Abo balandela i 1, 2da, 3 y 4 inxalenye yeli nqaku kunye nemibuzo eyenziwe kwi-BIND yakho ibuyise iziphumo ezanelisayo, sele ziziingcali kulo mbandela. :-) Kwaye ngaphandle kokulinda masingene kwindawo yokugqibela:
- Ukudala ifayile yeMain Master Zone yohlobo "Reverse" 10.168.192.in-addr.arpa
- Uluhlu lweengxaki
- Isishwankathelo
Ukudala ifayile yeMain Master Zone yohlobo "Reverse" 10.168.192.in-addr.arpa
Igama lendawo liyayivelisa, akunjalo? Kwaye iMimandla eReverse inyanzelekile ukuba ibe nesisombululo esichanekileyo samagama ngokwemigangatho ye-Intanethi. Akukho nto sinokuyenza ngaphandle kokudala leyo ihambelana nendawo yethu. Kule nto sisebenzisa ifayile njenge template /etc/bind/db.127:
cp /etc/bind/db.127 /var/cache/bind/192.168.10.rev
Sihlela ifayile /var/cache/bind/192.168.10.rev kwaye siyishiya ngolu hlobo:
; /var/cache/bind/192.168.10.rev ; ; I-BIND ifayile yedatha ebuyela umva ye-master zone 10.168.192.in-addr.arpa; BIND iifayile zedatha ye-Master Zone (Reverse) 10.168.192.in-addr.arpa; $TTL 604800 @ IN SOA ns.amigos.cu. ingcambu.amigos.cu. ( 2 ; Uthotho 604800 ; Hlaziya 86400 ; Zama kwakhona 2419200 ; Phela 604800 ; I-Negative Cache TTL ; @ KWI-NS ns. 10 KWI-PTR ns.amigos.cu. 1 KWI-PTR gandalf.amigos.cu. 9 KWI-PTR imeyile.amigos.cu. 20 KWI-PTR web.amigos.cu. 100 IN PTR fedex.amigos.cu. ; Singakwazi nokubhala idilesi ye-IP epheleleyo. Umzekelo: ; 192.168.10.1 KWI-PTR gandalf.amigos.cu.
- Qaphela ukuba njani kule meko siye sashiya amaxesha ngemizuzwana njengoko zidalwe ngokungagqibekanga xa i bopha9. Isebenza ngokufanayo. Ngamaxesha afanayo nalawo aboniswe kwifayile abahlobo.cu.host. Xa uthandabuza, jonga.
- Kwakhona qaphela ukuba sibhengeza kuphela iirekhodi ezibuyela umva zenginginya ezine-IP eyabelweyo okanye "yokwenyani" kwi-LAN yethu, kwaye iyichonge ngokukodwa.
- Khumbula ukuhlaziya ifayile yeReverse Zone NGAZO ZONKE iidilesi ezichanekileyo ze-IP ezichazwe kwiNdawo eNgqo.
- Khumbula ukwandisa i Indawo yothotho inombolo ngalo lonke ixesha belungisa ifayile naphambi kokuphinda baqale BIND.
Makhe sijonge indawo entsha eyenziwe:
igama-checkzone 10.168.192.in-addr.arpa /var/cache/bind/192.168.10.rev
Sijonga ubumbeko:
igama-checkconf -z enegama-i-checkconf -p
Ukuba yonke into ihambe kakuhle, siqala kwakhona inkonzo:
service bind9 ukuqala kwakhona
Ukusukela ngoku ukuya phambili, ngalo lonke ixesha silungisa iifayile zommandla, kufuneka siphumeze kuphela:
rndc kwakhona
Ngaloo nto sibhengeza isitshixo kwi /etc/bind/named.conf.options, hayi?
Uluhlu lweengxaki
Umxholo ochanekileyo wefayile ubaluleke kakhulu. /etc/resolv.conf njengoko sibonile kwisahluko esingaphambili. Khumbula ukubonisa kuyo ubuncinane oku kulandelayo:
khangela amigos.cu nameserver 192.168.10.20
Myalelo ukumba yephakheji dnsutil. Kwikhonsoli, chwetheza imiyalelo eyandulelwa ngu #:
# dig -x 127.0.0.1 ..... ;; ICANDELO LEMPENDULO: 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost. .... # dig -x 192.168.10.9 .... ;; ICANDELO LEMPENDULO: 9.10.168.192.in-addr.arpa. 604800 KWI-PTR mail.amigos.cu. .... # umamkeli gandalf gandalf.amigos.cu unedilesi 192.168.10.1 # umamkeli gandalf.amigos.cu gandalf.amigos.cu unedilesi 192.168.10.1 # dig gandalf ; <<>> DiG 9.7.2-P3 <<>> gandalf ;; iinketho zehlabathi: +cmd ;; unxibelelwano luphelelwe lixesha; akukho seva zifikelelwayo # dig gandalf.amigos.cu .... ;; ICANDELO LEMPENDULO: gandalf.amigos.cu. 604800 KWI-192.168.10.1 .... Ukuba unofikelelo kwi-Cuban okanye kwi-Intanethi yeHlabathi, kwaye abaPhambili babhengezwe ngokuchanekileyo, zama: # dig debian.org .... ;; ICANDELO LOMBUZO: ;debian.org. KWI ;; ICANDELO LEMPENDULO: debian.org. 3600 IN A 86.59.118.148 debian.org. 3600 IN A 128.31.0.51 .... # host bohemia.cu bohemia.cu inedilesi 190.6.81.130 # host yahoo.es yahoo.es inedilesi 77.238.178.122 yahoo.es inedilesi 87.248.120.148 umphatho yahoo.es ngo-10 mx-eu.mail.am0.yahoodns.net. # dig -x 77.238.178.122 ;; ICANDELO LEMPENDULO: 122.178.238.77.in-addr.arpa. 429 KWI-PTR w2.rc.vip.ird.yahoo.com.
... kwaye ngokubanzi kunye nezinye iindawo ezingaphandle kwi-LAN yethu. Thetha kwaye ufumane malunga nezinto ezinomdla kwi-Intanethi.
Enye yeendlela ezilungileyo zokujonga ukusebenza komncedisi bopha9, kwaye ngokubanzi nayiphi na enye inkonzo efakiweyo, ngokufunda imveliso ye System Log imiyalezo usebenzisa umyalelo umsila -f / var / log / syslog yenziwe njengomsebenzisiIngcambu.
Kuyathakazelisa kakhulu ukubona imveliso yaloo myalelo xa sibuza indawo yethu BINDLELA umbuzo malunga nommandla wangaphandle okanye umkhosi. Kuloo meko sinokuboniswa ngeemeko ezininzi:
- Ukuba asikwazi ukufikelela kwi-Intanethi, umbuzo wethu awuyi kuphumelela.
- Ukuba sinokufikelela kwi-Intanethi kwaye ASINGABAbhengezi abaThumeli, kusenokwenzeka ukuba singafumani mpendulo.
- Ukuba sinokufikelela kwi-Intanethi kwaye sibhengezwe ngabaThumeli, siya kufumana impendulo kuba baya kuba noxanduva lokubonisana neeseva ze-DNS eziyimfuneko.
Ukuba sisebenza kwi-a I-LAN evaliweyo apho kungenakwenzeka ukuba uphume ngaphandle nangayiphi na indlela kwaye asinabo abaThumeli balo naluphi na uhlobo, sinokususa imiyalezo yokukhangela kwi Iingcambu zeeseva "ikhupha" ifayile /etc/bind/db.root. Ukwenza oku, sigcina kuqala ifayile ngelinye igama kwaye sicime yonke imixholo yayo. Emva koko sijonga uqwalaselo kwaye siqale kwakhona inkonzo:
cp /etc/bind/db.root /etc/bind/db.root.original cp /dev/null /etc/bind/db.root named-checkconf -z igama-checkconf -p inkonzo bind9 iqale kwakhona
Isishwankathelo
Yiyo loo nto, oogxa, isingeniso esifutshane kwinkonzo ye-DNS. Into esiyenzileyo ukuza kuthi ga ngoku inokusisebenzela ngokugqibeleleyo ishishini lethu elincinci. Kwakhona kwindlu ukuba senza oomatshini ababonakalayo abaneenkqubo ezahlukeneyo zokusebenza kunye needilesi ezahlukeneyo ze-IP, kwaye asifuni ukubhekisela kubo nge-IP kodwa ngegama labo. Ndihlala ndifaka i-BIND kumamkeli wasekhaya ukufaka, ukuqwalasela kunye nokuvavanya iinkonzo ezixhomekeke kakhulu kwinkonzo ye-DNS. Ndisebenzisa kakhulu iDesktop Ebonakalayo kunye neeSeva, kwaye andithandi ukugcina ifayile / njl / imikhosi kumatshini ngamnye. Ndiyaphosisa kakhulu.
Ukuba awuzange uyifake kwaye uqwalasele i-BIND, nceda ungatyhafi xa kukho into engahambi kakuhle kwi-try yakho yokuqala kwaye kufuneka uqale ekuqaleni kwakhona. Sihlala sincoma kule meko ukuba uqale ngokufakela okucocekileyo. Kufanelekile ukuzama!
Kwabo bafuna ukufumaneka okuphezulu kwinkonzo yokusombulula amagama, enokuthi iphunyezwe ngokumisela umncedisi weSekondari oyiNtloko, sincoma ukuqhubeka nathi kuhambo olulandelayo: I-DNS yeSekondari ye-DNS ye-LAN.
Sivuyisana nabo balandele onke amanqaku baza bafumana iziphumo ezilindelekileyo!
Ekugqibeleni!.. isithuba sokugqibela :D!
Enkosi ngokwabelana ngayo mhlobo!
Nibuliso!
Inika umdla kakhulu, amanqaku akho, ndine-DNS egunyazisiweyo ebekwe kwi-freeBSD yesizinda se.edu.mx, ukuza kuthi ga ngoku isebenze ngokugqibeleleyo kum, kodwa kwinyanga ephelileyo ndifumanise uhlaselo oluninzi, ngokubhekiselele kumncedisi, ingaba yintoni iindlela zokuzikhusela kwi-DNS eveziweyo?, kwaye andazi ukuba kuyenzeka na, ukuba nenkosi evezwe kwi-Intanethi kunye neyesibini esebenzela i-LAN encinci yeekhompyuter ezingama-60, zombini i-DNS iqhagamshelwe, okanye ikwazi chaza imimandla emibini, enye yangaphakathi kunye enye yangaphandle, enkosi kwi-master
Iphakheji yokucudisa i-bind9 inengxaki yokusebenza kunye ne-Samba, inguqulo ye-9.8.4 sele ikhona kwisebe le-backports ye-squeeze, i-wheeze version ayinayo le ngxaki, kuba i-lenny venenux.net iya kuyibuyisela iphakheji.
Inqaku elilunge kakhulu.
Eli kuphela inqaku elichaza yonke into kakuhle.
Kufuneka kuqatshelwe ukuba i-acl ye-spofing ayinamsebenzi kuba iyakuhlatywa kwakhona kuthungelwano lwangaphakathi, isisombululo siya kuba kukukhanyela ukuhanjiswa kwabathengi, kunye nokudala i-acl eyinkimbinkimbi evimbela ukuthunyelwa kwegama (into efana ne-static DNS).
ICEBISO ELIZODWA:
Kuya kuba kuhle ukuba noqwalaselo olongezelelweyo lwendlela yokwenza umxholo wokucoca i-DNS endaweni ye-firewall
Enkosi ngokuphawula @PICCO !!!.
Ndivakalisa ekuqaleni kwawo onke amanqaku am ukuba andiziboni njengengcali. Kancinci kumcimbi we-DNS. Apha sifunda sonke. Ndiya kuthatha iingcebiso zakho xa ufaka i-DNS ye-Intanethi kwaye kungekhona i-LAN eqhelekileyo kunye nelula.
ISIFUNDO ESIBALULEKILEYO!!! Kwaba luncedo olukhulu kum kuba ndiqala nje kule ntsimi yeeseva, yonke into isebenze kakuhle kum. Enkosi kwaye uqhubeke nokupapasha ezo mfundiso zintle kangaka !!!
Fico, kwakhona ndiyavuyisana nawe ngale nto ibalulekileyo.
Andiyongcaphephe kwi-BIND9, ndixolele ukuba andilunganga kuluvo lwam, kodwa ndicinga ukuba uphose ukuchaza indawo yokukhangela umva kwifayile enegama.conf.local
Kubuhlungu shame uFico akakwazi kukuphendula kwangoku.
Ndiyabulisa kwaye ndiyabulela, u-Elav, kwaye apha ndiyasabela. Njengesiqhelo ndincoma ukuba ufunde kancinci… 🙂
Kwiposti: https://blog.desdelinux.net/dns-maestro-primario-para-una-lan-en-debian-6-0-iii/
Ndibhala oku kulandelayo:
Uhlengahlengiso kwifayile /etc/bind/named.conf.local
Kule fayile sibhengeza imimandla yendawo yendawo yethu. Kufuneka sibandakanye iMimandla eNgqo kunye neReverse ubuncinane. Khumbula ukuba kwifayile yoqwalaselo /etc/bind/named.conf.options sibhengeza ukuba yeyiphi i-directory esiya kubamba iifayile zeZones usebenzisa i-directory ye-directory. Ekugqibeleni, ifayile kufuneka ijongeke ngolu hlobo:
// /etc/bind/named.conf.local
//
// Yenza naluphi na uqwalaselo lobulali apha
//
// Cinga ukongeza iindawo ze-1918 apha, ukuba azisetyenziswanga kwindawo yakho
// umbutho
//zibandakanya "/etc/bind/zones.rfc1918";
// Amagama efayile zowuni nganye
// incasa yomthengi. Sakhetha abahlobo.cu.hosts
// kunye ne-192.168.10.rev kuba basinika ukucaca kwabo
// imixholo. Akusekho mfihlakalo 😉
//
// Amagama eZowuni AKUQHELEKILEYO
// kwaye iya kuhambelana negama lesizinda sethu
// sele ikwi-subnet ye-LAN
// uMmandla oPhambili oPhambili: "Ngqo" uhlobo
indawo «friends.cu» {
uhlobo lwenkosi;
ifayile "friends.cu.hosts";
};
// uMmandla oPhambili oPhambili: "Inverse" uhlobo
ummandla "10.168.192.in-addr.arpa" {
uhlobo lwenkosi;
ifayile "192.168.10.rev";
};
// Ukuphela kwefayile enegama.conf.local
Molo, izithuba zakho malunga ne-DNS zinomdla kakhulu, ziye zandinceda ukuba ndiqalise ngombandela, enkosi. Ndiyacacisa ukuba ndingumntu omtsha ngale nto. Kodwa ngokufunda ulwazi lwakho olupapashiweyo ndiye ndaqaphela ukuba usebenza ngeedilesi ezisisigxina kwiinginginya zenethiwekhi yangaphakathi. Inkxalabo yam kukuba, umntu angenza njani ngomnatha wangaphakathi oneedilesi ze-IP eziguquguqukayo, ezabelwe ngumncedisi we-dhcp, ukwenza "ngqo" kunye "nokubuyisela umva" iifayile eziphambili zommandla?
Ndingakuthakazelela ukukhanya onokuthi ukhuphe kwinkxalabo ephakanyisiweyo. Enkosi. F.V.
Enkosi ngokuphawula, @fabian. Unokujongana namanqaku alandelayo, endithemba ukuba aya kukunceda uphumeze uthungelwano oluneedilesi eziguqukayo:
https://blog.desdelinux.net/servicio-de-directorio-con-ldap-2-ntp-y-dnsmasq/
https://blog.desdelinux.net/servicio-de-directorio-con-ldap-3-isc-dhcp-server-y-bind9/
Phendula nge quote