Bopha futhi Active Directory® - SME Networks

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani zihlobo !. Inhloso enkulu yalesi sihloko ukukhombisa ukuthi singayihlanganisa kanjani insizakalo ye-DNS ngokuya nge-BIND9 kunethiwekhi ye-Microsoft, evame kakhulu kuma-SME amaningi.

Kuvela esicelweni esisemthethweni somngani ohlala eLa Tierra del Fuego -I-Fuegian- ezikhethekile kuMicrosoft® Networks -Izitifiketi ezifakiwe- ukukukhombisa kule ngxenye yokufuduka kwamaseva akho aye eLinux. Izindleko ze- Ukuxhaswa Uchwepheshe okhokha iMicrosoft® asevele ekhona Akubekezeleleki yeNkampani asebenza kuyo futhi eyiSabelo sabaningi bayo.

Mngani wami I-Fuegian unamahlaya kakhulu, futhi njengoba abone uchungechunge lwamafilimu amathathu «INkosi yezindandatho»Wathandwa ngamagama amaningi abalingiswa bakhe abansundu. Ngakho-ke, mfundi Reader, ungamangali ngamagama wesizinda sakho kanye namaseva akho.

Kwabafikayo esihlokweni, nangaphambi kokuqhubeka nokufunda, sincoma ukuthi ufunde futhi ufunde izindatshana ezintathu ezedlule kuma-SME Networks:

• I-DNS ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
• I-DNS ne-DHCP ku-CentOS 7
• I-DNS ne-DHCP ku-Debian 8 "Jessie"

Kufana nokubuka izingxenye ezintathu kwezine ze- «Ngaphansi komhlaba»Ishicilelwe kuze kube namuhla, nokuthi lokhu kungokwesine.

Imingcele ejwayelekile

Ngemuva kokushintshana okuningi nge imeyiliEkugcineni bengicacile ngamapharamitha amakhulu wenethiwekhi yakho yamanje, okuyi:

Igama lesizinda mordor.fan LAN Network 10.10.10.0/24 ================================== == ===================================== amaseva IP Ikheli Injongo (amaseva nge OS Windows ) ============================================ = ============================== i-sauron.mordor.fan. 10.10.10.3 I-Active Directory® 2008 SR2 imamba.mordor.fan. 10.10.10.4 iseva yefayela le-Windows darklord.mordor.fan. 10.10.10.6 Ummeleli, isango nodonga lomlilo kuKerios troll.mordor.fan. 10.10.10.7 Ibhulogi esuselwe ku ... ayikhumbuli i-shadowftp.mordor.fan 10.10.10.8 Iseva ye-FTP i-blackelf.mordor.fan. 10.10.10.9 Isevisi ephelele ye-imeyili blackspider.mordor.fan. 10.10.10.10 Insiza yeWWW palantir.mordor.fan. 10.10.10.11 Xoxa ku-Openfire ye-Windows

Ngacela imvume yokwenza I-Fuegian ukusetha ama-Aliases amaningi njengoba kudingeka ukuze ngisule ingqondo yami futhi wanginika nemvume:

I-Real CNAME ============================== i-sauron ad-dc mamba fileserver darklord proxyweb troll blog shadowftp ftpserver blackelf mail blackspider www palantir umlilo

Ngimemezele wonke amarekhodi e-DNS abalulekile ekufakweni kwami ​​kwe-Active Directory Windows 2008 engiphoqeleke ukuba ngiyisebenzise ukuze ngiqondise ekwenzeni lokhu okuthunyelwe.

Mayelana namarekhodi we-Active Directory DNS SRV

Amarejista I-SRV o Izinsiza Zensiza - ezisetshenziswa kabanzi kuMicrosoft Active Directory - zichazwe kufayela le- Isicelo samazwana RFC 2782. Bavumela indawo yesevisi ngokususelwa kumthetho olandelwayo we-TCP / IP ngombuzo we-DNS. Isibonelo, ikhasimende kunethiwekhi ye-Microsoft lingathola indawo ye-Domain Controllers - Abalawuli Bezizinda enikezela ngensizakalo ye-LDAP ngaphezulu komthetho olandelwayo we-TCP ethekwini 389 ngombuzo owodwa we-DNS.

Kujwayelekile ukuthi emaHlathini - Amahlathi, Nezihlahla - Izihlahla kwenethiwekhi enkulu yeMicrosoft kunezilawuli eziningi ze-Domain. Ngokusebenzisa amarekhodi e-SRV eziNdawni ezahlukahlukene ezakha i-Domain Name Space yaleyo Network, singakwazi ukugcina Uhlu Lwamaseva olunikeza izinsizakalo ezifanayo ezaziwayo, ezi-odiwe ngokuya ngokulandela umthetho olandelwayo wezokuthutha kanye nechweba lendawo ngayinye amaseva.

Ku Isicelo samazwana RFC 1700 Ukuchazwa Kwamagama Womfanekiso Wendawo Yonke Wezinsizakalo Ezaziwayo - Isevisi eyaziwa kahle, namagama anjenge- «_nonhlanhla«,«_smtp»Ngezinsizakalo Telnet y SMTP. Uma igama elingokomfanekiso lingachazelwanga Insizakalo Eyaziwa Kahle, igama lendawo noma elinye igama lingasetshenziswa ngokuya ngokuthandwa ngumsebenzisi.

Inhloso yenkambu ngayinye «okukhethekile»Kusetshenziswe ekumenyezelweni kweRekhodi Yezinsizakusebenza ze-SRV okulandelayo:

• Domain: "Pdc._msdcs.mordor.fan.«. Igama le-DNS yesevisi irekhodi le-SRV elibhekisele kulo. Igama le-DNS kusibonelo lisho -okuningi noma okuncane- Isilawuli se-Primary Domain lendawo _sithelo.
• Izikhungo: "_Ldap". Igama elingokomfanekiso lenkonzo elihlinzekiwe lichazwa ngokuya nge- Isicelo samazwana RFC 1700.
• uHlelo Lokudlulisa: "_Tcp". Ikhombisa uhlobo lweprotocol yokuthutha. Imvamisa kungathatha amanani _tcp o _dlams, noma - futhi empeleni- noma yiluphi uhlobo lwendlela yokuthutha ekhonjisiwe kufayela le- Isicelo samazwana RFC 1700. Isibonelo, ngensizakalo baxoxe umthetho olandelwayo I-XMPP, le nkambu izoba nenani le- nxmpp.
• Priority"0«. Memezela okusemqoka noma okuncamelayo kwe- Umsingathi onikeza le sevisi ukuthi sizobona kamuva. Imibuzo yamakhasimende ye-DNS mayelana nensizakalo echazwe yile rekhodi le-SRV, lapho ithola impendulo efanele, izozama ukuxhumana nomphathi wokuqala otholakalayo ngenombolo ephansi kunazo zonke ebhalwe emkhakheni. Priority. Ububanzi bamanani angafakwa yile nkambu ngu 0 a 65535.
• Isisindo"100«. Ingasetshenziswa ngokuhlangana ne- Priority ukuhlinzeka ngomshini wokulinganisa umthwalo lapho kunamaseva amaningi ahlinzeka insizakalo efanayo. Kufanele kube khona irekhodi elifanayo le-SRV leseva ngayinye kufayela leZone, negama lalo limenyezelwe endle Umsingathi onikeza le sevisi. Ngaphambi kwamaseva anamanani alinganayo enkambu Priority, inani lenkambu Isisindo ingasetshenziswa njengezinga elengeziwe lokuncamelayo ukuthola ukukhetha okunembile kweseva kokulinganisa umthwalo. Ububanzi bamanani angathathwa yile nkambu ngu 0 a 65535. Uma ukulinganiswa komthwalo kungadingeki, ngokwesibonelo njengakwisiphakeli esisodwa, kunconywa ukuthi unikeze inani 0 ukwenza irekhodi le-SRV lifundeke kalula.
• Inombolo ethekwini - Imbobo"389«. Inombolo ye-Port in Umsingathi onikeza le sevisi enikeza insizakalo ekhonjisiwe emkhakheni Izikhungo. Inombolo ethekwini enconyiwe ngohlobo ngalunye Lensizakalo Eyaziwa kahle ikhonjisiwe kufayili ye- Isicelo samazwana RFC 1700, noma kungathatha inani phakathi I-0 ne-65535.
• Umsingathi onikeza le sevisi - Okuqondiwe"i-sauron.mordor.fan.«. Icacisa ifayela le- I-FQDN ekhomba ngokungangabazeki i- Bamba enikeza insizakalo ekhonjiswe yirekhodi le-SRV. Uhlobo lwerekhodi «A»Ku-namespace yesizinda ngayinye I-FQDN kusuka kuseva noma Bamba enikeza insizakalo. Kulula, irekhodi lohlobo A ezindaweni eziqondile.
  • Nota:
    Ukukhombisa ngokugunyazayo ukuthi insizakalo ecaciswe yirekhodi le-SRV ayinikezwanga kulo mgcini, eyodwa (.) iphuzu.

Sifuna nje ukuphinda ukuthi ukusebenza okulungile kwenethiwekhi noma i-Active Directory® kuncike kakhulu ekusebenzeni okulungile kwe-Domain Name Service..

Amarekhodi e-Active Directory DNS

Ukwenza amaZones weSeva entsha ye-DNS ngokuya NGOKUBopha, kumele sithole wonke amarekhodi e-DNS kusuka ku-Active Directory®. Ukwenza impilo ibe lula, siya eqenjini i-sauron.mordor.fan -Active Directory® 2008 SR2- nakuDNS Administration Console senza kusebenze iZone Transfer -direct and reverse- yezindawo eziyinhloko ezimenyezelwe kulolu hlobo lwensizakalo, okuyilezi:

• _sithelo
• i-mordor.fan
• 10.10.10.in-addr.habhu

Lapho nje isinyathelo esedlule senziwe futhi mhlawumbe kusuka kukhompyutha ye-Linux enekheli le-IP elingaphakathi kwebanga le-subnet esetshenziswa yiWindows Network, senza:

buzz @ sysadmin: ~ $ dig @ 10.10.10.3 _msdcs.mordor.fan axfr> temp /sdudla_mshunqisi
buzz @ sysadmin: ~ $ dig @ 10.10.10.3 mordor.fan axfr> temp / rrs.mordor.fan
buzz @ sysadmin: ~ $ dig @ 10.10.10.3 10.10.10.in-addr.arpa axfr> temp / rrs.10.10.10.in-addr.arpa

• Khumbula kusuka kuzindatshana ezedlule ukuthi ikheli le-IP ledivayisi sysadmin.desdelinux.umlandeli ngu-10.10.10.1 noma 192.168.10.1.

Emiyalweni emithathu edlule singasusa inketho @10.10.10.3 -buza iseva ye-DNS ngalelo kheli- uma simemezela kufayela /etc/resolv.conf ukuseva i-IP i-sauron.mordor.fan:

buzz@sysadmin:~$ cat /etc/resolv.conf # Ikhiqizwe usesho lwe-NetworkManager desdelinux.fan nameserver 192.168.10.5 nameserver 10.10.10.3

Ngemuva kokuhlela ngokunakekela ngokweqile, njengoba kufana nanoma yiliphi ifayili lesifunda ku-BIND, sizothola idatha elandelayo:

Amarekhodi amaRRs avela endaweni yokuqala _msdcs.mordor.fan

buzz @ sysadmin: ~ $ cat temp / rrs._msdcs.mordor.fan 
; Ihlobene ne-SOA ne-NS _msdcs.mordor.fan. 3600 KWI-SOA sauron.mordor.fan. umphathi wesikhungo.mordor.fan. 12 900 600 86400 3600 _msdcs.mordor.fan. I-3600 IN NS isuron.mordor.fan. ; ; IGLOBAL CATALOG gc._msdcs.mordor.fan. 600 KU-A 10.10.10.3; ; Ama-aliases - kusizinda semininingwane se-LDAP esishintshiwe nesiyimfihlo se-Active Directory- seSAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 KWI-CNAME sauron.mordor.fan. ; ; I-LDAP eguquliwe neyimfihlo ye-Active Directory _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS iguqulwe futhi iyimfihlo kusuka ku-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 88 sauron.mordor.fan.

Amarekhodi eRRs avela ku-original zone mordor.fan

buzz @ sysadmin: ~ $ cat temp / rrs.mordor.fan 
; Ngokuphathelene ne-SOA, NS, MX kanye ne-A irekhodi elikubekayo; Igama Lesizinda ku-IP ye-SAURON; Izinto ezivela ku-Active Directory mordor.fan. 3600 KWI-SOA sauron.mordor.fan. umphathi wesikhungo.mordor.fan. 48 900 600 86400 3600 mordor.fan. I-600 KU-10.10.10.3 mordor.fan. I-3600 IN NS isuron.mordor.fan. mordor.fan. 3600 IN MX 10 blackelf.mordor.fan. _msdcs.mordor.fan. I-3600 IN NS isuron.mordor.fan. ; ; Okunye futhi okubalulekile A amarekhodi DomainDnsZones.mordor.fan. 600 IN A 10.10.10.3 I-ForestDnsZones.mordor.fan. 600 KU-A 10.10.10.3; ; IKHALOGU LOMHLABA WONKE _gc._tcp.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. ; ; I-LDAP eguquliwe neyimfihlo ye-Active Directory _ldap._tcp.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS eguquliwe neyimfihlo ye-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 100 88 sauron.mordor.fan. _dladla_mshunqisi I-600 IN SRV 0 100 88 sauron.mordor.fan. _kpasswd._tcp.mordor.fan. I-600 IN SRV 0 100 464 sauron.mordor.fan. _dladla_mshunqisi I-600 IN SRV 0 100 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. I-600 IN SRV 0 100 464 sauron.mordor.fan. ; ; Amarekhodi A ane-IP engaguquki -> Amaseva blackelf.mordor.fan. I-3600 IN A 10.10.10.9 blackspider.mordor.fan. 3600 IN A 10.10.10.10 darklord.mordor.fan. 3600 IN A 10.10.10.6 imamba.mordor.fan. I-3600 IN A 10.10.10.4 palantir.mordor.fan. I-3600 IN A 10.10.10.11 sauron.mordor.fan. 3600 KU-10.10.10.3 shadowftp.mordor.fan. 3600 KU-10.10.10.8 troll.mordor.fan. I-3600 IN A 10.10.10.7; ; Amarekhodi e-CNAME ad-dc.mordor.fan. I-3600 IN CNAME sauron.mordor.fan. blog.mordor.fan. I-3600 IN CNAME troll.mordor.fan. i-fileserver.mordor.fan. 3600 KU-CNAME imamba.mordor.fan. I-ftpserver.mordor.fan. 3600 IN CNAME isithunzift.mordor.fan. imeyili.mordor.fan. I-3600 IN CNAME balckelf.mordor.fan. umlilo ovuthayo.mordor.fan. 3600 IN CNAME palantir.mordor.fan. ummeleli.mordor.fan. 3600 KWI-CNAME darklord.mordor.fan. www.sasegame. 3600 IN CNAME blackspider.mordor.fan.

Amarekhodi amaRRs avela endaweni yangempela yase-10.10.10.in-addr.arpa

buzz @ sysadmin: ~ $ cat temp / rrs.10.10.10.in-addr.arpa 
; Ihlobene ne-SOA ne-NS 10.10.10.in-addr.arpa. 3600 KWI-SOA sauron.mordor.fan. umphathi wesikhungo.mordor.fan. 21 900 600 86400 3600 10.10.10.in-addr.arpa. I-3600 IN NS isuron.mordor.fan. ; ; Amarekhodi e-PTR 10.10.10.10.in-addr.arpa. 3600 KWE-PTR blackspider.mordor.fan. 11.10.10.10.in-addr.arpa. 3600 KWE-PTR palantir.mordor.fan. 3.10.10.10.in-addr.arpa. 3600 KU-PTR isanoni.mordor.fan. 4.10.10.10.in-addr.arpa. 3600 KU-PTR imamba.mordor.fan. 5.10.10.10.in-addr.arpa. 3600 KU-PTR dnslinux.mordor.fan. 6.10.10.10.in-addr.arpa. 3600 KWI-PTR darklord.mordor.fan. 7.10.10.10.in-addr.arpa. 3600 KWE-PTR troll.mordor.fan. 8.10.10.10.in-addr.arpa. 3600 KWE-PTR shadowftp.mordor.fan. 9.10.10.10.in-addr.arpa. 3600 KWI-PTR blackelf.mordor.fan.

Kuze kube manje singacabanga ukuthi sinemininingwane edingekayo yokuqhubeka nokuzidela kwethu, hhayi ngaphandle kokubheka kuqala i- Ama-TTL kanye neminye imininingwane ngendlela efingqiwe ukukhishwa nokubukwa okuqondile kwe-DNS ye-Microsft® Active Directory® 2008 SR2 64 bits kusinikeza.

Izithombe Zomphathi we-DNS kwa-SAURON

Ithimba le-Dnslinux.mordor.fan.

Uma sibheka kahle, ekhelini le-IP 10.10.10.5 alikho igama elabelwa lona ngqo ukuze lizohlala ngegama le-DNS entsha dnslinux.mordor.fan. Ukufaka i-DNS ne-DHCP pair singaqondiswa ama-athikili I-DNS ne-DHCP ku-Debian 8 "Jessie" y I-DNS ne-DHCP ku-CentOS 7.

Isistimu yokusebenza eyisisekelo

Mngani wami I-FuegianNgaphezu kokuba yingcweti yangempela kwiMicrosoft® Windows - unezitifiketi ezimbalwa azikhishwe yile nkampani - uzifundile futhi wazisebenzisa ezinye izindatshana ezikhuluma ngama-desktops ashicilelwe ku DesdeLinux., Futhi wangitshela ukuthi wayefuna isixazululo esisuselwa kuDebian. 😉

Ukuze sikujabulise, sizoqala ngokufakwa okusha, nokuhlanzekile kweseva ngokusekelwe I-Debian 8 "Jessie". Kodwa-ke, esizokubhala ngokulandelayo kuvumelekile ekusabalalisweni kweCentOS nokuvulwaSUSE izindatshana zabo esishilo ekuqaleni. I-BIND ne-DHCP ziyefana kunoma iyiphi i-distro. Ukuhluka okuncane kwethulwa ngabagcini bephakheji ekusatshalalisweni ngakunye.

Sizokwenza ukufakwa njengoba kukhonjisiwe ku- I-DNS ne-DHCP ku-Debian 8 "Jessie", unakekela ukusebenzisa i-IP 10.10.10.5 kanye nenethiwekhi 10.10.10.0/24, nangaphambi kokumisa ISIBOPHO.

Silungiselela i-BIND ngesitayela se-Debian

/etc/bind/named.conf

Ifayela /etc/bind/named.conf siyishiya njengoba ifakiwe.

/etc/bind/named.conf.options

Ifayela /etc/bind/named.conf.options kufanele ishiywe nokuqukethwe okulandelayo:

impande @ dnslinux: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

impande @ dnslinux: ~ # nano /etc/bind/named.conf.options
izinketho {lwemibhalo "/ var / cache / bind"; // Uma kukhona i-firewall phakathi kwakho nama-nameservers ofuna // ukukhuluma nawo, kungadingeka ukuthi ulungise i-firewall ukuze uvumele amachweba amaningi we-// ukuthi akhulume. Bona i-http: //www.kb.cert.org/vuls/id/800113 // Uma i-ISP yakho inikeze ikheli elilodwa noma amaningi e-IP ngama-nameservers ezinzile //, mhlawumbe ufuna ukuwasebenzisa njengabathumeli. // Khipha ibhulokhi elandelayo, bese ufaka amakheli afaka esikhundleni se-placeholder se-all-0. // abadlulisela phambili {// 0.0.0.0; //}; // ========================================== = ==================== $ // Uma BUNGELA izingodo imilayezo yephutha mayelana nokhiye wezimpande ophelelwe yisikhathi, // uzodinga ukuvuselela okhiye bakho. Bona https://www.isc.org/bind-keys // ================================= ============================== $

    // Asifuni i-DNSSEC
        dnssec-nika amandla cha;
        //auto auto validation;

        i-Author-nxdomain no; #vumelana ne-RFC1035

 // Asidingi ukulalela amakheli we-IPv6
        // lalela-ku-v6 {noma yikuphi; };
    lalela-ku-v6 {lutho; };

 // Ukuhlolwa okuvela ku-localhost naku-sysadmin
    // ngokusebenzisa // dig mordor.fan axfr // dig 10.10.10.in-addr.arpa axfr // dig _msdcs.mordor.fan axfr // Asinayo i-Slave DNS ... kuze kube manje
 vumela-dlulisa i- {localhost; 10.10.10.1; };
};

// Ukungena ngemvume Bopha
ukungena ngemvume {

        imibuzo yesiteshi {
        ifayela "/var/log/named/queries.log" version 3 size 1m;
        imininingwane yobukhali;
        isikhathi sokuphrinta yebo;
        ukuphrinta-ukuqina yebo;
        isigaba sokuphrinta yebo;
        };

        Iphutha lombuzo wesiteshi {
        ifayela "/var/log/named/query-error.log" izinhlobo ezi-3 usayizi 1m;
        imininingwane yobukhali;
        isikhathi sokuphrinta yebo;
        ukuphrinta-ukuqina yebo;
        isigaba sokuphrinta yebo;
        };

                                
imibuzo yesigaba {
         imibuzo;
         };

amaphutha wesigaba sombuzo {
         iphutha lombuzo;
         };

};

• Sethula ukuthunjwa kwezingodo ze-BIND njenge- KUSHA ukuvela ochungechungeni lwezihloko ezikhuluma ngale ndaba. Sakha lifolda namafayela adingekayo kufayela le- Imithi ZESIBOPHO:

impande @ dnslinux: ~ # mkdir / var / log / named
impande @ dnslinux: ~ # touch /var/log/named/queries.log
impande @ dnslinux: ~ # touch /var/log/named/query-error.log
impande @ dnslinux: ~ # chown -R bind: bind / var / log / named

Sihlola i-syntax yamafayela amisiwe

impande @ dnslinux: ~ # okuthiwa-checkconf 
impande @ dnslinux: ~ #

/etc/bind/named.conf.local

Sakha ifayela /etc/bind/zones.rfcFreeBSD nokuqukethwe okufanayo njengoba kukhonjisiwe ku I-DNS ne-DHCP ku-Debian 8 "Jessie".

impande @ dnslinux: ~ # nano /etc/bind/zones.rfcFreeBSD

Ifayela /etc/bind/named.conf.local kufanele ishiywe nokuqukethwe okulandelayo:

// // Ingabe kukhona ukumiswa kwasendaweni lapha // // Cabanga ukungeza izindawo ze-1918 lapha, uma zingasetshenziswa enhlanganweni yakho //
faka phakathi "/etc/bind/zones.rfc1918"; faka i- "/etc/bind/zones.rfcFreeBSD";

indawo "mordor.fan" {type master; ifayela "/var/lib/bind/db.mordor.fan"; }; indawo "10.10.10.in-addr.arpa" {type master; ifayela "/var/lib/bind/db.10.10.10.in-addr.arpa"; };

indawo "_msdcs.mordor.fan" {type master;
 amagama wokuhlola awawanaki; ifayela "/etc/bind/db._msdcs.mordor.fan"; }; impande @ dnslinux: ~ # okuthiwa-checkconf
impande @ dnslinux: ~ #

Indawo yefayela mordor.fan

impande @ dnslinux: ~ # nano /var/lib/bind/db.mordor.fan
$ TTL 3H @ IN SOA dnslinux.mordor.fan. izimpande.dnslinux.mordor.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila;
; QAPHELA KAKHULU NGAMAREKHODI ALANDELAYO
@ IN NS dnslinux.mordor.fan.
@ KU-10.10.10.5
@ IN MX 10 blackelf.mordor.fan. @ IN TXT "Ngiyakwamukela ku-The Dark Lan kaMordor";
_msdcs.mordor.fan. KU-NS dnslinux.mordor.fan.
;
dnslinux.mordor.fan. KU-10.10.10.5
; QEDA KAKHULU NGOKUQAPHELA NGAMAREKHODI ALANDELAYO;
DomainDnsZones.mordor.fan. KWE-10.10.10.3 ForestDnsZones.mordor.fan. KU-A 10.10.10.3; ; IKHALOGU LOMHLABA WONKE _gc._tcp.mordor.fan. I-600 IN SRV 0 0 3268 sauron.mordor.fan. _gc._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 0 3268 sauron.mordor.fan. ; ; I-LDAP eguquliwe neyimfihlo ye-Active Directory _ldap._tcp.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.DomainDnsZones.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. _ldap._tcp.ForestDnsZones.mordor.fan. I-600 IN SRV 0 0 389 sauron.mordor.fan. ; ; I-KERBEROS eguquliwe neyimfihlo ye-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.mordor.fan. I-600 IN SRV 0 0 88 sauron.mordor.fan. _dladla_mshunqisi 600 IN SRV 0 0 88 sauron.mordor.fan. _kpasswd._tcp.mordor.fan. I-600 IN SRV 0 0 464 sauron.mordor.fan. _dladla_mshunqisi 600 IN SRV 0 0 88 sauron.mordor.fan. _kpasswd._udp.mordor.fan. I-600 IN SRV 0 0 464 sauron.mordor.fan. ; ; Amarekhodi A ane-IP engaguquki -> Amaseva blackelf.mordor.fan. KU-10.10.10.9 blackspider.mordor.fan. KU-10.10.10.10 darklord.mordor.fan. KU-10.10.10.6 mamba.mordor.fan. KU-10.10.10.4 palantir.mordor.fan. KU-A 10.10.10.11
sauron.mordor.fan. KU-A 10.10.10.3
umaskandi.mordor.fan. KU-10.10.10.8 troll.mordor.fan. KU-A 10.10.10.7; ; Amarekhodi e-CNAME ad-dc.mordor.fan. KU-CNAME sauron.mordor.fan. blog.mordor.fan. KU-CNAME troll.mordor.fan. i-fileserver.mordor.fan. KU-CNAME mamba.mordor.fan. I-ftpserver.mordor.fan. KU-CNAME shadowftp.mordor.fan. imeyili.mordor.fan. E-CNAME balckelf.mordor.fan. umlilo ovuthayo.mordor.fan. E-CNAME palantir.mordor.fan. ummeleli.mordor.fan. KU-CNAME darklord.mordor.fan. www.sasegame. KU-CNAME blackspider.mordor.fan.

impande @ dnslinux: ~ # okuthiwa-checkzone mordor.fan /var/lib/bind/db.mordor.fan 
i-zone mordor.fan/IN: i-serial elayishiwe engu-1 KULUNGILE

Izikhathi I-TTL 600 kuwo wonke amarejista e-SRV sizowagcina uma kwenzeka sifaka ISIBOPHO Senceku ezikhathini ezizayo. Lawo marekhodi amele izinsiza ze-Active Directory® ezifunda kakhulu idatha kusuka kusizinda sakho se-LDAP. Njengoba leyo database iguquka njalo, izikhathi zokuvumelanisa kufanele zigcinwe zifushane, kuhlelo lwe-Master - Slave DNS. Ngokuya ngefilosofi yeMicrosoft ebonwe kusuka ku-Active Directory 2000 kuya ku-2008, inani lama-600 ligcinwa kulezi zinhlobo zamarekhodi e-SRV.

I-Los Ama-TTL yamaseva ane-IP engaguquki, angaphansi kwesikhathi esimenyezelwe ku-SOA yamahora ama-3.

Ifayela Lezoni 10.10.10.in-addr.arpa

impande @ dnslinux: ~ # nano /var/lib/bind/db.10.10.10.in-addr.arpa
$ TTL 3H @ IN SOA dnslinux.mordor.fan. izimpande.dnslinux.mordor.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS dnslinux.mordor.fan. ; 10 KWE-PTR blackspider.mordor.fan. 11 KU-PTR palantir.mordor.fan. 3 KWI-PTR sauron.mordor.fan. 4 KU-PTR imamba.mordor.fan. 5 KU-PTR dnslinux.mordor.fan. 6 KU-PTR darklord.mordor.fan. 7 KU-PTR troll.mordor.fan. 8 KWE-PTR shadowftp.mordor.fan. 9 KWE-PTR blackelf.mordor.fan.

impande @ dnslinux: ~ # okuthiwa-checkzone 10.10.10.in-addr.arpa /var/lib/bind/db.10.10.10.in-addr.arpa 
indawo engu-10.10.10.in-addr.arpa/IN: i-serial elayishiwe engu-1 KULUNGILE

Ifayela le-Zone _msdcs.mordor.fan

Ake sicabangele lokho okunconywayo kufayela /usr/share/doc/bind9/README.Debian.gz Mayelana nokutholakala kwamafayela we-Master Zones angafakwanga ukuvuselelwa okunamandla yi-DHCP.

impande @ dnslinux: ~ # nano /etc/bind/db._msdcs.mordor.fan
$ TTL 3H @ IN SOA dnslinux.mordor.fan. izimpande.dnslinux.mordor.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS dnslinux.mordor.fan. ; ; ; IGLOBAL CATALOG gc._msdcs.mordor.fan. 600 KU-A 10.10.10.3; ; Ama-aliases - kusizinda semininingwane se-LDAP esishintshiwe nesiyimfihlo se-Active Directory- seSAURON 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan. 600 KWI-CNAME sauron.mordor.fan. ; ; I-LDAP eguquliwe neyimfihlo ye-Active Directory _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.gc._msdcs.mordor.fan. I-600 IN SRV 0 100 3268 sauron.mordor.fan. _ldap._tcp.pdc._msdcs.mordor.fan. I-600 IN SRV 0 100 389 sauron.mordor.fan. ; ; I-KERBEROS iguqulwe futhi iyimfihlo kusuka ku-Active Directory _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 88 sauron.mordor.fan. _kerberos._tcp.dc._msdcs.mordor.fan. I-600 IN SRV 0 100 88 sauron.mordor.fan.

Sihlola i-syntax futhi singaliziba iphutha elibuyisayo, ngoba ekucushweni kwale Zone kufayela /etc/bind/named.conf.local sifaka isitatimende amagama wokuhlola awanaki;. Indawo izolayishwa kahle NGESIBOPHO.

impande @ dnslinux: ~ # okuthiwa-checkzone _msdcs.mordor.fan /etc/bind/db._msdcs.mordor.fan 
/etc/bind/db._msdcs.mordor.fan:14: gc._msdcs.mordor.fan: igama lomnikazi omubi (amagama wokuhlola) zone _msdcs.mordor.fan/IN: serial serial 1 OK

impande @ dnslinux: ~ # systemctl qala kabusha bind9.service 
impande @ dnslinux: ~ # systemctl isimo bind9.service 
● bind9.service - BIND Domain Name Server Loaded: packed (/lib/systemd/system/bind9.service; enabled) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Kuyasebenza: iyasebenza (iyasebenza) kusukela ngeLanga 2017-02-12 08:48:38 EST; 2s ago Amadokhumenti: man: named (8) Inqubo: 859 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 864 (named) CGroup: /system.slice/bind9.service └─864 / usr / sbin / named -f -u bind Feb 12 08:48:38 dnslinux named [864]: zone 3.efip6.arpa/IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864 ]: zone befip6.arpa/IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864]: zone 0.efip6.arpa/IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864]: indawo 7.efip6.arpa/IN: i-serial elayishiwe 1 Feb 12 08:48:38 dnslinux eqanjwe [864]: zone mordor.fan/IN: serial elayishiwe 1 Feb 12 08:48:38 dnslinux eqanjwe [864]: zone example .org / IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864]: zone _msdcs.mordor.fan/IN: serial serial 1 Feb 12 08:48:38 dnslinux named [864]: zone invalid / IN : serial serial 1 Feb 12 08:48:38 dnslinux okuthiwa [864] yonke indawo ilayishiwe
Feb 12 08:48:38 dnslinux uqanjwe [864]: nokugijima

Sibheka ISIBOPHO

Ngaphambi Ngemuva kokufaka i-DHCP, kufanele senze amasheke amaningi afaka phakathi ukujoyina iklayenti leWindows 7 esizindeni i-mordor.fan emelwe yi-Active Directory efakwe kukhompyutha i-sauron.mordor.fan.

Into yokuqala okufanele siyenze ukumisa insizakalo ye-DNS kukhompyutha i-sauron.mordor.fan, futhi umemezele kusixhumi esibonakalayo senethiwekhi yakho ukuthi kusukela manje iseva yakho ye-DNS izoba yi 10.10.10.5 dnslinux.mordor.fan.

Kwikhonsoli yeseva uqobo i-sauron.mordor.fan senza:

I-Microsoft Windows [Inguqulo 6.1.7600]
I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe.

C: Abasebenzisi Administrator> nslookup
Iseva ezenzakalelayo: dnslinux.mordor.fan Ikheli: 10.10.10.5

> gc._msdcs
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 Igama: gc._msdcs.mordor.fan Ikheli: 10.10.10.3

> mordor.fan
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 Igama: mordor.fan Ikheli: 10.10.10.3

> 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 Igama: sauron.mordor.fan Ikheli: 10.10.10.3 Ama-aliases: 03296249-82a1-49aa-a4f0-28900f5d256b._msdcs.mordor.fan

> setha uhlobo = SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mordor.fan SRV serv ice location: priority = 0 weight = 100 port = 88 svr hostname = sauron.mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan ikheli le-inthanethi = 10.10.10.3 dnslinux.mordor.fan ikheli le-inthanethi = 10.10.10.5
> _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 _ldap._tcp.18d3360d-8fdb-40cf-a678-d7c420b6d775.domains._msdcs.mordor.fan Indawo yesevisi ye-SRV: kuqala = 0 isisindo = 100 port = 389 svr hostname = sauron .mordor.fan _msdcs.mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan ikheli le-inthanethi = 10.10.10.3 dnslinux.mordor.fan ikheli le-inthanethi = 10.10.10.5
> phuma

C: Abasebenzisi Administrator>

Imibuzo ye-DNS eyenziwe kusuka ku- i-sauron.mordor.fan kuyenelisa.

Isinyathelo esilandelayo kuzoba ukudala omunye umshini obonakalayo ofakwe iWindows 7. Njengoba singenayo insiza ye-DHCP efakiwe, sizonikeza ikhompyutha enegama elithi «win7»Ikheli le-IP 10.10.10.251. Siphinde simemezele ukuthi iseva yakho ye-DNS izoba yi 10.10.10.5 dnslinux.mordor.fan, nokuthi isizinda sokusesha sizoba i-mordor.fan. Ngeke siyibhalise leyo khompyutha ku-DNS ngoba sizophinde siyisebenzisele ukuvivinya insizakalo ye-DHCP ngemuva kokuyifaka.

Okulandelayo sivula ikhonsoli I-CMD futhi senza kuso:

I-Microsoft Windows [Inguqulo 6.1.7601]
I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe.

C: \ Abasebenzisi \ buzz> nslookup
Iseva ezenzakalelayo: dnslinux.mordor.fan Ikheli: 10.10.10.5

> mordor.fan
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 Igama: mordor.fan Ikheli: 10.10.10.3

> setha uhlobo = SRV
> _ldap._tcp.DomainDnsZones
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 _ldap._tcp.DomainDnsZones.mordor.fan Indawo yesevisi ye-SRV: kuqala = 0 isisindo = 0 port = 389 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor. .fan sauron.mordor.fan ikheli le-inthanethi = 10.10.10.3 dnslinux.mordor.fan ikheli le-inthanethi = 10.10.10.5
> _kpasswd._udp
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 _kpasswd._udp.mordor.fan Indawo yesevisi ye-SRV: kuqala = 0 isisindo = 0 port = 464 svr hostname = sauron.mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan ikheli le-inthanethi = 10.10.10.3 dnslinux.mordor.fan ikheli le-inthanethi = 10.10.10.5
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones
Iseva: dnslinux.mordor.fan Ikheli: 10.10.10.5 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mordor.fan SRV serv ice location: priority = 0 weight = 0 port = 389 svr hostname = sauron. mordor.fan mordor.fan nameserver = dnslinux.mordor.fan sauron.mordor.fan ikheli le-inthanethi = 10.10.10.3 dnslinux.mordor.fan ikheli le-inthanethi = 10.10.10.5
> Phuma

C: Abasebenzisi buzz>

Imibuzo ye-DNS eyenziwe ngeklayenti «win7»Bekubuye kwanelise.

Ku-Directory Esebenzayo sakha umsebenzisi «Saruman«, Ngenhloso yokuyisebenzisa lapho ujoyina iklayenti win7 kusizinda i-mordor.fan., usebenzisa indlela «I-ID yenethiwekhi«, Usebenzisa amagama abasebenzisi saruman@mordor.fan y umphathi@mordor.fan. Ukujoyina kuphumelele futhi kufakazelwa isithombe-skrini esilandelayo:

Mayelana ne-Dynamic Updates ku-Microsoft® DNS naku-BIND

Njengoba insizakalo ye-DNS imisiwe ku-Active Directory® bekungenzeki ukuthi iklayenti «win7»Bhalisa igama lakho nekheli le-IP kuleyo DNS. Okuncane kakhulu ku- dnslinux.mordor.fan ngoba asizange senze isitatimende vumela-ukubuyekeza nganoma yiziphi izindawo ezithintekayo.

Futhi kulapho kwakhiwa khona ukulwa okuhle nomngani wami I-Fuegian. Ku-imeyili yami yokuqala mayelana nalesi sici ngiphawule:

• Izindatshana zeMicrosoft ngokusetshenziswa kwe-BIND ne-Active Directory® zincoma ukuthi, ikakhulukazi i-Direct Zone, ivunyelwe ukuvuselelwa -kungene- ngqo ngamakhasimende weWindows asevele ajoyinwa kusizinda se-Active Directory.
• Yingakho, ngokuzenzakalelayo, ezindaweni ze-DNS ze-Active Directory® Secure Dynamic Updates zivunyelwe. ngamakhasimende weWindows asevele ajoyine kusizinda se-Active Directory. Uma bengabumbene, bayayigwema imiphumela.
• I-DNS ye-Active Directory isekela ukuvuselelwa okunamandla "Kuphephile kuphela", "Ukungaqiniseki nokuvikeleka", noma "Akukho" okufana nokuthi NO Updates noma None.
• Yebo, impela iMicrosoft Philosophy ayivumelani nokuthi amakhasimende ayo NGEKE avuselele idatha yawo kuma-DNS (ama) awo, ngeke ishiye kuvuleke ithuba lokukhubaza ukuvuselelwa okunamandla kuma-DNS (s) abo, ngaphandle kokuthi leyo nketho izoshiyelwa izinhloso ezifihliwe.
• IMicrosoft inikeza "Ukuphepha" ukushintshanisa nobumnyama, Njengomuntu engisebenza naye nomngani ophumelele izifundo zeMicrosft® Certificates wangitshela. Yiqiniso. Ngaphezu kwalokho, u-El Fueguino ukuqinisekisile kimi.
• Iklayenti elithola ikheli le-IP nge-DHCP elifakwe kumshini we-UNIX® / Linux ngokwesibonelo, ngeke likwazi ukuxazulula ikheli le-IP legama lalo uze ujoyinwe kusizinda sohla lwemibhalo olusebenzayo, inqobo nje uma i-Microsoft® noma i-BIND isetshenziswa njenge-DNS ngaphandle kokuvuselelwa okunamandla yi-DHCP.
• Uma ngifaka i-DHCP ku-Active Directory® uqobo, lapho-ke kufanele ngivume ukuthi iZones zivuselelwa yi-Microsoft® DHCP.
• Uma sizosebenzisa i-BIND njenge-DNS yenethiwekhi yeWindows, kunengqondo futhi kunconyiwe ukuthi sifake i-BIND-DHCP duo, ngokugcina kubuyekezwa ngamandla i-BIND futhi udaba luphethwe.
• Emhlabeni wamanethiwekhi we-LAN ku-UNIX® / Linux, selokhu kwasungulwa izibuyekezo ezinamandla ku-BIND, Mnu. DHCP kuphela ovunyelweukungena»KuNkosikazi BOPHA ngezibuyekezo zakhe. Ngicela, ukuphumula okuhambisana nokuhleleka.
• Lapho ngimemezela endaweni i-mordor.fan isibonelo: vumela-ukubuyekeza {10.10.10.0/24; };, IZIBOPHE uqobo iyangazisa lapho ngiqala noma ngiyiqala kabusha ukuthi:

  • zone 'mordor.fan' ivumela izibuyekezo ngekheli le-IP, elingavikelekile

• Ezweni le-sacrosanct UNIX® / Linux, isoso elinjalo eline-DNS alamukelekile.

Ungakucabanga konke okunye ukushintshana nomngane wami I-Fuegian ngokusebenzisa ama-e-mail, Ingxoxo yocingo, izingcingo ezikhokhelwe nguyena (impela ndoda, anginayo ikhilo yalokho), ngisho nemiyalezo esebenzisa amajuba athwala ngekhulu le-XXI!

Waze wasabisa ngokungangithumeli indodana yesilwane sakhe, i-Iguana yakhe «Petra»Ukuthi wayengithembise njengengxenye yenkokhelo. Lapho nganginovalo impela. Ngakho-ke ngaqala futhi, kodwa kusuka kolunye uhlangothi.

• Uhla lwemibhalo "cishe" olusebenzayo olungatholakala nge-Samba 4, luxazulula lesi sici ngendlela yobuciko, zombili lapho sisebenzisa i-DNS yangaphakathi, noma i-BIND ehlanganiselwe ukuxhasa izindawo ze-DLZ - Izindawo Ezilayishwe I-Dinamyc, noma Izindawo Ezilayishwe Ngokunamandla.
• Iyaqhubeka nokuhlupheka ngokufanayo: lapho iklayenti lithola ikheli le-IP nge-DHCP efakwe kuyo enye Umshini we-UNIX® / Linux, ngeke ukwazi ukuxazulula ikheli le-IP legama lakho ize ihlanganiswe esizindeni seSamba 4 AD-DC.
• Hlanganisa i-BIND-DLZ ne-DHCP duo emshinini ofanayo lapho I-AD-DC Samba 4 kungumsebenzi wongoti wangempela.

I-Fuegian Ungibizele esahlukweni wangithethisa: ASIKHULUMI nge I-AD-DC Samba 4, kodwa kusuka ku-Microsoft® Active Directory®!. Futhi ngaphendula ngokuzithoba ukuthi ngangijabule ngengxenye yezihloko ezilandelayo engangizobhala ngazo.

Yilapho ngamtshela khona ukuthi, isinqumo sokugcina ngokuvuselelwa okunamandla kwamakhompyutha wamakhasimende kunethiwekhi yakhe sashiyelwa ekuzikhetheleni kwakhe. Ukuthi bengizomnika kuphela i- ithiphu kubhalwe ngaphambili mayelana vumela-ukubuyekeza {10.10.10.0/24; };, nokuningi akukho. Ukuthi bengingenacala ngalokho okuholele ekuziphatheni okubi kobulili ukuthi iklayenti ngalinye le-Windows noma i-Linux- kunethiwekhi yabo «izongena»Ngaphandle kokujeziswa ku-BOP.

Ukube bewazi, mngani wami, Reader ukuthi lokho kwaba ukuphela kwempi, ubungeke uyikholwe. Mngani wami I-Fuegian wasamukela isixazululo - futhi uzongithumela i-iguana «UPetrica«- ukuthi manje ngihlanganyela nawe.

Sifaka futhi silungiselela i-DHCP

Ngemininingwane engaphezulu funda I-DNS ne-DHCP ku-Debian 8 "Jessie".

impande @ dnslinux: ~ # ukufaka ukufaneleka isc-dhcp-server

impande @ dnslinux: ~ # nano / etc / default / isc-dhcp-server .... # Kukuziphi izindlela lapho iseva ye-DHCP (dhcpd) izosebenzela khona izicelo ze-DHCP? # Izikhumulo ezihlukanisiwe eziningi ezinezikhala, isb. "Eth0 eth1". I-INTERFACES = "eth0" impande @ dnslinux: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
Ukhiye we-Kdhcp. + 157 + 29836

impande @ dnslinux: ~ # ikati le-Kdhcp-key. + 157 + 29836.private
Ifomethi yangokhiye wangasese: v1.3 Algorithm: 157 (HMAC_MD5) Ukhiye: 3HT / bg / 6YwezUShKYofj5g == Amabhithi: AAA = Idalwe: 20170212205030 Shicilela: 20170212205030 Qalisa: 20170212205030

impande @ dnslinux: ~ # nano dhcp.key
ukhiye we-dhcp-key {algorithm hmac-md5; imfihlo "3HT / bg / 6YwezUShKYofj5g =="; };

impande @ dnslinux: ~ # faka -o impande -g hlanganisa -m 0640 dhcp.key /etc/bind/dhcp.key
impande @ dnslinux: ~ # faka -o impande -g impande -m 0640 dhcp.key /etc/dhcp/dhcp.key

impande @ dnslinux: ~ # nano /etc/bind/named.conf.local
// // Ingabe kukhona ukumiswa kwasendaweni lapha // // Cabanga ukungeza izindawo ezingama-1918 lapha, uma zingasetshenziswa enhlanganweni yakho // zifaka phakathi "/etc/bind/zones.rfc1918"; faka i- "/etc/bind/zones.rfcFreeBSD";
// Ungakhohlwa ... Ngikhohliwe futhi ngakhokha ngamaphutha. ;-)
faka "/etc/bind/dhcp.key";


indawo "mordor.fan" {type master;
        vumela-ukubuyekeza {10.10.10.3; ukhiye we-dhcp-ukhiye; };
        ifayela "/var/lib/bind/db.mordor.fan"; }; indawo "10.10.10.in-addr.arpa" {type master;
        vumela-ukubuyekeza {10.10.10.3; ukhiye we-dhcp-ukhiye; };
        ifayela "/var/lib/bind/db.10.10.10.in-addr.arpa"; }; indawo "_msdcs.mordor.fan" {type master; amagama wokuhlola awawanaki; ifayela "/etc/bind/db._msdcs.mordor.fan"; };

impande @ dnslinux: ~ # okuthiwa-checkconf 
impande @ dnslinux: ~ #

impande @ dnslinux: ~ # nano /etc/dhcp/dhcpd.conf
ddns-buyekeza-isitayela sesikhashana; izibuyekezo ze-ddns ku; i-ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; unganaki izibuyekezo zamakhasimende; onegunya ukudlulisa inketho kuvaliwe; igama lesizinda legama "mordor.fan"; faka phakathi "/etc/dhcp/dhcp.key"; indawo mordor.fan. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-ukhiye; } indawo engu-10.10.10.in-addr.arpa. {okuyinhloko 127.0.0.1; ukhiye we-dhcp-ukhiye; } okwabiwe ngenethiwekhi okwabiwe kabusha {subnet 10.10.10.0 netmask 255.255.255.0 {option routers 10.10.10.1; inketho ye-subnet-mask 255.255.255.0; ikheli lokusakaza lekhetho 10.10.10.255; inketho yesizinda-igama-amaseva 10.10.10.5; izinketho ze-netbios-name-server 10.10.10.5; ububanzi 10.10.10.30 10.10.10.250; }} # END Dhcpd.conf

impande @ dnslinux: ~ # dhcpd -t
I-Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Wonke Amalungelo Agodliwe. Ngemininingwane, sicela uvakashele ku-https: //www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

impande @ dnslinux: ~ # systemctl qala kabusha bind9.service 
impande @ dnslinux: ~ # systemctl isimo bind9.service 

impande @ dnslinux: ~ # systemctl qala isc-dhcp-server.service
impande @ dnslinux: ~ # isimo se-systemctl isc-dhcp-server.service

Yini ehlobene Amasheke namakhasimendekanye Ukuguqulwa okwenziwa ngesandla kwamafayela we-Zone, sikushiyela wena, mngani ofundayo, ukuze ufunde ngqo kusuka I-DNS ne-DHCP ku-Debian 8 "Jessie", bese uyisebenzisa ezimeni zakho zangempela. Sikwenzile konke ukuhlola okufanele futhi sathola imiphumela egculisayo. Vele sithumela ikhophi yabo bonke ku- I-Fuegian. Ngeke kusaba khona!

Amathiphu

Jikelele

• Thola ukubekezela okuhle ngaphambi kokuthi uqale.
  
• Okokuqala faka futhi ulungiselele ISIBOPHO. Bheka yonke into bese ubona wonke amarekhodi owamemezele kufayela ngalinye lezindawo ezintathu noma eziningi, kusuka ku-Active Directory nakwiseva ye-DNS uqobo kwi-Linux. Uma kunokwenzeka, kusuka kumshini we-Linux ongahlanganisiwe kusizinda, yenza imibuzo edingekayo ye-DNS ku-BIND.
  
• Joyina iklayenti le-Windows elinekheli le-IP elinqunyelwe kusizinda esivele sikhona, bese ubheka kabusha zonke izilungiselelo ze-BIND kusuka kuklayenti le-Windows.
• Ngemuva kokuqiniseka ngokungangabazeki ukuthi ukumiswa kwe-brand new BIND yakho kulungile ngokuphelele, zame ukufaka, ukumisa, bese uqala insiza ye-DHCP.
• Uma kunamaphutha, phinda yonke inqubo kusuka ku-zero 0.
• Qaphela ikhophi nokunamathisela! nezikhala ezisele kulayini ngamunye wamafayela aqanjwe ngamagama.conf.xxxx
  
• Ngemuva kwalokho, akazange akhononde - ingasaphathwa eyomngane wami uFuegian - ukuthi akalulekiswanga kahle.

Amanye amathiphu

• Hlukanisa futhi unqobe.
• Ku-SME Network kuphephe futhi kunenzuzo enkulu ukufaka i-Authoritative BIND yamaZindawo we-LAN angaphakathi angabuyeli kunoma iyiphi iseva yezimpande: ukuphindisela cha;.
• Kunethiwekhi ye-SME etholakala ngaphansi koMhlinzeki Wokufinyelela Nge-Inthanethi - I-ISP, mhlawumbe izinsizakalo Ummeleli y SMTP badinga ukuxazulula amagama wesizinda kwi-inthanethi. I- Squid unenketho yokumemezela i-DNS yakho ngaphandle noma cha, ngenkathi ukuseva yeposi kususelwa ku- I-Postfix o I-MDaemon® Singamemezela futhi amaseva we-DNS esizowasebenzisa kuleyo sevisi. Ezimweni ezinjengalezi, okungukuthi, amacala angahlinzeki ngezinsizakalo kwi-Intanethi futhi angaphansi kwe- Umhlinzeki Wesevisi Ye-Intanethi, ungafaka ISIBOPHO nge Abadlulisi ekhomba i-DNS yefayela le- I-ISP, bese uyimemezela njenge-DNS yesibili kumaseva adinga ukuxazulula imibuzo yangaphandle ku-LAN, ngaphandle kwalokho kungenzeka ukuyimemezela ngamafayela ayo wokumisa.
• Uma uneZoni Ezithunyelwe ngaphansi kwesibopho sakho sonkeBese kuba khona elinye iqhude:
  • Faka iseva ye-DNS ngokuya nge- I-NSD, eyi-Authoritative DNS server ngencazelo, ephendula imibuzo evela kumakhompyutha akwi-Intanethi. Ngeminye imininingwane ukufaneleka show nsd. Protect Sicela uyivikele kahle ngezindonga zomlilo njengoba kudingeka. Kokubili i-hardware ne-software. Kuzoba yi-DNS ye-Intanethi, nokuthi «umfana»Akufanele siyinikeze ngamabhulukwe aphansi. 😉
  • Njengoba ngingakaze ngizibone ngisesimweni esinjengalesi, okungukuthi, umuntu ophethe iZindawo Ezabelwe, kuzofanele ngicabange kahle ukuthi yini engingayincoma ekuxazululeni amagama wesizinda angaphandle kwe-LAN yethu ngezinsizakalo eziyidingayo . Ama-SME Network Clients awayidingi ngempela. Bheka izincwadi ezikhethekile, noma uchwepheshe walezi zifundo, ngoba angikabi omunye wazo. Ngokuzimisela.
  • Ukuphindaphinda akukho kumaseva we-Authoritarian. Kulungile?. Uma kwenzeka othile ecabanga ukukwenza NGESIBOPHO.
• Yize sicacisa ngokusobala kufayela /etc/dhcp/dhcpd.conf isimemezelo unganaki izibuyekezo zamakhasimende;, uma sisebenzisa ikhonsoli yekhompyutha dnslinux.mordor.fan ukuhleleka iphephabhuku -f, sizokubona lokho lapho uqala iklayenti win7.mordor.fan sithola imilayezo yamaphutha elandelayo:

  • Feb 12 16:55:41 dnslinux okuthiwa [900]: iklayenti 10.10.10.30 # 58762: buyekeza 'mordor.fan/IN' kunqatshiwe
    Feb 12 16:55:42 dnslinux okuthiwa [900]: iklayenti 10.10.10.30 # 49763: buyekeza 'mordor.fan/IN' kunqatshiwe
    Feb 12 16:56:23 dnslinux okuthiwa [900]: iklayenti 10.10.10.30 # 63161: buyekeza 'mordor.fan/IN' kunqatshiwe
    

  • Ukuqeda le milayezo, kufanele siye kokukhethwa kukho okuthuthukile kokucushwa kwekhadi lenethiwekhi bese susa ukumaka inketho «Bhalisa amakheli wokuxhumeka ku-DNS«. Lokho kuzovimbela iklayenti ekuzameni ukuzibhalisa ku-Linux DNS unomphela futhi inkinga iphela. Uxolo, kodwa anginayo ikhophi ye-Windows 7 ngeSpanishi. 😉
• Ukuthola yonke imibuzo ebucayi - nehlanyayo iklayenti leWindows 7 eliyenzayo, hlola i- log imibuzo.log lokho kokuthile sikumemezela ngokulungiswa kwe-BIND. I-oda lizoba:

  • impande @ dnslinux: ~ # umsila -f /var/log/named/queries.log

• Uma ungavumeli amakhompyutha wakho amaklayenti ukuthi axhumeke ngqo kwi-Intanethi, kungani-ke udinga amaseva we-Root DNS? Lokhu kuzokwehlisa kakhulu ukukhishwa komyalo iphephabhuku -f futhi kusukela kwangaphambilini, uma iseva yakho ye-Authoritarian DNS for the Internal Zones ingaxhumi ngqo kwi-Intanethi, enconywa kakhulu ngokubuka kwezokuphepha.

  impande @ dnslinux: ~ # cp /etc/bind/db.root /etc/bind/db.root.original
  impande @ dnslinux: ~ # cp / dev / null /etc/bind/db.root

• Uma ungadingi ukumenyezelwa kwamaseva ezimpande, kungani udinga i-Recursion - recursion?

  impande @ dnslinux: ~ # nano /etc/bind/named.conf.options
  izinketho {
   ....
   ukuphindisela cha;
   ....
  };

Izeluleko ezithile engingakacaci ngazo namanje

El umuntu dhcpd.conf isitshela okulandelayo phakathi kwezinto eziningi- eziningi- ezinye izinto:

        Isitatimende sokwenza kabusha isibuyekezo

            ukuvuselelwa-nokwenza ifulegi;

            Uma ipharamitha yokwenziwa kokuvuselelwa kungamanga kweklayenti elinikeziwe, isiphakeli sizozama ukuvuselelwa kwe-DNS kwalelo klayenti isikhathi ngasinye lapho iklayenti livuselela ukuqasha kwalo, kunokuzama nje ukuvuselelwa lapho kubonakala kudingekile. Lokhu kuzovumela i-DNS ukuthi yelaphe kusuka ekungqubuzaneni kwedatha kalula, kepha izindleko ukuthi iseva ye-DHCP kumele yenze izibuyekezo eziningi ze-DNS. Sincoma ukuthi le nketho inikwe amandla, okungokuzenzakalelayo. Le nketho ithinta kuphela ukusebenza kohlelo lokuvuselela i-DNS yesikhashana, futhi ayinamthelela ohlelweni lokuvuselela i-DNS lwe-ad-hoc. Uma le pharamitha ingacacisiwe, noma kuyiqiniso, iseva ye-DHCP izobuyekeza kuphela lapho imininingwane yeklayenti iguquka, iklayenti lithola isivumelwano esithile, noma isivumelwano sekhasimende siphela.

Ukuhumusha noma ukuhumusha okuqondile noma okuncane kushiyelwa kuwe, mfundi othandekayo.

Ngokwami, kwenzeke kimi - futhi kwenzeka ngesikhathi kwenziwa le ndatshana - ukuthi lapho ngixhuma i-BIND ne-Active Directory®, kuvela kwaMicrosft® noma iSamba 4, uma ngiguqula igama lekhompyutha yekhasimende ebhaliswe ku- isizinda se-Active Directory® noma i- AD–DC yeSamba 4, igcina igama layo elidala nekheli le-IP ku-Direct Zone, hhayi enye indlela ezungeze, evuselelwa kahle ngegama elisha. Ngamanye amagama, amagama amadala namasha ahlelwe ekhelini elifanayo le-IP ku-Direct Zone, ngenkathi kubuyiselwa igama elisha kuphela elivela. Ukuze ungiqonde kahle, kufanele uzizame ngokwakho.

Ngicabanga ukuthi uhlobo lokuziphindisela I-Fuegian -hhayi kimi, ngicela- ngokuzama ukuthuthela izinsizakalo zakho kwiLinux.

Vele igama elidala lizonyamalala lapho its I-TTL 3600, noma isikhathi esisimemezele ekucushweni kwe-DHCP. Kepha sifuna inyamalale ngokushesha njengoba kwenzeka ku-BIND + DHCP ngaphandle kwe-Directory Esebenzayo nge.

Isixazululo saleso simo ngisithole ngokufaka isitatimende ukuvuselelwa-nokwenza amanga; ekugcineni kwaphezulu kwefayela /etc/dhcp/dhcpd.conf:

ddns-buyekeza-isitayela sesikhashana; izibuyekezo ze-ddns ku; i-ddns-domainname "mordor.fan."; ddns-rev-domainname "in-addr.arpa."; unganaki izibuyekezo zamakhasimende;
ukuvuselelwa-nokwenza amanga;

Uma kukhona uMfundi owazi kabanzi ngakho, ngicela ungikhanyisele. Ngizoyazisa kakhulu.

Isifingqo

Sibe nobumnandi obuningi ngale ndaba, akunjalo? Akukho ukuhlupheka ngoba SIBOPHILE ukusebenza njengeseva ye-DNS kunethiwekhi ye-Microsoft®, enikeza wonke amarekhodi e-SRV futhi siphendula ngokufanele imibuzo ye-DNS eyenziwe kubo. Ngakolunye uhlangothi, sineseva ye-DHCP enikeza amakheli e-IP futhi sibuyekeza ngokunamandla iZindawo ZESIBOPHO ngendlela efanele.

Kepha asikwazi ukubuza ... okwamanje.

Ngiyethemba mngani wami I-Fuegian jabula futhi waneliseke ngesinyathelo sokuqala sokuthuthela kwakho eLinux ukwenza izindleko ezingabekezeleleki zeMicrosft® technical Support ithwaleke.

Inothi elibalulekile

Uhlamvu "I-Fuegian»Ingabe eqanjiwe ngokuphelele futhi iwumkhiqizo womcabango wami. Noma ikuphi ukufana noma ukuqondana kwabantu bangempela kuyafana: Ukuzibandakanya okumsulwa kokuzibandakanya kimi. Ngikudalele kuphela ukwenza ukubhala nokufundwa kwale ndatshana kujabulise kancane. Manje uma ungangitshela ukuthi inkinga ye-DNS imnyama. 😉