Olupin DNS Alaṣẹ NSD + Shorewall - Awọn nẹtiwọọki SME

Atọka gbogbogbo ti jara: Awọn nẹtiwọọki Kọmputa fun Awọn SME: Ifihan

Nkan yii jẹ itesiwaju ti:

Kaabo awọn ọrẹ ati ọrẹ!

Ẹgbẹ Awọn ololufẹ ra orukọ ìkápá ayelujara latilinux.fan Olupese Awọn Iṣẹ Intanẹẹti rẹ tabi ISP. Gẹgẹbi apakan ti ohun-ini yii, wọn beere lọwọ ISP wọn lati ṣafikun gbogbo awọn igbasilẹ DNS ti o ṣe pataki fun awọn ibeere ti o yẹ nipa agbegbe wọn lati yanju lati Intanẹẹti.

Wọn tun beere pe ki awọn igbasilẹ SRV wa pẹlu nipa XMPP nitori wọn gbero lati fi sori ẹrọ olupin fifiranṣẹ lẹsẹkẹsẹ ti o da lori Atilẹyin iyẹn yoo darapọ mọ federation ti o wa tẹlẹ ti awọn olupin XMMP ibaramu lori Intanẹẹti.

  • Idi akọkọ ti nkan yii ni lati fihan bi a ṣe le ṣe afihan ninu faili agbegbe agbegbe DNS awọn igbasilẹ SRV ti o ni ibatan si iṣẹ Ifiranṣẹ Fifiranṣẹ lẹsẹkẹsẹ XMPP..
  • Fifi sori ẹrọ ti awọn Odi ogiri Pẹlu wiwo nẹtiwọọki kan ṣoṣo, o le sin awọn ti o pinnu lati fi sori ẹrọ olupin bi eleyi lati ṣakoso Agbegbe DNS ti a firanṣẹ. Ti olupin yẹn ba sopọ si LAN Idawọle ni afikun si Intanẹẹti, awọn eto pataki ni o gbọdọ ṣe lati lo awọn atọkun nẹtiwọọki meji.

Mimọ olupin

A yoo fi sori ẹrọ olupin DNS aṣẹ NSD lori Debian “Jessie”. Eyi ni olupin gbongbo fun "afẹfẹ." Awọn ifilelẹ akọkọ ti olupin ni:

Orukọ: ns.fan Adirẹsi IP: 172.16.10.30 root @ ns: ~ # orukọ olupin
ns

root @ ns: ~ # orukọ ogun --fqdn
ns.àìpẹ

root @ ns: ~ # ip addr show
1: kini: mtu 65536 qdisc noqueue ipinle UNKNOWN ọna asopọ aiyipada ẹgbẹ / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 agbalejo dopin wo valid_lft lailai prefer_lft lailai inet6 :: 1/128 agbalejo oniduro valid_lft lailai ti a fẹ_lft lailai 2: eth0: mtu 1500 qdisc pfifo_fast ipinle UP aiyipada ẹgbẹ qlen 1000 ọna asopọ / ether 00: 0c: 29: dc: d7: 1b brd ff: ff: ff: ff: ff: ff inet 172.16.10.30/24 brd 172.16.10.255 dopin agbaye eth0 valid_lft lailai afihan_lft lailai inet6 fe80 :: 20c: 29ff: fedc: d71b / 64 ọna asopọ dopin valid_lft lailai ayanfẹ_lft lailai

Odi ogiri

Ṣaaju ki o to lọ pẹlu iṣẹ kan si Abule WWW, o jẹ rere pupọ lati daabobo olupin ati awọn iṣẹ ti o pese nipasẹ Firewall ti o lagbara - Olulana. Shorewall jẹ irọrun rọrun lati tunto ati pe o jẹ aṣayan ailewu fun aabo.

  • Eto ti o tọ ati pipe ti ogiriina kan jẹ iṣẹ-ṣiṣe ti awọn alamọ tabi awọn amoye, eyiti awa kii ṣe. A nfunni ni itọsọna nikan fun iṣeto kekere ati iṣẹ-ṣiṣe.

A fi sori ẹrọ package shorewall ati awọn iwe rẹ.

root @ ns: ~ # aptitude show shorewall fihan
Package: shorewall Tuntun: bẹẹni Ipò: ko fi sori ẹrọ
Ẹya: 4.6.4.3-2

root @ ns: ~ # aptitude fi sori ẹrọ shorewall shorewall-doc

Iwe akosilẹ

Iwọ yoo wa awọn iwe lọpọlọpọ ni awọn folda naa:

  • / usr / ipin / doc / shorewall
  • / usr / ipin / doc / shorewall / apeere
  • / usr / ipin / doc / shorewall-doc / html

A tunto fun wiwo nẹtiwọọki kan

root @ ns: ~ # cp / usr / share / doc / shorewall / apeere / ọkan-ni wiwo / awọn atọkun \
/ ati be be lo / shorewall /

root @ ns: ~ # nano / ati be be lo / shorewall / awọn atọkun
Awọn aṣayan INTERFACE #ZONE net eth0 tcpflags, logmartians, nosmurfs, sourceroute = 0

A kede awọn agbegbe ogiriina

root @ ns: ~ # cp / usr / share / doc / shorewall / apeere / ọkan-ni wiwo / awọn agbegbe \
/ ati be be lo / shorewall /

root @ ns: ~ # nano / ati be be lo / shorewall / awọn agbegbe
AWỌN OHUN TI AWỌN NIPA TI AWỌN NIPA NI OUT

Awọn ilana aiyipada lati wọle si ogiriina

root @ ns: ~ # cp / usr / share / doc / shorewall / apeere / ọkan-ni wiwo / imulo \
/ ati be be lo / shorewall /

root @ ns: ~ # nano / ati be be lo / shorewall / imulo
#SOURCE DEST POLLY LOG LẸLẸ IWỌN: TITUN $ FW net ACCEPT
apapọ gbogbo DROP info
# OHUN TI O SI ṢE ṢE LATI ṢE TI GBOGBO gbogbo KỌ alaye ti o kọ

Awọn ofin fun iraye si ogiriina

root @ ns: ~ # cp / usr / share / doc / shorewall / apeere / ọkan-ni wiwo / ofin \
/ ati be be lo / shorewall /

root @ ns: ~ # nano / ati be be lo / shorewall / awọn ofin
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER / MARK CON $ # PORT PORT (S) DEST LIMIT GROUP? IPA GBOGBO? IPILE TI A ṢE ṢE? IPẸ TI O ṢE? NIPA INVALID? IPAN TI A ṢATI? awọn apo-iwe ni ipo alaiwu kan Nẹtiwọọki (DROP) apapọ $ FW tcp # Ju Pingi lati “buburu” net agbegbe .. ki o ṣe idiwọ akọọlẹ rẹ lati jẹ omi. # Sọ Ping kuro ni agbegbe apapọ “buburu”. # Ṣe idiwọ iṣan omi ti log log (/ var / log / syslog) Ping (DROP) net $ FW # Faye gba gbogbo ijabọ ICMP LATI ogiriina SI agbegbe apapọ # Gba gbogbo ijabọ ICMP LATI ogiriina SI agbegbe naa net. Gba $ FW net icmp

# Awọn ofin tirẹ # Wiwọle nipasẹ SSH lati awọn kọnputa meji
SSH / Gba net: 172.16.10.1,172.16.10.10 $ FW tcp 22

# Gba laaye ijabọ lori awọn ibudo 53 / tcp ati 53 / udp
Gba apapọ $ FW tcp 53
Gba apapọ $ FW udp 53

A ṣayẹwo sintasi ti awọn faili iṣeto ni

root @ ns: ~ # ṣayẹwo shorewall
Ṣiṣayẹwo ... Ṣiṣe / ati be be lo / shorewall / params ... Ilana /etc/shorewall/shorewall.conf ... Awọn modulu Ikojọpọ ... Ṣiṣayẹwo / ati be be lo / shorewall / awọn agbegbe ... Ṣiṣayẹwo / ati bẹbẹ / shorewall / awọn atọkun .. Ṣiṣe ipinnu Awọn ogun ni Awọn agbegbe ... Wiwa Awọn faili Iṣe ... Ṣiṣayẹwo / ati be be lo / shorewall / ilana ... Fifi Awọn ofin Anti-smurf Ṣiṣayẹwo asia Awọn ami TCP ... Ṣiṣayẹwo Ṣiṣayẹwo Ọna Ekuro ... Ṣiṣayẹwo Wọle Martian ... Ṣiṣayẹwo Gba Afisona Orisun ... Ṣiṣayẹwo Ajọ MAC - Ipele 1 ... Ṣiṣayẹwo / ati be be lo / shorewall / awọn ofin ... Ṣiṣayẹwo / ati be be lo / shorewall / conntrack ... Ṣiṣayẹwo Ajọ MAC - Ipele 2 ... Nmu Awọn Ilana .. Ṣiṣayẹwo /usr/share/shorewall/action.Drop fun pq Ju silẹ ... Ṣiṣayẹwo /usr/share/shorewall/action.Broadcast fun igbohunsafefe Itanna ... Ṣayẹwo iṣeto iṣeto Shorewall

root @ ns: ~ # nano / ati be be lo / aiyipada / shorewall
# ṣe idiwọ ibẹrẹ pẹlu iṣeto aiyipada # ṣeto iyipada atẹle si 1 ni lati gba Shorewall laaye lati bẹrẹ
ibẹrẹ =1
------

root @ ns: ~ # iṣẹ shorewall ibere
root @ ns: ~ # iṣẹ tun bẹrẹ iṣẹ
root @ ns: ~ ipo iṣẹ shorewall
● shorewall.service - LSB: Tunto ogiriina ni akoko bata Ti kojọpọ: ti kojọpọ (/etc/init.d/shorewall) Ti n ṣiṣẹ: ti nṣiṣe lọwọ (jade) lati Sun 2017-04-30 16:02:24 EDT; 31min ago Ilana: 2707 ExecStop = / ati be be lo / init.d / shorewall stop (koodu = jade, ipo = 0 / SUCCESS) Ilana: 2777 ExecStart = / ati be be / init.d / shorewall ibere (koodu = jade, ipo = 0 / Aseyori)

O jẹ eto-ẹkọ pupọ lati ka daradara iṣujade ti aṣẹ naa awọn iptables -L paapaa ni ibatan si awọn ilana aiyipada fun INPUT, SIWAJU, OUTPUT, ati awọn ti o kọ - kọ ogiriina lati daabobo lodi si awọn ikọlu ita. O kere ju, o lọ si Intanẹẹti pẹlu aabo kekere kan, otun? 😉

gbongbo @ ns: ~ # iptables -L

NSD

root @ ns: ~ # aptitude show nsd
Package: nsd Tuntun: bẹẹni Ipo: fi sori ẹrọ Ti fi sori ẹrọ laifọwọyi: rara
Ẹya: 4.1.0-3

root @ ns: ~ # aptitude fi sori ẹrọ nsd
root @ ns: ~ # ls / usr / share / doc / nsd /
ṣe alabapin changelog.Debian.gz Awọn ibeere ibeere NSD-DIFFFILE.gz awọn apẹẹrẹ changelog.gz NSD-FOR-BIND-USERS.gz TODO.gz awọn iyatọ aladakọ aṣẹ.pdf.gz README.gz Igbesoke awọn ẹtọ NSD-DATABASE RELNOTES.gz

root @ ns: ~ # nano /etc/nsd/nsd.conf
Faili atunto # NSD fun Debian. # Wo oju-iwe eniyan nsd.conf (5).
# Wo /usr/share/doc/nsd/examples/nsd.conf fun asọye kan
# itọkasi konfigi faili.
# Laini atẹle pẹlu awọn faili iṣeto ni afikun lati itọsọna # /etc/nsd/nsd.conf.d. # IKILỌ: Ara agbaye ko ṣiṣẹ sibẹsibẹ ... # pẹlu: "/etc/nsd/nsd.conf.d/*.conf" olupin: logfile: "/var/log/nsd.log" ip-address : 172.16.10.30 # tẹtisi lori awọn isopọ IPv4 ṣe-ip4: bẹẹni # tẹtisi lori awọn isopọ IPv6 ṣe-ip6: ko si ibudo lati dahun awọn ibeere lori. aiyipada jẹ 53. ibudo: orukọ olumulo 53: nsd # Ni awọn agbegbe, aṣayan-xfr aṣayan jẹ fun agbegbe # sọwedowo axfr: orukọ: fan zonefile: /etc/nsd/fan.zone zone: orukọ: latilinux.fan
    zonefile: /etc/nsd/desdelinux.fan.zone pese-xfr: 172.16.10.250 NOKEY zone: name: 10.16.172.ni-addr.arpa
    zonefile: /etc/nsd/10.16.172.arpa.zone pese-xfr: 172.16.10.250 NOKEY zone: name: swl.fan zonefile: /etc/nsd/swl.fan.zone zone: name: debian.fan zonefile: /etc/nsd/debian.fan.zone zone: orukọ: centos.fan zonefile: /etc/nsd/centos.fan.zone zone: orukọ: freebsd.fan zonefile: /etc/nsd/freebsd.fan.zone


root @ ns: ~ # nsd-checkconf /etc/nsd/nsd.conf
gbongbo @ ns: ~ #

A ṣẹda awọn faili Awọn agbegbe

Agbegbe gbongbo «alafẹfẹ.»Tunto ni isalẹ jẹ FUN IDANWO NIKAN ko yẹ ki o gba apẹẹrẹ. A kii ṣe Awọn Alakoso ti Awọn olupin Orukọ Ohun-ini Gidi. 😉

gbongbo @ ns: ~ # nano /etc/nsd/fan.zone
$ ORIGIN fan. $ TTL 3H @ NI SOA ns.fan. root.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS ns.fan. @ INU A 172.16.10.30; ns INU A 172.16.10.30

root @ ns: ~ # nano /etc/nsd/desdelinux.fan.zone
$ ORIGIN lati linux.fan. $ TTL 3H @ IN SOA ns.fromlinux.fan. root.fromlinux.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS ns.fromlinux.fan. @ IN MX 10 mail.fromlinux.fan. @ IN TXT "v = spf1 a: mail.desdelinux.fan -gbogbo"; ; Wọle lati yanju awọn ibeere iwun lati linux.fan @ INU A 172.16.10.10; ns IN A 172.16.10.30 meeli IN CNAME lati linux.fan. iwiregbe IN CNAME lati linux.fan. www IN CNAME lati linux.fan. ; ; Awọn igbasilẹ SRV ti o ni ibatan si XMPP
_xmpp-server._tcp IN SRV 0 0 5269 lati linux.fan.
_xmpp-client._tcp IN SRV 0 0 5222 lati linux.fan.
_jabber._tcp IN SRV 0 0 5269 lati linux.fan.

root @ ns: ~ # nano /etc/nsd/10.16.172.arpa.zone
$ ORIGIN 10.16.172.in-addr.arpa.
$ TTL 3H @ IN SOA ns.fromlinux.fan. root.fromlinux.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS ns.fromlinux.fan. ; 30 NI PTR ns.fromlinux.fan. 10 IN PTR lati linux.fan.

root @ ns: ~ # nsd-checkzone lati linux.fan / etc / nsd / lati linux.fan.zone
agbegbe lati linux.fan dara
root @ ns: ~ # nsd-checkzone 10.16.172.in-addr.arpa /etc/nsd/10.16.172.arpa.zone
agbegbe 10.16.172.in-addr.arpa dara # Lori Debian, NSD fopin si fifi sori ẹrọ rẹ ti o ṣiṣẹ nipa aiyipada
root @ ns: ~ # systemctl tun bẹrẹ nsd
gbongbo @ ns: ~ ipo ipo systemctl nsd
Nsd.service - Orukọ olupin Daemon Ti kojọpọ: ti kojọpọ (/lib/systemd/system/nsd.service; mu ṣiṣẹ) Ti n ṣiṣẹ: nṣiṣe lọwọ (nṣiṣẹ) lati Sun 2017-04-30 09:42:19 EDT; 21min ago PID akọkọ: 1230 (nsd) CGroup: /system.slice/nsd.service ├─1230 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf ├─1235 / usr / sbin / nsd - d -c /etc/nsd/nsd.conf └─1249 / usr / sbin / nsd -d -c /etc/nsd/nsd.conf

Awọn sọwedowo lati ọdọ olupin ns.fan funrararẹ

root @ ns: ~ # agbalejo lati linux.fan
desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

root @ ns: ~ # gbalejo mail.fromlinux.fan
mail.desdelinux.fan jẹ inagijẹ fun desdelinux.fan. desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

gbongbo @ ns: ~ # ogun host.fromlinux.fan
chat.desdelinux.fan jẹ inagijẹ fun desdelinux.fan. desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti ni abojuto nipasẹ meeli meeli 10.desdelinux.fan.

root @ ns: ~ # gbalejo www.desdelinux.fan
www.desdelinux.fan jẹ inagijẹ fun desdelinux.fan. desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

root @ ns: ~ # agbalejo ns.fromlinux.fan
ns.fromlinux.fan ni adirẹsi 172.16.10.30

gbongbo @ ns: ~ # agbalejo 172.16.10.30
30.10.16.172.in-addr.arpa orukọ ìkápá ijuboluwole ns.fromlinux.fan.

gbongbo @ ns: ~ # agbalejo 172.16.10.10
10.10.16.172.in-addr.arpa orukọ ìkápá orukọ ijuboluwole lati linux.fan.

gbongbo @ ns: ~ # ogun ns.fan
ns.fan ni adirẹsi 172.16.10.30

Awọn sọwedowo ipinnu orukọ lati Intanẹẹti

  • Awọn ibeere DNS alaye ko tobi pupọ, nitori iṣiṣẹ to tọ ti ipinnu Orukọ ase yoo dale de iwọn nla lori iṣẹ to tọ ti nẹtiwọọki.

Lati ṣe awọn ibeere DNS Mo ti sopọ si yipada mi - yipada idanwo, kọǹpútà alágbèéká kan pẹlu IP 172.16.10.250 ati ẹnu-ọna 172.16.10.1, Adirẹsi IP ti o baamu si ibudo iṣẹ mi sysadmin.fromlinux.fan bi a ti mọ lati awọn nkan iṣaaju.

sandra @ laptop: ~ $ sudo ip addr show
1: kini: mtu 16436 qdisc noqueue ipinle UNKNOWN ọna asopọ / loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00 inet 127.0.0.1/8 host dopin wo inet6 :: 1/128 agbalejo onigbọwọ valid_lft lailai prefer_lft lailai 2: eth0: mtu 1500 qdisc pfifo_fast ipinle UP qlen 1000 ọna asopọ / ether 00: 17: 42: 8e: 85: 54 brd ff: ff: ff: ff: ff: ff inet 172.16.10.250/24 brd 172.16.10.255 dopin agbaye eth0 inet6 fe80: : 217: 42ff: fe8e: 8554/64 ọna asopọ dopin valid_lft lailai ayanfẹ_lft lailai 3: wlan0: mtu 1500 qdisc noop ipinle DOWN qlen 1000 ọna asopọ / ether 00: 1d: e0: 88: 09: d5 brd ff: ff: ff: ff: ff: ff 4: pan0: mtu 1500 qdisc noop ipinle DOWN ọna asopọ / ether de: 0b: 67: 52: 69: ad brd ff: ff: ff: ff: ff: ff


sandra @ laptop: ~ $ sudo ipa -n
Tabili afisona IP Kernel Gateway Genmask Flags Metric Ref Lo Iface 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 0 eth0 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

sandra @ laptop: ~ $ ologbo /etc/resolv.conf
nameserver 172.16.10.30

sandra @ laptop: ~ $ gbalejo lati linux.fan
desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

sandra @ laptop: ~ $ gbalejo mail.fromlinux.fan
mail.desdelinux.fan jẹ inagijẹ fun desdelinux.fan. desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

sandra @ laptop: ~ $ gbalejo ns.fromlinux.fan
ns.fromlinux.fan ni adirẹsi 172.16.10.30

sandra @ laptop: ~ $ gbalejo 172.16.10.30
30.10.16.172.in-addr.arpa orukọ ìkápá ijuboluwole ns.fromlinux.fan.

sandra @ laptop: ~ $ gbalejo 172.16.10.10
10.10.16.172.in-addr.arpa orukọ ìkápá orukọ ijuboluwole lati linux.fan.

sandra @ laptop: ~ $ ogun -t SRV _xmpp-server._tcp.fromlinux.fan
_xmpp-server._tcp.desdelinux.fan ni igbasilẹ SRV 0 0 5269 lati linux.fan.

sandra @ laptop: ~ $ ogun -t SRV _xmpp-client._tcp.fromlinux.fan
_xmpp-client._tcp.ti linux.fan ni igbasilẹ SRV 0 0 5222 lati linux.fan.

sandra @ laptop: ~ $ ogun -t SRV _jabber._tcp.fromlinux.fan
_jabber._tcp.desdelinux.fan ni igbasilẹ SRV 0 0 5269 lati linux.fan.

sandra @ laptop: ~ $ gbalejo -a fan.
Igbiyanju "afẹfẹ" ;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 57542 ;; awọn asia: qr aa rd; IBEERE: 1, IDAHUN: 3, ASE: 0, ADIRI: 1 ;; IPE IBEERE :; fan. NI KANKAN ;; IP ÌDSWH :N: àìpẹ. 10800 NI SOA ns.fan. root.fan. 1 86400 3600 604800 10800 àìpẹ. 10800 IN NS ns.fan. alafẹfẹ. 10800 INU A 172.16.10.30 ;; IPIN TUN SI: ns.fan. 10800 IN A 172.16.10.30 Ti gba awọn baiti 111 lati 172.16.10.30 # 53 ni 0 ms
  • A ni imomose ṣeto adirẹsi 172.16.10.250  Lori Kọǹpútà alágbèéká, lati ṣayẹwo GBOGBO OHUN nipasẹ ibeere DNS AXFR kan, niwọn bi a ti tunto Awọn agbegbe lati gba laaye-laisi eyikeyi ọrọigbaniwọle- iru ibeere yii lati IP yẹn.
sandra @ laptop: ~ $ digi desdelinux.fan axfr
; << >> DiG 9.9.5-9 + deb8u6-Debian << >> lati linux.fan axfr ;; awọn aṣayan agbaye: + cmd lati linux.fan. 10800 NI SOA ns.fromlinux.fan. root.fromlinux.fan. 1 86400 3600 604800 10800 lati linux.fan. 10800 IN NS ns.fromlinux.fan. lati linux.fan. 10800 IN MX 10 mail.fromlinux.fan. lati linux.fan. 10800 IN TXT "v = spf1 a: mail.desdelinux.fan -gbogbo" lati linux.fan. 10800 NI A 172.16.10.10 _jabber._tcp.fromlinux.fan. 10800 IN SRV 0 0 5269 lati linux.fan. _xmpp-client._tcp.fromlinux.fan. 10800 IN SRV 0 0 5222 lati linux.fan. _xmpp-server._tcp.fromlinux.fan. 10800 IN SRV 0 0 5269 lati linux.fan. chat.fromlinux.fan. 10800 IN CNAME lati linux.fan. mail.fromlinux.fan. 10800 IN CNAME lati linux.fan. ns.fromlinux.fan. 10800 INU A 172.16.10.30 www.desdelinux.fan. 10800 IN CNAME lati linux.fan. lati linux.fan. 10800 NI SOA ns.fromlinux.fan. root.fromlinux.fan. 1 86400 3600 604800 10800 ;; Akoko ibeere: 0 msec ;; Olupin: 172.16.10.30 # 53 (172.16.10.30) ;; NIGBATI: Oorun Oṣu Kẹrin 30 10:37: 10 EDT 2017 ;; Iwọn XFR: awọn igbasilẹ 13 (awọn ifiranṣẹ 1, awọn baiti 428)

sandra @ laptop: ~ $ digi 10.16.172.in-addr.arpa axfr
; << >> DiG 9.9.5-9 + deb8u6-Debian << >> 10.16.172.in-addr.arpa axfr ;; awọn aṣayan agbaye: + cmd 10.16.172.in-addr.arpa. 10800 NI SOA ns.fromlinux.fan. root.fromlinux.fan. 1 86400 3600 604800 10800 10.16.172.in-addr.arpa. 10800 IN NS ns.fromlinux.fan. 10.10.16.172.in-addr.arpa. 10800 IN PTR lati linux.fan. 30.10.16.172.in-addr.arpa. 10800 NI PTR ns.fromlinux.fan. 10.16.172.in-addr.arpa. 10800 NI SOA ns.fromlinux.fan. root.fromlinux.fan. 1 86400 3600 604800 10800 ;; Akoko ibeere: 0 msec ;; Olupin: 172.16.10.30 # 53 (172.16.10.30) ;; NIGBATI: Oorun Kẹrin 30 10:37:27 EDT 2017 ;; Iwọn XFR: awọn igbasilẹ 5 (awọn ifiranṣẹ 1, awọn baiti 193)

sandra @ laptop: ~ $ ping ns.fromlinux.fan
PING ns.fromlinux.fan (172.16.10.30) 56 (84) awọn baiti data.

Awọn ibeere DNS to ṣe pataki ni a dahun ni deede. A tun ṣayẹwo pe Shorewall n ṣiṣẹ ni deede ati pe ko gba ping lati awọn kọmputa ti a sopọ si Intanẹẹti.

Akopọ

  • A rii bii a ṣe le fi sori ẹrọ ati tunto - pẹlu ipilẹ ati awọn aṣayan to kere - olupin DNS Aṣẹ ti o da lori NSD. A jẹrisi pe sintasi ti awọn faili agbegbe jẹ iru kanna si ti DI. Lori Intanẹẹti awọn iwe ti o dara pupọ ati pari lori NSD.
  • A pade ibi-afẹde ti iṣafihan ikede ti awọn igbasilẹ SRV ti o ni ibatan si XMPP.
  • A ṣe iranlọwọ ninu fifi sori ẹrọ ati iṣeto ni iwonba ti ogiriina ti o da lori Shorewall.

Next ifijiṣẹ

IM Prosody ati awọn olumulo agbegbe.


Awọn akoonu ti nkan naa faramọ awọn ilana wa ti awọn ilana olootu. Lati jabo aṣiṣe kan tẹ nibi.

Awọn asọye 8, fi tirẹ silẹ

Fi ọrọ rẹ silẹ

Adirẹsi imeeli rẹ yoo ko le ṣe atejade. O beere aaye ti wa ni samisi pẹlu *

*

*

  1. Lodidi fun data naa: Miguel Ángel Gatón
  2. Idi ti data naa: SPAM Iṣakoso, iṣakoso ọrọ asọye.
  3. Ofin: Iyọọda rẹ
  4. Ibaraẹnisọrọ data: Awọn data kii yoo ni ifọrọhan si awọn ẹgbẹ kẹta ayafi nipasẹ ọranyan ofin.
  5. Ibi ipamọ data: Alaye data ti o gbalejo nipasẹ Awọn nẹtiwọọki Occentus (EU)
  6. Awọn ẹtọ: Ni eyikeyi akoko o le ni opin, gba pada ki o paarẹ alaye rẹ.

  1.   fracielarevalo wi

    Awọn ọrẹ owurọ ti agbegbe linux ti o dara ẹkọ ti o dara julọ Mo gbiyanju lati fi sori ẹrọ dns ṣugbọn o sọ pe a ko rii aṣẹ yii ti o ba wa omiiran miiran lati dupẹ fun alaye naa

  2.   Alberto wi

    Ibeere?…. Ṣe iwọ kii lo SAMBA bi adari agbegbe fun awọn nẹtiwọọki SME?

  3.   Frederick wi

    fracielarevalo: Ṣe akiyesi pe nkan naa da lori fifi NSD sori ẹrọ iṣẹ Debian “Jessie”, kii ṣe lori CentOS.

    Alberto: O ni lati lọ lati rọrun si eka naa. Nigbamii a yoo rii Samba 4 bi AD-DC, iyẹn ni, Itọsọna Iroyin - Olutọju Aṣẹ. Sùúrù. Mo ṣeduro pe ki o ka nkan ti tẹlẹ, paapaa paragirafi ti o sọ pe: Njẹ ilana ijẹrisi ni ibimọ ti ARPANET, Intanẹẹti, ati awọn Nẹtiwọọki Agbegbe Wide akọkọ miiran tabi Awọn nẹtiwọọki Agbegbe Agbegbe ti o da lori LDAP, Iṣẹ Itọsọna, tabi Microsoft LSASS, tabi Itọsọna Ṣiṣẹ, tabi Kerberos? darukọ diẹ.

    Ranti pe gbogbo awọn nkan ni ibatan ati pe o jẹ lẹsẹsẹ. Emi ko ro pe o wulo ni gbogbo lati bẹrẹ ni ọna miiran ni ayika, iyẹn ni pe, lati Ilana itọsọna ati pada si PAM. Bi o ti yoo rii, ọpọlọpọ awọn iru awọn ijẹrisi pari ni PAM lori tabili Linux rẹ. Awọn solusan to rọrun bi eyi ti a bo pẹlu PAM yẹ lati kọ. Ti idi naa ba ye, o yẹ ki wọn ka ati kawe wọn.

    Ikini ati ọpẹ pupọ fun iwọ mejeeji fun asọye.

  4.   IWO wi

    Nkan nla miiran nipasẹ onkọwe, bi iṣe deede nigbagbogbo wa nkan titun ati iwulo lalailopinpin fun awọn ti wa ti o ro pe a jẹ “sysadmins”.
    Eyi ni awọn akọsilẹ mi:
    1- Lilo NSD dipo IWỌN bi olupin DNS Alaṣẹ.
    2- Fi sii ni faili agbegbe agbegbe DNS awọn igbasilẹ SRV ti o ni ibatan si iṣẹ Fifiranṣẹ lẹsẹkẹsẹ ti o ni ibamu pẹlu XMPP.
    3- Lilo Firewall Shorewall pẹlu wiwo nẹtiwọọki kan.
    Ifiweranṣẹ yii jẹ “ipilẹ” fun mi (bi o ti sọ niwọntunwọnsi ati pe o jẹ ifẹ ti onkọwe jakejado gbogbo jara SME) ti o ba jẹ ni ọjọ iwaju Mo rii ara mi ni iwulo imuse iru ojutu kan.

  5.   alangba wi

    Ẹgbẹ alara lẹẹkansi ṣe iranlọwọ fun wa lati mu imo wa pọ si ni agbegbe awọn nẹtiwọọki fun awọn SME. O ṣeun pupọ fun iru ilowosi to dara bẹ, agbegbe, ara mi ati Mo ro pe nọmba to dara ti sysadmin o ṣeun fun iru ilowosi ti ko ṣe pataki ... Ni iṣaaju Mo ni ibatan miiran pẹlu shorewall, ṣugbọn tẹ sinu ọran to wulo ni ọna ti Mo ṣe o ti ṣe nira pupọ, lẹsẹsẹ awọn nẹtiwọọki yii fun awọn SME jẹ aṣáájú-ọnà ninu iwe ni ọpọlọpọ awọn agbegbe ti sysadmin yẹ ki o mu, ni oye pe ọpọlọpọ awọn iwe ni nkan yii wa ni ede agbaye ti Gẹẹsi ...

    Maṣe da duro, oriire a si tẹsiwaju !!!

  6.   Frederick wi

    Lagarto: O ṣeun pupọ fun ọrọ rẹ ati fun ọpẹ. Mo gbiyanju lati fun ninu awọn jara ipilẹ ti o kere julọ ti Sysadmin nilo. Dajudaju, ikẹkọ ti ara ẹni ati ifẹ ti ara ẹni ti ọkọọkan lori awọn akọle kọọkan ti a sọrọ yoo dale si iwọn kan.

    A tesiwaju siwaju !!!

  7.   GhostXxX wi

    Kaabo si agbegbe linx;). Mo jẹ tuntun si OS.opte po fi awọn window silẹ ni igba atijọ ati pe emi ni itara lati kọ ẹkọ bi mo ti le ṣe .. gbogbo nkan to dara ..

  8.   Frederick wi

    O ṣeun Ẹmi fun didapọ mọ Agbegbe ati fun asọye