-client - DHCP client ngokufumana ngokuzenzekelayo idilesi ye IP p isc-dhcp-client-dbg - ISC DHCP umncedisi we-IP ngokuzenzekelayo isabelo (client debug) i isc-dhcp-common - iifayile eziqhelekileyo ezisetyenziswa zizo zonke iipakethe ze-isc-dhcp p isc-dhcp-dbg - i-ISC DHCP iseva ye-IP ezenzekelayo isabelo (isimboli yokucoca p isc-dhcp-dev - API yokufikelela kunye nokuguqula iseva ye-DHCP kunye nelizwe lomxhasi p isc-dhcp-relay - ISC DHCP relay i-daemon p isc-dhcp-relay-dbg - i-ISC DHCP iseva ye-idilesi ye-IP ezenzekelayo (i-relay debug) p isc-dhcp-server - i-ISC DHCP iseva ye-IP ezenzekelayo isabelo p isc-dhcp-server-dbg - ISC DHCP iseva ye unikezelo lwedilesi ye-IP oluzenzekelayo (i-server debug) p isc-dhcp-server-ldap - iseva ye-DHCP esebenzisa i-LDAP njengomva wayo ingcambu@dns:~# ubuchule bokufaka isc-dhcp-server
Nje ukuba ufakelo lwepakethe lugqityiwe, i--omnipresent- inkqubo Ikhalaza ukuba ayikwazanga ukuqalisa inkonzo. Kwi-Debian, kufuneka sibhengeze ngokucacileyo ukuba yeyiphi i-interface yenethiwekhi eya kuqeshisa ngayo iidilesi ze-IP kwaye iphendule izicelo, Isc-dhcp-umncedisi:
ingcambu @ dns:~# nano /etc/default/isc-dhcp-server .... # Kweziphi iindawo apho umncedisi weDHCP kufuneka abonelele ngezicelo zeDHCP? # Yahlula ujongano oluninzi ngeendawo, umz. "eth0 eth1". IINKCUKACHA = "eth0"
Amaxwebhu afakiweyo
ingcambu @ dns: ~# ls -l /usr/share/doc/isc-dhcp-server/ iyonke 44 -rw-r-r-- 1 ingcambu 1235 Dec 14 2014 copyright -rw-r--r- 1 ingcambu ingcambu 26031 Feb 13 2015 changelog.Debian.gz drwxr-xr-x 2 ingcambu ingcambu 4096 Feb 5 08:10 imizekelo -rw-r--r-- 1 ingcambu ingcambu 592 Dec 14 2014 IINDABA.Debian.gz -rw-r--r- 1 ingcambu ingcambu 1099 Dec 14 2014 README.Debian
Iqhosha le-TSIG "dhcp-key"
Kucetyiswa ukuvelisa isitshixo TSIG o Utyikityo lwentengiselwano - Tiransaction SIGindalo, ukwenzela ukuqinisekiswa kohlaziyo oluguqukayo lwe-DNS yi-DHCP. Njengoko sibonile kwinqaku elidlulileyo «I-DNS kunye ne-DHCP kwi-CentOS 7«Sicinga ukuba ukuveliswa kweso sitshixo akubalulekanga kangako, ngakumbi xa zombini iinkonzo zifakwe kwiseva enye. Nangona kunjalo, sinikezela ngenkqubo ngokubanzi yokuveliswa kwayo okuzenzekelayo:
ingcambu @ dns:~# dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER dhcp-key
Isitshixo seKdhcp. + 157 + 11088
ingcambu@dns:~# cat Kdhcp-key.+157+11088.yabucala
I-Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Isitshixo: TEqfcx2FUMYBQ1hA1ZGelA== Bits: AAA= Yakhiwe: 20170205121618 Papasha: 20170205121618 20170205121618 XNUMX XNUMX
ingcambu@dns:~# nano dhcp.key
Isitshixo se-dhcp-key {
I-algorithm hmac-md5;
imfihlo "TEqfcx2FUMYBQ1hA1ZGelA==";
};
ingcambu @ dns: ~ # faka -o ingcambu -g bopha -m 0640 dhcp.key /etc/bind/dhcp.key root@dns:~# install -o ingcambu -g ingcambu -m 0640 dhcp.key /etc/dhcp /dhcp.ingcambu yesitshixo@dns:~# ls -l /etc/bind/*.key
-rw-r----- 1 ingcambu ibophe 78 Feb 5 08:21 /etc/bind/dhcp.key -rw-r----- 1 bind bind 77 Feb 4 11:47 /etc/bind/rndc .isitshixo
ingcambu@dns:~# ls -l /etc/dhcp/dhcp.key
-rw-r----- 1 ingcambu ingcambu 78 Feb 5 08:21 /etc/dhcp/dhcp.key
Ukuhlaziya imimandla ye-BIND usebenzisa i-dhcp-key
ingcambu@dns:~# nano /etc/bind/named.conf.local
// // Yenza naluphi na uqwalaselo lwengingqi apha // // Cinga ukongeza iindawo ze-1918 apha, ukuba azisetyenziswanga kumbutho wakho // ziquka "/etc/bind/zones.rfc1918"; ziquka "/etc/bind/zones.rfcFreeBSD"; ziquka "/etc/bind/dhcp.key"; // Isibhengezo segama, uhlobo, indawo, kunye nemvume yohlaziyo // yeeNdawo zoRekhodi ze-DNS // Zombini iZowuni YIZOwuni ye-MASTER "desdelinux.fan" {type master; ifayile "/var/lib/bind/db.desdelinux.umlandeli";
vumela uhlaziyo {lweqhosha le-dhcp-isitshixo; };
}; indawo "10.168.192.in-addr.arpa" { uhlobo lwenkosi; ifayile "/var/lib/bind/db.10.168.192.in-addr.arpa";
vumela uhlaziyo {lweqhosha le-dhcp-isitshixo; };
};
ingcambu @ dns:~# igama-tsheckconf ingcambu @ dns:~#
Siqwalasela i-isc-dhcp-server
ingcambu@dns:~# mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
ingcambu@dns:~# nano /etc/dhcp/dhcpd.conf
ddns-uhlaziyo lwexeshana; ddns-uhlaziyo luvuliwe; ddns-domainname "desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; ungahoyi uhlaziyo lwabaxhasi; igunya; ukhetho lwe-ip-forwarding off; option domain-name "desdelinux.fan"; bandakanya "/etc/dhcp/dhcp.key"; indawo desdelinux.umlandeli. { ephambili 127.0.0.1; isitshixo se-dhcp-isitshixo; } indawo 10.168.192.in-addr.arpa. { ephambili 127.0.0.1; isitshixo se-dhcp-isitshixo; } inethiwekhi ekwabelwana ngayo i-redlocal {i-subnet 192.168.10.0 netmask 255.255.255.0 {iendlela zokukhetha 192.168.10.1; ukhetho subnet-mask 255.255.255.0; ukhetho lokusasaza-idilesi 192.168.10.255; ukhetho lwesizinda-igama-abancedisi 192.168.10.5; ukhetho lwe-netbios-name-servers 192.168.10.5; uluhlu 192.168.10.30 192.168.10.250; } } # ISIPHELO dhcpd.conf
Sijonga ifayile ye-dhcpd.conf
ingcambu@dns:~# dhcpd -t IiNkqubo zeIntanethi I-Consortium DHCP Server 4.3.1 Ilungelo lokushicilela 2004-2014 IiNkqubo zeIntanethi zeKhonkco. Onke amalungelo agciniwe. Ngolwazi, nceda undwendwele i-https: //www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid
Siqala kwakhona i-BIND kwaye siqale i-isc-dhcp-server
ingcambu@dns:~# systemctl qala kwakhona bind9.service ingcambu@dns:~# systemctl ubume bind9.service ingcambu@dns:~# systemctl qala isc-dhcp-server.service ingcambu@dns:~# inkquboctl ubume isc-dhcp-server.service ● isc-dhcp-server.service - LSB: DHCP iseva Ilayishiwe: ilayishiwe (/etc/init.d/isc-dhcp-server) Esebenzayo: esebenzayo (esebenzayo) ukususela kwi-Sun 2017-02-05 08:41:45 EST; 6s edlule Inkqubo: 2039 ExecStop=/etc/init.d/isc-dhcp-server stop (code=exited, status=0/SUCCESS) Inkqubo: 2049 ExecStart=/etc/init.d/isc-dhcp-server start ( ikhowudi=iphumile, isimo=0/IMPUMELELO) Iqela le-CG: /system.slice/isc-dhcp-server.service └─2057 /usr/sbin/dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf /var/ run/dhcpd.pid eth0 Feb 05 08:41:43 dns dhcpd[2056]: Ubhale i-0 yokuqeshisa kwifayile yokuqeshisa. Feb 05 08:41:43 dns dhcpd[2057]: Inkonzo iqalisa iseva. Feb 05 08:41:45 dns isc-dhcp-server[2049]: Ukuqalisa iseva ye-ISC DHCP: dhcpd.
Ukujonga kunye nabaxhasi
Siqala umxhasi ngeWindows 7 inkqubo yokusebenza, enegama elithi "LAGER".
buzz@sysadmin:~$ host lager LAGER.desdelinux.fan inedilesi 192.168.10.30 buzz@sysadmin:~$ dig in txt lager.desdelinux.umlandeli
Sitshintsha igama laloo mthengi ukuba "zisixhenxe" kwaye siqale ngokutsha umxhasi
buzz@sysadmin:~$ host lager ; unxibelelwano luphelelwe lixesha; akukho seva zinokufikelelwa buzz@sysadmin:~$ umamkeli ezisixhenxe Sixhengxe.desdelinux.fan inedilesi 192.168.10.30 buzz @ sysadmin: ~ $ umkhosi 192.168.10.30 30.10.168.192.in-addr.arpa igama lesizinda isalathiso ezisixhenxe.desdelinux.umlandeli. buzz@sysadmin:~$ dig in txt ezisixhenxe.desdelinux.umlandeli
Sitshintshe igama le-Windows 7 client kwakhona ukuba "win7"
buzz @ sysadmin: ~ $ umkhosi ezisixhenxe ; unxibelelwano luphelelwe lixesha; akukho seva zinokufikelelwa buzz@sysadmin:~$host win7 win7.desdelinux.fan inedilesi 192.168.10.30 buzz @ sysadmin: ~ $ umkhosi 192.168.10.30 30.10.168.192.in-addr.arpa igama lesizinda sesalathisi win7.desdelinux.umlandeli. buzz@sysadmin:~$ dig in txt win7.desdelinux.umlandeli ; <<>> DiG 9.9.5-9 + deb8u1-Debian <<>> kwi-txt win7.desdelinux.umlandeli ; iinketho zehlabathi: +cmd ;; Ndifumene impendulo:; ->> HEADER <<- opcode: QUERY, isimo: NOERROR, id: 11218 ;; iiflegi: qr aa rd ra; UMBUZO: 1, IMPENDULO: 1, IGUNYA: 1, OLONGEZELELWEYO: 2;; KHETHA UKUTHETHA:; EDNS: uguqulelo: 0, iiflegi:; udp: 4096 ;; ICANDELO LOMBUZO: ;win7.desdelinux.umlandeli. KWI-TXT; ICANDELO LEMPENDULO: win7.desdelinux.umlandeli. 3600 KWI-TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ;; ICANDELO LEGUNYA: desdelinux.umlandeli. 10800 KWI-NS dns.desdelinux.umlandeli. ; ICANDELO OLONGEZELELWEYO: dns.desdelinux.umlandeli. 10800 IN A 192.168.10.5 ;; ixesha lombuzo: 0 msec ;; INKONZO: 192.168.10.5#53(192.168.10.5);; NINI: NgeSonto Feb 05 09:13:20 EST 2017 ;; UBUKHULU be-MSG rcvd: 129 buzz@sysadmin:~$ dig desdelinux.umlandeli axfr ; <<>> DiG 9.9.5-9 + deb8u1-Debian <<>> desdelinux.umlandeli axfr ;; iinketho zehlabathi: +cmd desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 8 86400 3600 604800 10800 desdelinux.umlandeli. 10800 KWI-NS dns.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN MX 10 email.desdelinux.umlandeli. desdelinux.umlandeli. 10800 KWI-TXT "Ukusuka kwiLinux, iBlog yakho enikezelwe kwiSoftware yasimahla" ad-dc.desdelinux.umlandeli. 10800 IN A 192.168.10.3 blog.desdelinux.umlandeli. 10800 IN A 192.168.10.7 dns.desdelinux.umlandeli. 10800 UKUYA 192.168.10.5 iseva yefayile.desdelinux.umlandeli. 10800 IN A 192.168.10.4 ftpserver.desdelinux.umlandeli. 10800 IN A 192.168.10.8 imeyile.desdelinux.umlandeli. 10800 IN A 192.168.10.9 proxyweb.desdelinux.umlandeli. 10800 IN A 192.168.10.6 sysadmin.desdelinux.umlandeli. 10800 UKUYA KU-192.168.10.1 win7.desdelinux.umlandeli. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" win7.desdelinux.umlandeli. 3600 UKUYA KU-192.168.10.30 desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 8 86400 3600 604800 10800 ;; ixesha lombuzo: 2 msec ;; INKONZO: 192.168.10.5#53(192.168.10.5);; NINI: ILanga Feb 05 09:15:13 EST 2017 ;; XFR ubukhulu: 15 iirekhodi (imiyalezo 1, bytes 453)
Kwimveliso engentla, saqaqambisa kwi ngesibindi Los I-TTL -imizuzwana- yeekhompyuter ezineedilesi ze-IP ezinikezwe yinkonzo ye-DHCP abo banesibhengezo esicacileyo se-TTL 3600 enikezwe yi-DHCP. Ii-IPs ezisisigxina zikhokelwa yi- $ TTL yeeyure ezi-3H -3 = 10800 imizuzwana- ibhengezwe kwirekhodi ye-SOA yefayile nganye yommandla.
Banokujonga indawo ebuyela umva ngendlela efanayo.
[(Imeyile ikhuselwe) ~] # dig 10.168.192.in-addr.arpa axfr
Eminye imiyalelo enomdla kakhulu yile:
[ingcambu @ dns ~]# enegama-ijenali /var/lib/bind/db.desdelinux.fan.jnl del desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 2 86400 3600 604800 10800 yongeza i-LAGER.desdelinux.umlandeli. 3600 IN A 192.168.10.30 yongeza LAGER.desdelinux.umlandeli. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ukusuka desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 2 86400 3600 604800 10800 ye-LAGER.desdelinux.umlandeli. 3600 IN A 192.168.10.30 yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 3 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 3 86400 3600 604800 10800 ye-LAGER.desdelinux.umlandeli. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 4 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 4 86400 3600 604800 10800 yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 5 86400 3600 604800 10800 yongeza isixhenxe.desdelinux.umlandeli. 3600 IN A 192.168.10.30 yongeza ezisixhenxe.desdelinux.umlandeli. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ukusuka desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 5 86400 3600 604800 10800 kwezisixhenxe.desdelinux.umlandeli. 3600 IN A 192.168.10.30 yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 6 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 6 86400 3600 604800 10800 kwezisixhenxe.desdelinux.umlandeli. 3600 IN TXT "31b7228dd3a3b73be2fda9e09e601f3e9" yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 7 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 7 86400 3600 604800 10800 yongeza desdelinux.umlandeli. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 8 86400 3600 604800 10800 yongeza i-win7.desdelinux.umlandeli. 3600 IN A 192.168.10.30 yongeza win7.desdelinux.umlandeli. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" [ingcambu @ dns ~]# enegama-ijenali /var/lib/bind/db.10.168.192.in-addr.arpa.jnl ukusuka 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 yongeza 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 2 86400 3600 604800 10800 yongeza 30.10.168.192.in-addr.arpa. 3600 KWI-PTR LAGER.desdelinux.umlandeli. ukusuka 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 2 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 KWI-PTR LAGER.desdelinux.umlandeli. yongeza 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 3 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 3 86400 3600 604800 10800 yongeza 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 4 86400 3600 604800 10800 yongeza 30.10.168.192.in-addr.arpa. 3600 KWI-PTR ezisixhenxe.desdelinux.umlandeli. ukusuka 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 4 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 KWI-PTR ezisixhenxe.desdelinux.umlandeli. yongeza 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 5 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 5 86400 3600 604800 10800 yongeza 10.168.192.in-addr.arpa. 10800 KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. 6 86400 3600 604800 10800 yongeza 30.10.168.192.in-addr.arpa. 3600 IN PTR win7.desdelinux.umlandeli. [(Imeyile ikhuselwe) ~] # ijenali -f
Uhlengahlengiso olwenziweyo lweefayile zeMimandla
Emva kokuba i-DHCP ingene kumdlalo wokuhlaziya ngokuguqukayo iifayile zendawo ye-BIND, ukuba nangaliphi na ixesha kufuneka siyiguqule ngesandla ifayile yendawo, kufuneka senze le nkqubo ilandelayo, kodwa hayi ngaphambi kokwazi kancinci malunga nendlela i-BIND esebenza ngayo. rndc -indoda rndc– kulawulo lwe ogama.
- rndc nqabela [indawo [iklasi [jonga]]], unqumamisa uhlaziyo olunamandla lwendawo. Ukuba enye ayichazwanga, zonke ziya kubanda. Umyalelo uvumela ukuhlelwa kwencwadana yendawo enomkhenkce okanye yonke imimandla. Naluphi na uhlaziyo olunamandla luya kukhatywa ngelixa liqabile.
- rndc unyibilik [ummandla [udidi [jonga]]], Yenza uhlaziyo olutshintshayo kummandla owawukhenkcekile ngaphambili. Iseva ye-DNS iphinda ilayishe kwakhona ifayile yendawo kwiidiski, kwaye uhlaziyo olunamandla lwenziwa amandla emva kokuba ulayisho luphelile.
Izilumkiso emazithathwe xa sihlela ngesandla ifayile yefayile? Kuyafana nokuba besiyenza, ngaphandle kokulibala ukunyusa inani le-serial ngo-1 okanye i serial ngaphambi kokugcina ifayile kunye notshintsho lokugqibela.
Sikhenkceza iindawo
Ekubeni siza kwenza utshintsho kwiiNdawo eziNgqo kwaye zibuyele umva ngelixa i-DNS kunye ne-DHCP ziqhuba, eyona nto inempilo yokwenza kukukhenkcela iiNdawo zeDNS:
[ingcambu@dns ~]# rndc umkhenkce
Indawo desdelinux.umlandeli iqulathe ezi rekhodi zilandelayo:
[ingcambu @ dns ~] # ikati /var/lib/bind/db.desdelinux.umlandeli
$ORIGIN . $TTL 10800 ; iiyure ezi-3
desdelinux.umlandeli IN SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. (
8; uthotho
86400 ; hlaziya (usuku olu-1) 3600; zama kwakhona (iyure e-1) 604800 ; iphela (iveki enye) 1; ubuncinane (iiyure ezi-10800) ) NS dns.desdelinux.umlandeli. I-imeyile ye-MX 10.desdelinux.umlandeli. TXT "Ukusuka kwiLinux, iBlog yakho enikezelwe kwiSoftware yasimahla" $ORIGIN desdelinux.umlandeli. ad-dc Ukuya 192.168.10.3 blog Ukuya 192.168.10.7 dns Ukuya 192.168.10.5 fileserver Ukuya 192.168.10.4 ftpserver Ukuya 192.168.10.8 imeyile Ukuya 192.168.10.9 Ukuya kwi-192.168.10.6 192.168.10.1 $ TTL 3600; 1 iyure win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
Masidibanise iseva «udonga lonxweme»nge IP 192.168.10.10:
ingcambu@dns:~# nano /var/lib/bind/db.desdelinux.umlandeli
$ORIGIN . $TTL 10800 ; iiyure ezi-3
desdelinux.umlandeli IN SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. (
9; uthotho
86400 ; hlaziya (usuku olu-1) 3600; zama kwakhona (iyure e-1) 604800 ; iphela (iveki enye) 1; ubuncinane (iiyure ezi-10800) ) NS dns.desdelinux.umlandeli. I-imeyile ye-MX 10.desdelinux.umlandeli. TXT "Ukusuka kwiLinux, iBlog yakho enikezelwe kwiSoftware yasimahla" $ORIGIN desdelinux.umlandeli. ad-dc Ukuya 192.168.10.3 blog Ukuya 192.168.10.7 dns Ukuya 192.168.10.5 fileserver Ukuya 192.168.10.4 ftpserver Ukuya 192.168.10.8 imeyile Ku 192.168.10.9
udonga A 192.168.10.10
sysadmin A 192.168.10.1 $TTL 3600; 1 iyure win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
Sifanele ukuba silungise uMmandla oGuqukileyo:
ingcambu@dns:~# nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN . $TTL 10800 ; Iiyure ezi-3 10.168.192.in-addr.arpa KWI-SOA dns.desdelinux.umlandeli. ingcambu.dns.desdelinux.umlandeli. (
7; uthotho
86400 ; hlaziya (usuku olu-1) 3600; zama kwakhona (iyure e-1) 604800 ; iphela (iveki enye) 1; ubuncinane (iiyure ezi-10800) ) NS dns.desdelinux.umlandeli. $ ORIGIN 10.168.192.in-addr.arpa. 1 PTR sysadmin.desdelinux.umlandeli. 3 PTR ad-dc.desdelinux.umlandeli. $TTL 3600 ; Iyure e-1 30 PTR win7.desdelinux.umlandeli. $TTL 10800 ; Iiyure ezi-3 4 iseva yefayile ye-PTR.desdelinux.umlandeli. 5 PTR dns.desdelinux.umlandeli. 6 PTR web proxy.desdelinux.umlandeli. 7 PTR blog.desdelinux.umlandeli. 8 PTR ftpserver.desdelinux.umlandeli. 9 PTR imeyile.desdelinux.umlandeli.
10 PTR elunxwemeni.desdelinux.umlandeli.
Siyayinyibilikisa kwaye siyitshaje iindawo
[ingcambu@dns ~]# rndc nyibilika ingcambu@dns:~# journalctl -f -- Izigodo ziqala ngeLanga 2017-02-05 06:27:10 EST. -- Feb 05 12:00:29 i-dns enikwe igama[1996]: ifumene umyalelo wejelo lolawulo 'thaw' Feb 05 12:00:29 dns ethiwe thaca[1996]: ukunyibilikisa zonke iindawo: impumelelo Feb 05 12:00:29 dns igama[ 1996]: indawo 10.168.192.in-addr.arpa/IN: ifayile yejenali iphelelwe lixesha: ukususa ifayile yejenali Feb 05 12:00:29 dns egama lingu[1996]: indawo 10.168.192.in-addr.arpa/ IN: elayishiweyo i-serial 7 Feb 05 12:00:29 dns enegama[1996]: indawo desdelinux.fan/IN: ifayile yejenali iphelelwe lixesha: kususwa ifayile yejenali Feb 05 12:00:29 dns enegama[1996]: indawo desdelinux.fan/IN: ilayishiwe uthotho 9 buzz@sysadmin:~$ host shorewall udonga lonxweme.desdelinux.fan inedilesi 192.168.10.10 buzz @ sysadmin: ~ $ umkhosi 192.168.10.10 10.10.168.192.in-addr.arpa igama lesizinda sesalathisi sonxweme.desdelinux.umlandeli. buzz@sysadmin:~$ dig desdelinux.umlandeli axfr buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr ingcambu@dns:~# journalctl -f .... Feb 05 12:03:05 dns enegama[1996]: umxhasi 192.168.10.1#37835 (desdelinux.fan): ugqithiso lwe 'desdelinux.fan/IN': I-AXFR iqale ngoFebhruwari 05 12:03:05 dns ebizwa ngegama[1996]: umxhasi 192.168.10.1#37835 (desdelinux.fan): ugqithiso lwe 'desdelinux.fan/IN': I-AXFR iphele ngoFebruwari 05 12:03:20 i-dns ebizwa ngegama[1996]: umxhasi 192.168.10.1#46905 (10.168.192.in-addr.arpa): ukudluliselwa kwe-'10.168.192.in-add. arpa/IN': I-AXFR iqale ngoFebhruwari 05 12:03:20 i-dns ebizwa ngegama[1996]: umxhasi 192.168.10.1#46905 (10.168.192.in-addr.arpa): ukudluliselwa kwe-'10.168.192.ardr.in-add. /IN': I-AXFR iphelile
Isishwankathelo
Ukuza kuthi ga ngoku sineseva ye-DNS Cache esebenzayo, exhasa iRecursion, eyiGunyaziso yeZone. desdelinux.umlandeli, kwaye oko kuvumela i-DHCP ukuba ihlaziye iMimandla eNgqoyo kunye neNgeniso eNgqo kunye namagama ekhompyutheni kunye ne-IP eyinikayo.
Eli nqaku kunye nezimbini ezidlulileyo «I-DNS kunye ne-DHCP kwi-openSUSE 13.2 'Harlequin'" kwaye "I-DNS kunye ne-DHCP kwi-CentOS 7» yenza into enye. Uya kufumana iikhonsepthi ngokubanzi malunga ne-DNS kunye ne-DHCP, kunye neenkcukacha zonikezelo ngalunye kuzo zonke. Bona ba Indawo yokungena kwisihloko, kunye nesiseko sophuhliso olunzima ngakumbi.
Asiyi kuthandabuza ukunyanzelisa - kwakhona - ngokubaluleka kokufunda amaxwebhu obugcisa afakwe ngokungagqibekanga kunye nephakheji nganye, PHAMBI kokuqwalasela naziphi na iinkcukacha. Oku sikuthetha ngokusuka kumava ethu.
Ukuhanjiswa okulandelayo
Inokuba "yiMicrosoft® Active Directory + BIND"
Esinjani isifundo esihle ondithumele sona, mfondini, andazi ukuba iinkcukacha ezingaka kunye nocwangco luvela phi kwizihloko ezinzima ngolo hlobo.
Ndivuyisana kakhulu, kuliwonga ukukwazi ukukufunda
Kuya kufuneka ndikuxelele ukuba izifundo ozipapashayo ZISHUSHU, ndiyazithanda.
Ndihlala ndilinde isahluko sakho esilandelayo.
Xa ugqibile, uza kuyifaka kwi-pdf? Ngamaxwebhu ukuba ngokombono wam axabiseke kakhulu, afanele ukugcinwa kakuhle.
Enkosi kakhulu kwaye ndiyabulisa.
Bafo.
Bafo : enkosi kakhulu nge valuation yakho ne comment yakho. Owona mvuzo ulungileyo wexesha, umsebenzi, kunye nomzamo endiwunikezelayo kwisifundo ngasinye ngamagqabantshintshi. Nokuba i-positive okanye i-negative, kodwa luphawu lokuba ayihambi ingabonwa. Ndicinga ukuba abafundi abaninzi bakhuphela kwaye bagcine, okanye bayongeze kwiibhukhmakhi zabo. Kodwa ndinokucinga kuphela ukuba ngokusekelwe kwinani lokutyelela. Kulihlazo ukuba akukho magqabaza amaninzi, nangona ndiyazi ukuba izihloko endizixoxayo zezeSysadmins. Nawe ndiyabulisa kwaye ndizokulinda kumanqaku am alandelayo.
Lizard: Enkosi ngovandlakanyo lwakho olunyanisekileyo endiya kuhlala ndilikhumbula.
Ingaba uqwalaselo lunokuba njani ukuba ndinonxibelelwano lwenethiwekhi ezimbini kwimeko yokubopha
Enkosi kwaye sivuyisana nezinto eziphathekayo.
Artus: Enkosi ngoluvo lwakho kunye nokuvuyisana nawe.
Impendulo yombuzo wakho ifanele inqaku elahlukileyo malunga nokusetyenziswa kweeJonga- izimvo kwi BIND.
Kwimeko apho unoMmandla oThunyelwe phantsi koxanduva lwakho, kwaye ufuna ukuba ne-BIND enye yokujonga imibuzo yangaphakathi kwi-LAN yakho kunye nemibuzo yangaphandle evela kwi-Intanethi - kunye ne-BIND ekhuselwe ngoFirewall ngokuqinisekileyo - kuyacetyiswa ukuba usebenzise Iimbono.
Iimboniselo, umzekelo, zikuvumela ukuba ubonise uqwalaselo lweNethiwekhi ye-SME yakho kunye nenye ye-Intanethi. Xa singaqwalaseli nayiphi na imboniselo ngokucacileyo, BINDLELA ngokufihlakeleyo imboniselo enye ebonisa zonke iikhompyutha ezibonisana nayo.
Ekubeni ukusetyenziswa kweemboniselo kuthathwa njengesihloko esiphambili unakho kwaye ubhale inqaku malunga nalo, ngaphambi okanye emva kwesithuba esithenjisiweyo esibhengezwe ekupheleni kwale.
Ngoku, ukuba unonxibelelwano lwenethiwekhi ezimbini ezijongene neNethiwekhi ye-SME yakho-yenziwe ngamaNethiwekhi amabini aBucala- ngenxa yaso nasiphi na isizathu soyilo, ibhalansi yomthwalo, inani lezixhobo okanye enye, kwaye ufuna ukubonisa zonke iindawo zakho kuzo zombini iinethiwekhi, ungenza njalo. Sombulula ngengxelo:
mamela {
127.0.0.1;
IP-Private-Interface1;
yabucala-interface-ip2;
};
Ngale ndlela, i-BIND imamela izicelo kuzo zombini iindawo.
Ukuba zonke iikhompyuter zakho zikuKlasi C kwiNethiwekhi yaBucala 192.168.10.0/255.255.240.0 - ukuya kuthi ga kwi-4094 inginginya - umzekelo, unokusebenzisa ingxelo:
mamela-kwi- {127.0.0.1; 192.168.10.0/20; };
Kwaye uyaqhubeka nokubonisa umbono omnye kuzo zonke izixhobo eziqhagamshelwe kwiNethiwekhi ye-LAN yaBucala.
Ndiyathemba ukuba impendulo yam emfutshane iyakunceda. Imibuliso kunye nempumelelo.
Enkosi ngempendulo ngokukhawuleza. Uyabona, ndimisela iSeva yeDebian ngenguqulo ye-9 (Yandisa), ine-DNS, i-dhcp kunye neskwidi njenge-proxy, kwizihluzi zomxholo endiya kuzisebenzisa e2guardian.
Ikhompyuter ineenethiwekhi ezimbini zokunxibelelana, eziza kuvumela iikhompyuter ezikwi-LAN ukuba zifikelele kwi-Intanethi.
umzila: 192.168.1.1
eth0: 192.168.1.55 (ngale interface uya kuya kwi-Intanethi)
eth1:192.168.100.1 (LAN)
Ingcamango kukuba iikhomputha zinokuphuma kwi-Intanethi ngokusebenzisa le seva yommeleli, eya kubonelela nge-ips kunye ne-dns kwiikhomputha kwinethiwekhi yangaphakathi.
Kule meko andidingi umncedisi ukuba azimase izicelo ze-DNS ngojongano lwe-eth0 (andifuni ukubonisa indawo yam kuzo zombini iinethiwekhi, kuphela kwiLAN yam); Ke ukuba ndisusa i-private-interface-IP1, ingaba oko kwanele?
Enkosi kwakhona kunye nemibuliso.
Inqaku elihle kakhulu umhlobo wam
UBAPHELE emithanjeni yakho, nokuba uthetha kwaye ucinga ngenye indlela :)
Halala
Artus: Susa ujongano lwe-192.168.1.55 kwisibhengezo sokumamela kwaye yiloo nto. Okanye bhengeza kuphela mamela-kwi- {127.0.0.1; 192.168.100.1; }; kwaye yiloo nto. I-BIND iyakumamela kuphela kwezo ndawo zijongana nazo.
Enkosi ndiyabulela.
U-Eduardo: mhlobo wam, ndisakhetha i-dnsmasq kwiinethiwekhi "ezincinci", kwaye kuya kufuneka sibone ukuba "zinkulu" kangakanani. 😉 Nangona ndiqaphela ukuba i-BIND + isc-dhcp-server yi-BIND + isc-dhcp-server. 😉
U-Eduardo: Ndilibele ukukuxelela ukuba iNgcali ye-BIND nguwe, Master.
Kudala ndisebenzisa i-BIND iminyaka kwaye ndisafunda kwimibhalo yakho, enkosi kakhulu Federico, ngolu ngcelele lwezifundo i-sysadmin iyavutha. Ndiyabuya ndiphinde ndiphinde, umbono wokubandakanya lonke olu lwazi kwifomathi ephathekayo esemthethweni ayibi kwaphela, yicinge kuba into entle kakhulu inokuphuma. Konke okugqibelele.
Umhlobo uDhunter: Izimvo zakho zisoloko zamkelwa kakuhle. Ukubandakanya yonke into ngumsebenzi onzima kwaye phantse ongenakwenzeka, kuba isihloko esitsha sihlala sivela. Ngezahluko, iyahamba kwaye inokwenzeka. Amanye amanqaku kuya kufuneka abhalwe kwakhona ukufumana ukuhambelana kuqwalaselo. Andithembisi nto, kodwa siza kubona.
Molo Federico, nanga amagqabantshintshi am:
1) Ugxininiso olwenzayo "...ukufunda ngaphambi kokuqwalasela i-BIND naPHAMBI kokukhangela i-Intanethi amanqaku anxulumene ne-BIND kunye ne-DNS ...". ekhaya..." ukusebenzisa awakho amazwi.
2) Kule post sifumana ithiyori eyongezelelekileyo malunga ne-DNS encedisayo ebonelelweyo kwizithuba ezimbini zangaphambili kwaye ihlala ixabiswa; umzekelo: DNSSEC (Izandiso zoKhuseleko lweSistim yegama leDomain) kunye nokuba isetyenziselwa ntoni; kunye ne-BIND yoqwalaselo lweSkimu kunye neeFayile zoLungiselelo ezingatshintshiyo, iiFayile zeZowuni zeeSeva zeeNgcambu, kunye neMimandla eNgqo kunye noBumva yehostela yendawo kwiDebian.
3) Ingcebiso OMKHULU ngokungakhubaza i-recursion (usebenzisa umgca "i-recursion no;") emva koko uquka iifayile zendawo /etc/bind/zones kwifayile yoqwalaselo /etc/bind/named.conf.local.rfc1918 kunye /etc/bind /zones.rfcFreeBSD ukunqanda nayiphi na imibuzo enxulumene nabo ekushiyeni inethiwekhi yendawo ukuya kwiingcambu zeeseva.
I-4) Ngokungafaniyo nesithuba sangaphambili malunga ne-CentOS 7, kule post i-TSIG Key "dhcp-key" yenzelwe ukuhlaziywa kwe-DNS eguqukayo kwi-DHCP; Ukuyivumela kwifayile /etc/bind/named.conf.local kufuneka uquke "vumela-uhlaziyo {isitshixo sedhcp-isitshixo; };» kuqwalaselo lweendawo ezithe ngqo nezingasemva zommandla wethu.
I-5) Iinkcukacha ezinkulu (ezifana nesithuba sangaphambili kwi-CentOS 7) yonke into ehambelana nokujonga ukusebenza kwe-DNS, i-DHCP kunye nabaxhasi.
6) OMKHULU ingcebiso yokusebenzisa "ufake" umyalelo (ewe, njengoko kubhaliwe, andibhekiseli kukhetho lwegama elifanayo elisetyenziswa kweminye imiyalelo), andizange ndiyazi ngayo, yinyaniso. "3 ku-1" kuba Iqela ikopi (cp), ukusekwa abanini (chown) kunye neemvume (chmod).
. Ekugqibeleni, impendulo yakho ku-Artus malunga nokusetyenziswa kwe-Views kwi-BIND ilungile kakhulu, enye ijongene ne-LAN (inethiwekhi yabucala) kunye ne-Intanethi ukwenzela ukuba kuphela iinkonzo zoluntu zinokubonisana. Ngethemba kamva uya kuba nexesha lokulungiselela isithuba kuba sisihloko esisebenzayo kakhulu kwiisysadmins ezininzi.
Akukho nto Federico, ndiyaqhubeka nokuba nomdla ngakumbi ngothotho lwePYMES kwaye ndijonge phambili kwiposti elandelayo “IMicrosoft Active Directory + BIND”
Wong: Mlingane kunye nomhlobo, amagqabaza akho ayahambisana namanqaku am kwaye abonisa ukuba ayaqondakala. Umyalelo othi "fake" unokhetho oluninzi. Uthethwano ukufaka umntu. Enkosi kakhulu ngokuhlomla!!!
andikazifundi iicomments, ndizakuyenza lonto emva kokuchaza uluvo lwam.
Kuninzi okwenzileyo kwaye uphumelele, usinike ukukhanya kodwa hayi okubonwa "ekupheleni kwetonela" xa kungasekho themba njengoko siqhele ukuthi; Hayi, akunjalo, unike ukukhanya okupheleleyo ukuze ukwazi ukuthi "Ekugqibeleni siyaqonda ukuba ngumdlalo wabantwana, kunye neengcamango ezininzi kunye ne-syntax ecacileyo" njengoko uchaza kwisithuba.
I-POST TRUNK kunye kunye nezidlulileyo zesibini esidumileyo se-distros. Uzalisekise ukwandiswa kweengqikelelo kunye nethiyori ehlala ithatha umthwalo wayo kuthi. Ndifunde ngokucokisekileyo, ngokuzolileyo kwaye akunakwenzeka ukuba ndingaphawuli kwaye ndizive NDINOMBULELO NGOKUPHELELEYO ngonikezelo nokuzinikela okunjalo.
Ngaphandle kokulibaziseka, sikunqwenelela impilo entle kwaye uqhubeke nokuba negalelo; Siyabulela kwaye ngamathamsanqa, uqoqosho, impilo (sikunqwenelela kabini) kunye nothando lube nawe (kunye noSandra ngalo mbandela, hahaha).
Ndiyazi ukuba uluvo luhamba kancinci ngaphaya komxholo weposti, luya kubuntu kuba singabahlobo kwaye ndiyakuncoma ukuzinikezela kwakho. Akukho mntu, AKUKHO MNTU, owenza le nto usenzela yona thina sifuna ukufunda ngakumbi nangaphezulu kwaye sinoxanduva lokulawula iinethiwekhi ze-SME emqolo wethu, ayingomsebenzi olula.
Sl2 wonke umntu.
crespo88: Enkosi kakhulu ngovavanyo lwakho malunga nale kunye namanye amanqaku apapashiweyo. Abanye abafundi banokucinga ukuba ndinikela ngako konke, xa oko kungeyonyani. Ndihlala ndibhekisela kwiNdawo yokuNgena, nokuba imizekelo isebenza ngokupheleleyo. I-BIND yiShishini loMbane kunye ne-DHCP ayikude ngasemva. Ukuze ubazi ngaphezu komndilili, kufuneka ugqibezele isidanga sokuqala kwiDyunivesithi yaseHelsinki, 😉
Ndisifumana esi sihloko sinomdla kwaye sibaluleke kakhulu. Ndinomdla kolu phando kuyo yonke into enxulumene nolawulo lwenethiwekhi ye-Linux kwaye ngakumbi iiseva: i-DNS, i-DHCP eguqukayo kunye ne-static kunye nothungelwano olubonakalayo, i-bin9, i-samba, iiseva zokuprinta, i-ldap, ukubeka iliso kwinethiwekhi kunye nezicelo, iindibano zogcino-lwazi lwezicelo zabaprogram kunye ne-vlans, njl. Yiyo loo nto ezi ngcebiso zibalulekile kwaye zilungile kakhulu, kunye nezenzo kunye nemizekelo.
Molo Miguel!!!
Enkosi ngokuphawula kwaye ndiyathemba ukuba uthotho luyakunceda kwinto onomdla kuyo. Ndiyabulisa.
Enkosi kakhulu ngenqaku elithi Federico, libonisa ukuba uyazi ngeDebian. Ihagi.
Enkosi kakhulu Jorge, ngezimvo zakho. Ndiyathemba ukuba amanqaku am aya kukunceda.
Enkosi kakhulu ngeposi ebhalwe kakuhle kwaye isikhuthaza ukuba sifunde, sifunde kwaye sifunde kwakhona. Ngoku ngeposi elandelayo oza kuyipapasha, ndingathanda ukuba uthathele ingqalelo amanqaku okudibana anokuba nawo:
IMicrosoft Active Directory eneSamba4 njenge Active Directory
Ukongeza, bendifuna ukukubuza oku kulandelayo:
Ukuphunyezwa kwe-Bind + Isc-dhcp kuya kuba njani kwi-FW kwi-dmz apho umlawuli wesizinda uya kuba kwi-dmz nge-samba 4 AD