Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Sanibonani zihlobo !. Ngemuva kwezindatshana ezimbalwa ezedlule kwi Domain Name System futhi i I-Dynamic Host Configuration Protocol kushicilelwe ku- «I-DNS ne-DHCP kuvuliweSUSE 13.2 'Harlequin'"Y"I-DNS ne-DHCP ku-CentOS 7«, Kokubili kusuka ochungechungeni Amanethiwekhi we-SME, kufanele silungiselele lawo masevisi ku-Debian.
Siyaphinda ukuthi iphuzu lokuqala lokufunda ngemibono yethiyori ye-DNS ne-DHCP yi-Wikipedia.
Ukufaka isistimu yokusebenza
Sizoqala kusukela ekufakweni okuyisisekelo kwesiphakeli ngohlelo lokusebenza lwe-Debian 8 "Jessie" ngaphandle kokufaka noma iyiphi indawo yokuqhafaza noma olunye uhlelo. Umshini obonakalayo onama-megabyte angu-512 we-RAM kanye ne-hard drive engama-gigabyte angama-20 ungaphezu kokwanele.
Ngesikhathi senqubo yokufaka -ngemodi yombhalo ngokukhethekile- futhi ngokulandela ukuhleleka kwezikrini, sikhethe amapharamitha alandelayo:
- Ulimi: ISpanishi - iSpanishi
- Izwe, insimu noma indawo: U.S
- I-Keymap ongayisebenzisa: IsiNgisi saseMelika
- Lungiselela inethiwekhi ngesandla:
- Ikheli le-IP: 192.168.10.5
- I-Netmask: 255.255.255.0
- Isango: 192.168.10.1
- Amakheli eNameserver: 127.0.0.1
- Igama lomshini: dns
- Igama lesizinda: desdelinux.umlandeli
- Iphasiwedi Yomsebenzisi Omkhulu: ISuClave (bese ucela isiqinisekiso)
- Igama eligcwele lomsebenzisi omusha: I-Debian First OS Buzz
- Igama lomsebenzisi le-akhawunti: bhuz
- Khetha iphasiwedi yomsebenzisi omusha: ISuClave (bese ucela isiqinisekiso)
- Khetha umkhawulo wesikhathi sakho: EMpumalanga
- Indlela yokuhlukanisa: Kuqondisiwe - sebenzisa yonke idiski
- Khetha idiski ukwahlukanisa: I-Virtual disk 1 (vda) - 21.5 GB Virto Block Device
- Isikimu sokuhlukanisa: Onke amafayela kusigaba esisodwa (kunconyelwe ama-newbies).
- Qedela ukwahlukanisa bese ubhala ushintsho kudiski
- Ngabe ufuna ukubhala ushintsho kumadiski?
- Ngabe ufuna ukuhlaziya enye iCD noma iDVD?:
- Ngabe ufuna ukusebenzisa umfanekiso wed?:
- Ngabe ufuna ukuthatha inhlolovo yokusebenzisa iphakethe?:
- Khetha izinhlelo ozozifaka:
[] Imvelo yedeskithophu ye-Debian
[*] Izinsiza ezijwayelekile zohlelo
- Ngabe ufuna ukufaka i-GRUB boot loader kwirekhodi elikhulu le-boot?
- / dev / vda
- "Ukufaka kuqediwe":
Ngokubona kwami ngesizotha, ukufaka iDebian kulula. Kuyadingeka kuphela ukuphendula imibuzo yezinketho ezichazwe ngaphambilini nolunye ulwazi. Ngize ngibe nesibindi sokusho ukuthi kulula ukulandela izinyathelo ezingenhla kunokusebenzisa ividiyo, isibonelo. Lapho ngifunda angilahlekelwa ukugxila. Olunye udaba ukubuka, ukufunda, ukutolika, nokunikeza ividiyo emuva naphambili, lapho ngilahlekelwa noma ngingaqondi kahle incazelo ethile ebalulekile. Ishidi elibhalwe ngesandla, noma ifayela lombhalo elilula elikopishwe kuselula, lizosebenza njengesiqondisi esisebenza kahle ngokuphelele.
Izilungiselelo zokuqala
Ngemuva kokuqeda ukufakwa okuyisisekelo nokuqalisa kabusha kokuqala, siyaqhubeka nokumemezela amaRekhodi Ohlelo.
Lapho uhlela ifayela imithombo.luhlu, siphawula konke okufakiwe okukhona ngokuzenzakalela ngoba sizosebenza kuphela nezinqolobane zasendaweni. Okuqukethwe kokugcina kwefayela -ukufaka imigqa ephawuliwe- kungaba:
izimpande @ dns: ~ # nano /etc/apt/source.list deb http: // 192.168.10.1.
Sibuyekeza uhlelo
(i-imeyili ivikelwe): ~ # ukubuyekeza kokufaneleka izimpande @ dns: ~ # ukuthuthukisa ukufaneleka izimpande @ dns: ~ # qala kabusha
Sifaka i-SSH ukufinyelela kude
izimpande @ dns: ~ # ukufaneleka ukufaka i-ssh
Ukuvumela umsebenzisi ukuthi aqale iseshini esikude nge-SSH izimpande -kusuka ku-Enterprise LAN kuphela- siguqula ifayela layo lokumisa:
izimpande @ dns: ~ # nano / etc / ssh / sshd_config .... PermitRootLogin yebo .... izimpande @ dns: ~ # systemctl qala kabusha ssh.service izimpande @ dns: ~ # systemctl isimo ssh.service
Siqala iseshini esikude ngeSSH ku- «dns» kusuka kumshini we- «sysadmin»:
buzz @ sysadmin: ~ $ rm .ssh / known_hosts buzz @ sysadmin: ~ $ ssh root@192.168.10.5 ... iphasiwedi ye-root@192.168.10.5: ... root @ dns: ~ #
Amafayela wokumisa ayinhloko
Amafayela amakhulu wokumiswa kwesistimu azoba ngokokukhetha kwethu ngesikhathi sokufakwa:
izimpande @ dns: ~ # ikati / njll / imikhosi
127.0.0.1 localhost
192.168.10.5 dns.desdelinux.fan dns
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
izimpande @ dns: ~ # ikati /etc/resolv.conf
search desdelinux.fan nameserver 127.0.0.1
izimpande @ dns: ~ # igama lomethuleli
dns
izimpande @ dns: ~ # igama lomgcini -f
dns.desdelinux.umlandeli
izimpande @ dns: ~ # ikati / njll / inethiwekhi / izinhlaka
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.5
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
dns-search desdelinux.umlandeli
Sifaka amaphakheji amahle kakhulu
izimpande @ dns: ~ # ukufaneleka ukufaka i-htop mc deborphan
Ukuhlanza amaphakheji alandiwe, uma akhona
izimpande @ dns: ~ # ukufaka ukufaneleka -f root @ dns: ~ # aptitude purge ~ c root @ dns: ~ # aptitude clean root @ dns: ~ # aptitude autoclean
Sifaka i-BIND9
- NGAPHAMBI kokufaka ISIBOPHO sincoma kakhulu vakashela ikhasi Izinhlobo zerekhodi le-DNS ku-Wikipedia, zombili ngezinguqulo zayo zaseSpain nezesiNgisi Lezi zinhlobo zamarejista yizo esizozisebenzisa ukumisa amafayela weZones, womabili aqonde ngqo naphindayo. Kuyafundisa kakhulu ukwazi ukuthi sibhekene nani.
- Futhi siphakamisa funda okulandelayo Isicelo samazwana RFC - Izicelo zamazwana, ezihlobene kakhulu nokusebenza okunempilo kwensizakalo ye-DNS, ikakhulukazi maqondana nokuphindisela kumaseva ezimpande:
- Ama-RFCs 1912, 5735, 6303, kanye ne-BCP 32: ephathelene ne- localhost
- Ama-RFCs 1912, 6303: Indawo yesitayela yekheli le-IPv6 lendawo yasendaweni
- Ama-RFCs 1912, 5735 kanye no-6303: Okuhlobene Nenethiwekhi Yasendaweni - «Lokhu» Inethiwekhi
- Ama-RFCs 1918, 5735 kanye no-6303: Amanethiwekhi Wokusetshenziswa Okuyimfihlo
- RFC 6598: Isikhala Samakheli Abiwe
- Ama-RFCs 3927, 5735 kanye no-6303: Xhumanisa-okwasendaweni / APIPA
- Ama-RFCs 5735 kanye no-5736: Izabelo ze-Internet Engineering Task Force
- Ama-RFCs 5735, 5737 kanye no-6303: ISIVIVINYO-NET- [1-3] Samaphepha
- Ama-RFCs 3849 no-6303: Ibanga Lesibonelo le-IPv6 leMibhalo
- I-BCP 32: Amagama Esizinda Emibhalo Nokuhlolwa
- Ama-RFCs 2544 kanye no-5735: Ukuhlolwa kwe-Router Benchmark
- RFC 5735: IANA Igcinelwe - Isikhala Esidala Ekilasini E
- RFC 4291: Amakheli we-IPv6 Angabelwe
- Ama-RFCs 4193 kanye no-6303: IPv6 ULA
- Ama-RFCs 4291 kanye no-6303: IPv6 Link Local
- Ama-RFCs 3879 kanye no-6303: Amakheli e-IPv6 Acekisiwe Esayithi
- I-RFC 4159: IP6.INT yehlisiwe
Ukufakwa
izimpande @ dns: ~ # search aptitude bind9 p bind9 - I-Internet Domain Name Server p p bind9-doc - Imibhalo ye-BIND i bind9-host - Inguqulo ye-'host 'ehlanganiswe ne-BIND 9.X p bind9utils - Izinsiza ze-BIND p gforge-dns-bind9 - ithuluzi lokusebenzisana lokusebenzisana - Ukuphathwa kwe-DNS (usebenzisa iBind9) i Libbind9-90 - ILabhulali Eyabiwe ye-BIND9 esetshenziswe yi-BIND
Futhi zama ukugijima usesho lokufaneleka ~ dbind9
izimpande @ dns: ~ # ukufaneleka ukufaka bind9 izimpande @ dns: ~ # systemctl qala kabusha bind9.service izimpande @ dns: ~ # isimo se-systemctl bind9.service ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; inikwe amandlaUkungena: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Isebenza: isebenza (isebenza) kusukela ngoLwesihlanu 2017-02-03 10:33:11 EST; 1s ago Amadokhumenti: man: named (8) Inqubo: 1460 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 1465 (named) CGroup: /system.slice/bind9.service └─1465 / usr / sbin / named -f -u bind Feb 03 10:33:11 dns named [1465]: othomathikhi zone ezingenalutho: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns okuthiwa [1465]: umyalo wesiteshi olalele ku-127.0.0.1 # 953 Feb 03 10:33:11 dns eqanjwe [1465]: umyalo wesiteshi olalele ku :: 1 # 953 Feb 03 10:33:11 dns eqanjwe [1465]: iphethwe -keys-zone: serial serial Feb 2 03 10:33:11 dns named [1465]: zone 0.in-addr.arpa/IN: serial serial Feb 1 03 10:33:11 dns okuthiwa [1465]: zone localhost / IN: serial serial Feb 2 03 10:33:11 dns named [1465]: zone 127.in-addr.arpa/IN: serial serial Feb 1 03 10:33:11 dns named [1465]: zone 255.in -addr.arpa/IN: serial serial 1 Feb 03 10:33:11 dns named [1465]: zonke izindawo ezilayishwe Feb 03 10:33:11 dns named [1465]: egijima Ukusikisela: Eminye imigqa yayihlisiwe, sebenzisa -l ukukhombisa ngokugcwele.
Amafayela wokucushwa afakwe yi-BIND9
Ngendlela ehluke kancane kunokumisa insizakalo ye-DNS ku-CentOS naku-OpenSUSE, ku-Debian amafayela alandelayo adalwe enkombeni / njll / bind:
izimpande @ dns: ~ # ls -l / etc / bind / Imininingwane 52 -rw-r - r-- 1 impande impande 2389 Jun 30 2015 bind.keys -rw-r - r-- 1 impande impande 237 Jun 30 2015 db.0 -rw-r - r-- 1 impande 271 UJun 30 2015 db.127 -rw-r - r-- 1 impande impande 237 Juni 30 2015 db.255 -rw-r - r-- 1 impande impande 353 Jun 30 2015 db.empty -rw- r - r-- Impande eyi-1 impande 270 Jun 30 2015 db.local -rw-r - r-- 1 impande 3048 Jun 30 2015 db.root -rw-r - r-- 1 impande ibopha 463 Jun 30 2015 eqanjwe.conf -rw-r - r-- 1 impande ibopha ama-490 Jun 30 2015 aqanjwe igama elithi.conf.default-zones -rw-r - r-- 1 root bind 165 Jun 30 2015 named.conf.local -rw -r - r-- 1 root bind 890 Feb 3 10:32 named.conf.options -rw-r ----- 1 bind bind 77 Feb 3 10:32 rndc.key -rw-r - r- - 1 impande izimpande 1317 Jun 30 2015 zones.rfc1918
Wonke amafayela angenhla asembhalweni ocacile. Uma sifuna ukwazi incazelo nokuqukethwe yilowo nalowo wabo, singakwenza sisebenzisa imiyalo Ngaphansi o cat, okungumkhuba omuhle.
Imibhalo ehambisana nayo
Encwadini yamakheli / usr / share / doc / bind9 sizoba:
izimpande @ dns: ~ # ls -l / usr / share / doc / bind9 Imininingwane engu-56 -rw-r - r-- 1 impande 5927 Jun 30 2015 copyright -rw-r - r-- 1 impande 19428 30 Jun 2015 1 changelog.Debian.gz -rw-r - r-- 11790 impande 27 Jan 2014 1 FAQ.gz -rw-r - r-- 396 impande 30 Jun 2015 1 IZINDABA.Debian.gz -rw-r - r-- 3362 impande 30 Jun 2015 1 README.Debian. Gz -rw- r - r-- 5840 impande 27 Jan 2014 XNUMX README.gz
Emibhalweni edlule sizothola Izinto Zokufunda Eziningi esizincomayo ukuthi zifundwe NGAPHAMBI kokulungiselela ISIBOPHO, ngisho nangaphambi kokuba useshe i-Intanethi ngezindatshana ezihlobene ne-BIND ne-DNS ngokujwayelekile.. Sizofunda okuqukethwe kwamanye alawo mafayela:
Imibuzo Evame Ukubuzwa o Fngokufanele Asked Qimibono mayelana nokubopha 9
- Imibuzo Yokuhlanganisa Nokufaka - Imibuzo ngokuhlanganiswa nokufakwa
- Imibuzo Yokumisa Nokusetha - Imibuzo mayelana ukumisa kanye Tuning
- Imibuzo Yokusebenza - Imibuzo mayelana nokusebenza
- Imibuzo Ejwayelekile - Imibuzo ejwayelekile
- Imibuzo Eqondene Nohlelo Lokusebenza - Imibuzo ethile mayelana neSistimu ngayinye yokusebenza
- I-HPUX
- Linux
- Windows
- I-FreeBSD
- Solaris
- I-Apple Mac OS X
IZINDABA.Debian.gz
IZINDABA.UDebian usitshela ngokufingqiwe ukuthi amapharamitha vumela i-cache-query y vumela-ukuphinda kwenzeke inikwa amandla ngokuzenzakalela kuma-ACL ashumekwe ku-Bopha -eyakhelwe ngaphakathi- 'amanethi wendawo'futhi'localhost'. Futhi kusazisa ukuthi izinguquko ezizenzakalelayo zenziwe ukwenza amaseva we-cache angakhangi kangako ekuhlaselweni ngu Ukusakaza kusuka kumanethiwekhi angaphandle.
Ukuhlola okulotshwe esigabeni esedlule, uma kusuka kumshini kunethiwekhi uqobo 192.168.10.0/24 que es la de nuestro ejemplo, realizamos una petición DNS sobre el dominio desdelinux.net, y al mismo tiempo en el propio servidor dns.desdelinux.umlandeli sikhipha umsila -f / var / log / syslog sizothola okulandelayo:
buzz @ sysadmin: ~ $ dig localhost .... ;; UKUKHETHA UKUKHETHA :; I-EDNS: inguqulo: 0, amafulegi :; udp: 4096 ;; ISIQEPHU SOMBUZO :; i-localhost. PHAKATHI KU ;; ISIGABA SEMPENDULO: i-localhost. I-604800 IN A 127.0.0.1 ;; ISIGUNYA SEZIPHATHIMANDLA: i-localhost. 604800 IN NS wendawohost. ;; ISIQEPHU ESINGEZIWE: i-localhost. 604800 IN AAAA :: 1 buzz@sysadmin:~$ dig desdelinux.net .... ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;desdelinux.net. IN A ....
izimpande @ dns: ~ # umsila -f / var / log / syslog .... Feb 4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:7fd::1#53 Feb 4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:503:c27::2:30#53 ....
Umphumela we syslog yinde kakhulu ngenxa yokuseshwa kwamaseva ezimpande NGOKUBOPHA. Vele ifayela /etc/resolv.conf eqenjini sysadmin.desdelinux.umlandeli ikhomba ku-DNS 192.168.10.5.
Kusukela ekusebenzeni kwemiyalo yangaphambilini singathola iziphetho eziningana a priori:
- I-BIND ihlelwe ngokuzenzakalela njenge-Cache Server esebenzayo ngaphandle kwesidingo sokumiswa okulandelayo, futhi iphendula imibuzo ye-DNS amanethi wendawo futhi i localhost
- Ukuphinda - recursion ivunyelwe i- amanethi wendawo futhi i localhost
- Ayikabi iseva yokugunyazwa
- Ngokungafani ne-CentOS, lapho bekufanele simemezele ipharamitha «Itheku lokulalela eliku-53 {127.0.0.1; 192.168.10.5; }; » ngokucacile ukulalela izicelo ze-DNS ngaphezulu kwesixhumi esibonakalayo senethiwekhi 192.168.10.5 I-DNS uqobo, ku-Debian akudingekile ngoba isekela izicelo ze-DNS ze amanethi wendawo futhi i localhost okuzenzakalelayo. Buyekeza okuqukethwe kufayela /etc/bind/named.conf.options futhi bazobona ukuthi akukho sitatimende lalela.
- Imibuzo ye-IPv4 ne-IPv6 inikwe amandla
Uma nje ngokufunda nokutolika - ithini njengoba sisho eCuba- ingobo yomlando IZINDABA.Debian.gz Sifinyelele eziphethweni ezithokozisayo ezisivumela ukuthi sazi okuthe xaxa mayelana ne-Default Configuration Philosophy yeTeam Debian maqondana nokuBopha, yiziphi ezinye izinto ezithokozisayo esingazazi ngokuqhubeka nokufunda amafayela eMibhalo Ehambisana Nakho?.
FUNDA.Debian.gz
FUNDA.I-Debian isazisa -kuphakathi kwezinye izinto eziningi- ukuthi i-Security Extensions ye-Domain Name System - Izandiso Zokuphepha Kwesistimu Yegama Lesizinda o DNSSEC, zivunyelwe; futhi iqinisekisa ukuthi ukumiswa okuzenzakalelayo kusebenza kumaseva amaningi (ama-server server - amaseva amaqabunga ebhekisa emaqabunga esihlahla sesizinda) ngaphandle kwesidingo sokungenelela komsebenzisi.
- DNSSEC ngokusho kweWikipediaI-Domain Name System Security Extensions (DNSSEC) iqoqo lezincazelo ze-Internet Engineering Task Force (IETF) ukuvikela izinhlobo ezithile zolwazi olunikezwa ngegama lesizinda sohlelo (DNS) elisetshenziswe kwi-Internet Protocol (IP). Kuyisethi yezandiso kwi-DNS enikezela amaklayenti we-DNS (noma ama-resolution) ngokuqinisekiswa komthombo wedatha ye-DNS, ukuphika okuqinisekisiwe kobukhona nobuqotho bemininingwane, kepha hhayi ukutholakala noma imfihlo.
Mayelana nalokho Isikimu sokumisa isitshela ukuthi wonke amafayili wokumiswa kwe-Static, ama-Zone Files wamaseva ezimpande, kanye neZindawo eziPhambili neziguqukayo ze localhost bangena / njll / bind.
Isiqondisi Sokusebenza KweDimoni okuthiwa es / var / cache / bind ukuze noma yiliphi ifayili lesikhashana elenziwe yi okuthiwa okufana nemininingwane esebenza njengeServer Server, kubhaliwe kuhlelo lwefayela / var, okuyilapho bekhona.
Ngokungafani nezinguqulo zangaphambilini ze-BIND package ye-Debian, file igama.conf futhi i db. * kuhlinzekiwe, zibhalwe njengamafayela wokumisa. Ngendlela yokuthi uma sidinga i-DNS Server esebenza ikakhulu njenge-Cache Server futhi engagunyaziwe kunoma ngubani omunye umuntu, singayisebenzisa njengoba ifakiwe futhi ilungiselelwe ngokuzenzakalela.
Uma udinga ukusebenzisa i-DNS egunyaziwe, basikisela ukubeka amafayela we-Master Zones enkombeni efanayo / njll / bind. Uma ubunzima bezindawo lapho i- okuthiwa kuzoba nokugunyazwa kuyayidinga, kuyanconywa ukuthi kwakhiwe isakhiwo esingaqondakali, kubhekiswe kumafayela ezoni ngokuphelele efayeleni igama.conf.
Noma yiliphi Ifayela Lezoni lapho i- okuthiwa yenza njengeServe Server kufanele itholakale ku- / var / cache / bind.
Ama-Zone Files akhonjelwe ku-Dynamic Updates yi-DHCP noma umyalo buyekeza, kufanele igcinwe ku- / var / lib / bind.
Uma uhlelo lokusebenza lusebenzisa isembatho, Iphrofayili efakiwe isebenza kuphela ngezilungiselelo ezizenzakalelayo ze-BIND. Izinguquko ezilandelayo ekucushweni kwe- okuthiwa zingadinga ushintsho kuphrofayli ye-apparmor. Kuvakashelwe https://wiki.ubuntu.com/DebuggingApparmor ngaphambi kokugcwalisa ifomu elisola a bug kuleyo nkonzo.
Kunezinkinga eziningi ezihlobene nokusebenzisa i-Debian BIND ku-Chroot Cage - ijele le-chroot. Vakashela http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html ukuthola eminye imininingwane.
Olunye ulwazi
umuntu ogama lakhe, igama lomuntu.conf, indoda egama lingu-checkconf, indoda egama lingu-checkzone, indoda rndc, njalonjalo
izimpande @ dns: ~ # eqanjwe -v Bopha i-9.9.5-9 + deb8u1-Debian (I-Extended Support Version) izimpande @ dns: ~ # eqanjwe -V Bopha i-9.9.5-9 + deb8u1-Debian (I-Extended Support Version) eyakhiwe nge- '--prefix = / usr' '--mandir = / usr / share / man' \ '--infodir = / usr / share / info' '--sysconfdir = / etc / bind' \ '- -localstatedir = / var '' --able-threads '' --ableable-largefile '\' --with-libtool '' --ableable-shared '' --able-static '\' --with-openssl = / usr '' --with-gssapi = / usr '' --with-gnu-ld '\ --with-geoip = / usr' '--with-atf = cha' '-nika amandla-ipv9' ' --able-rrl '\' --able-filter-aaaa '\' CFLAGS = -fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O8 'ehlanganiswe yi-GCC 50 isebenzisa inguqulo ye-OpenSSL : OpenSSL 6k 2 Jan 4.9.2 kusetshenziswa inguqulo ye-libxml1.0.1: 8 izimpande @ dns: ~ # ps -e | grep iqanjwe 408? 00:00:00 igama lakhe izimpande @ dns: ~ # ps -e | grep bopha 339? 00:00:00 rpcbind izimpande @ dns: ~ # ps -e | grep bind9 izimpande @ dns: ~ # izimpande @ dns: ~ # ls / var / run / named / igama lesikhathi.pid session.key izimpande @ dns: ~ # ls -l /var/run/named/named.pid -rw-r-r-- 1 bopha ukubopha 4 Feb 4 13: 20 /var/run/named/named.pid izimpande @ dns: ~ # isimo se-rndc inguqulo: 9.9.5-9 + deb8u1-Debian Ama-CPU atholakele: Imicu eyisisebenzi e-9: Abalaleli abangu-8 be-UDP isikhombimsebenzisi ngasinye: Inombolo yezoni engu-50: Izinga lokulungisa iphutha elingu-1: 1 ama-xfers asebenzayo: 1 ama-xfers ahlehlisiwe: Imibuzo engu-100 eqhubekayo: Imibuzo engu-0 yokufaka ngemvume KUVALIWE amaklayenti aphindaphindwayo: 0/0/0 tcp amaklayenti: iseva engu-0/0 iyasebenza
- Akunakuphikwa ukubaluleka kokuthintana neMibhalo efakwe nephakheji le-BIND9 ngaphambi kwanoma yimuphi omunye.
bind9-idokodo
izimpande @ dns: ~ # aptitude install bind9-doc links2 izimpande @ dns: ~ # dpkg -L bind9-doc
Iphakheji bind9-idokodo ifaka, phakathi kweminye imininingwane ewusizo, i-BIND 9 Administrator Reference Manual. Ukufinyelela ibhukwana -ngesiNgisi- senza:
(i-imeyili ivikelwe): ~ # izixhumanisi ifayili2: ///usr/share/doc/bind9-doc/arm/Bv9ARM.html
BIND 9 Manual Reference Manual Copyright (c) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (c) 2000-2003 Internet Software Consortium.
Sithemba ukuthi uyakujabulela ukuyifunda.
- Ngaphandle kokushiya ikhaya, sinemibhalo Eningiliziwe Esemthethweni mayelana nokuBOPHA kanye nensizakalo ye-DNS iyonke.
Silungiselela i-BIND ngesitayela se-Debian
/etc/bind/named.conf "uthishanhloko"
izimpande @ dns: ~ # nano /etc/bind/named.conf // Leli yifayela lokucushwa eliyinhloko leseva ye-BIND DNS eqanjwe. // // Sicela ufunde /usr/share/doc/bind9/README.Debian.gz ukuthola ulwazi ku- // isakhiwo samafayela wokumisa we-BIND ku-Debian, * NGAPHAMBI * kokwenza ngokwezifiso // leli fayela lokumisa. // // Uma ungeza nje izindawo, sicela wenze lokho ku- /etc/bind/named.conf.local faka "/etc/bind/named.conf.options"; faka "/etc/bind/named.conf.local"; faka i - "/etc/bind/named.conf.default-zones";
Ingabe isihloko esibekiwe sidinga ukuhunyushwa?
/etc/bind/named.conf.options
izimpande @ dns: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original
izimpande @ dns: ~ # nano /etc/bind/named.conf.options
izinketho {lwemibhalo "/ var / cache / bind"; // Uma kukhona i-firewall phakathi kwakho nama-nameservers ofuna // ukukhuluma nawo, kungadingeka ukuthi ulungise i-firewall ukuze uvumele amachweba amaningi we-// ukuthi akhulume. Bona i-http: //www.kb.cert.org/vuls/id/800113 // Uma i-ISP yakho inikeze ikheli elilodwa noma amaningi e-IP ngama-nameservers ezinzile //, mhlawumbe ufuna ukuwasebenzisa njengabathumeli. // Khipha ibhulokhi elandelayo, bese ufaka amakheli afaka esikhundleni se-placeholder se-all-0. // abadlulisela phambili {// 0.0.0.0; //}; // ========================================== = ==================== $ // Uma BUNGELA izingodo imilayezo yephutha mayelana nokhiye wezimpande ophelelwe yisikhathi, // uzodinga ukuvuselela okhiye bakho. Bona https://www.isc.org/bind-keys // ================================= ============================== $
// Asifuni i-DNSSEC
dnssec-nika amandla cha;
//auto auto validation;
i-Author-nxdomain no; #vumelana ne-RFC1035
// Asidingi ukulalela amakheli we-IPv6
// lalela-ku-v6 {noma yikuphi; };
lalela-ku-v6 {lutho; };
// Ukuhlolwa okuvela ku-localhost naku-sysadmin
// mediante dig desdelinux.fan axfr
// No tenemos DNS Esclavos... hasta ahora
vumela-dlulisa i- {localhost; 192.168.10.1; };
};
izimpande @ dns: ~ # okuthiwa-checkconf
izimpande @ dns: ~ #
/etc/bind/named.conf.local
Konhlokweni ophawuliwe waleli fayela, bancoma ukuthi kufakwe amaZoni akhonjiswe kufayela le- I-RFC-1918 kuchazwe kufayela /etc/bind/zones.rfc1918. Ukufakwa kwalezi zindawo endaweni kunikeza ukuthi noma imuphi umbuzo maqondana nawo awushiyi inethiwekhi yendawo iye kumaseva empande, anezinzuzo ezimbili ezibalulekile:
- Ukulungiswa okusheshayo kwasendaweni kubasebenzisi bendawo
- Ayenzi ithrafikhi engadingekile - noma engamanga - eseva yezimpande.
Ngokwami, anginakho ukuxhumeka kwe-inthanethi ukuze ngivivinye ukuphindeka noma ukudlulisela phambili. Kodwa-ke, futhi njengoba singakasebenzisi i-Recursion kufayela le-.conf.options ukuthi lisebenze - ngezindlela zokuphindaphinda hhayi; - singafaka izindawo ezichazwe ngenhla nezinye engizichaza ngezansi.
Lapho ufaka i-BIND 9.9.7 ku-FreeBSD 10.0 Operating System, nayo eyi-Software yamahhala, ifayela lokumisa /usr/local/etc/namedb/named.conf.sample Iqukethe uchungechunge oluphelele lwezindawo ezincoma ukuthi kusetshenzelwe endaweni yangakini ku- -also- ukuthola izinzuzo ezibalulwe ngenhla.
Ukuze ungaguquli ukumiswa kwe-BIND kwasekuqaleni ku-Debian, siphakamisa ukuthi kudalwe ifayili /etc/bind/zones.rfcFreeBSD bese uyifaka kufayela le- /etc/bind/named.conf.local ngokuqukethwe okuboniswe ngezansi, nangezindlela - izindlela kumafayela asevele eguqulelwe ku-Debian:
izimpande @ dns: ~ # nano /etc/bind/zones.rfcFreeBSD
// Isikhala Samakheli Abiwe (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
// Isixhumanisi sendawo / i-APIPA (RFCs 3927, 5735 kanye ne-6303)
indawo "254.169.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };
Izabelo ze-// IETF protocol (RFCs 5735 kanye no-5736)
indawo "0.0.192.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// I-TEST-NET- [1-3] Yemibhalo (i-RFCs 5735, 5737 ne-6303)
indawo "2.0.192.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "100.51.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "113.0.203.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// Ibanga Lesibonelo le-IPv6 leMibhalo (ama-RFCs 3849 no-6303)
indawo "8.bd0.1.0.0.2.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// Amagama Esizinda Wokubhalwa Kwemibhalo Nokuhlolwa (BCP 32)
zone "test" {type master; ifayela "/etc/bind/db.empty"; }; zone "example" {type master; ifayela "/etc/bind/db.empty"; }; indawo "engavumelekile" {uhlobo lwenkosi; ifayela "/etc/bind/db.empty"; }; indawo "example.com" {type master; ifayela "/etc/bind/db.empty"; }; indawo "example.net" {type master; ifayela "/etc/bind/db.empty"; }; indawo "example.org" {type master; ifayela "/etc/bind/db.empty"; };
// Ukuhlolwa kweBenchmark Benchmark (RFCs 2544 no-5735)
indawo "18.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "19.198.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// IANA Igcinwe - Isikhala Esidala E (RFC 5735)
indawo "240.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "241.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "242.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "243.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "244.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "245.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "246.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "247.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "248.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "249.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "250.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "251.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "252.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "253.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "254.in-addr.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// Amakheli we-IPv6 angabelwe (RFC 4291)
indawo "1.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "8.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "a.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "b.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "c.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "d.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "e.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "0.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "1.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "2.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "8.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.f.ip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "afip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "bfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "0.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "1.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "2.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "3.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "4.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "5.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "6.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "7.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// IPv6 ULA (RFCs 4193 no-6303)
indawo "cfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "dfip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// IPv6 Link Local (RFCs 4291 kanye 6303)
indawo "8.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "9.efip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "aefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "befip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// Amakheli e-IPv6 ahoxisiwe eSayithi (i-RFCs 3879 ne-6303)
indawo "cefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "defip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "eefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; }; indawo "fefip6.arpa" {type master; ifayela "/etc/bind/db.empty"; };
// IP6.INT yehlisiwe (RFC 4159)
indawo "ip6.int" {type master; ifayela "/etc/bind/db.empty"; };
Yize sikuqedile ukuthi kungenzeka kulalelwe izicelo ze-IPv6 kusibonelo sethu, kufanelekile ukufaka izindawo ze-IPv6 efayeleni eledlule kulabo abazidingayo.
Okuqukethwe kokugcina kwe- /etc/bind/named.conf.local es:
izimpande @ dns: ~ # nano /etc/bind/named.conf.local
// // Ingabe kukhona ukumiswa kwasendaweni lapha // // Cabanga ukungeza izindawo ze-1918 lapha, uma zingasetshenziswa enhlanganweni yakho //
faka phakathi "/etc/bind/zones.rfc1918"; faka i- "/etc/bind/zones.rfcFreeBSD";
// Isimemezelo segama, uhlobo, indawo kanye nemvume yokuvuselela
// yezindawo zamarekhodi e-DNS // zombili lezi zindawo zingamakhosi
indawo"desdelinux.umlandeli" {
uhlobo lokubhala;
file "/var/lib/bind/db.desdelinux.umlandeli";
};
indawo "10.168.192.in-addr.arpa" {
uhlobo lokubhala;
ifayela "/var/lib/bind/db.10.168.192.in-addr.arpa";
};
izimpande @ dns: ~ # okuthiwa-checkconf izimpande @ dns: ~ #
Sakha amafayela eZoni ngayinye
Okuqukethwe kwamafayela endaweni ngayinye kungakopishwa ngokoqobo kusuka ku-athikili «I-DNS ne-DHCP ku-CentOS 7«, Uma nje siqikelela ukushintshela umkhombandlela wendawo lapho uya khona / var / lib / bind:
[root@dns ~]# nano /var/lib/bind/db.desdelinux.umlandeli $TTL 3H @ IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.umlandeli. ( 1 ; serial 1D ; vuselela 1H ; zama futhi 1W ; phelelwa yisikhathi 3H ); ubuncane noma; Isikhathi sokulondoloza isikhashana esingesihle sokuphila; @ IN NS dns.desdelinux.umlandeli. @ IN MX 10 i-imeyili.desdelinux.umlandeli. @KU-TXT "DesdeLinux, ibhulogi yakhe enikezelwe kwisofthiwe yamahhala "; i-Sysadmin ku-A 192.168.10.1 AD-DC IN A 192.168.10.3 FILESERVER IN A 192.168.10.4 DNS IN A 192.168.10.5 PROXYWEB IN A 192.168.10.6 VER IN A 192.168.10.7 imeyili KU-A 192.168.10.8 [izimpande @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa $TTL 3H @ IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.umlandeli. ( 1 ; serial 1D ; vuselela 1H ; zama futhi 1W ; phelelwa yisikhathi 3H ); ubuncane noma; Isikhathi sokulondoloza isikhashana esingesihle sokuphila; @ IN NS dns.desdelinux.umlandeli. ; 1 KU-PTR sysadmin.desdelinux.umlandeli. 3 KU-PTR ad-dc.desdelinux.umlandeli. 4 KU-PTR iseva yefayela.desdelinux.umlandeli. 5 KU-PTR dns.desdelinux.umlandeli. 6 IN PTR yewebhu yommeleli.desdelinux.umlandeli. 7 KU-PTR ibhulogi.desdelinux.umlandeli. 8 IN PTR ftpserver.desdelinux.umlandeli. 9 KU-PTR imeyili.desdelinux.umlandeli.
Sihlola i-syntax yendawo ngayinye
root@dns:~# named-checkzone desdelinux.fan /var/lib/bind/db.desdelinux.umlandeli Indawo desdelinux.fan/IN: kulayishiwe uchungechunge 1 Kulungile izimpande @ dns: ~ # okuthiwa-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa indawo engu-10.168.192.in-addr.arpa/IN: i-serial elayishiwe engu-1 KULUNGILE
Ukuhlola izilungiselelo ezijwayelekile zokubopha
izimpande @ dns: ~ # okuthiwa-checkconf -zp
- Ukulandela inqubo yokuguqula i- igama.conf Ngokuya ngezidingo zethu kanye nokuhlola, nokwakha ifayili lendawo ngayinye bese ulihlola, siyangabaza ukuthi kuzodingeka sibhekane nezinkinga ezinkulu zokumiswa. Ekugcineni siyabona ukuthi ngumdlalo womfana, onemiqondo eminingi ne-syntax yokuxabana. 😉
Amasheke abuyise imiphumela egculisayo, ngakho-ke singaqala kabusha ISIBOPHO - okuthiwa.
Siqala kabusha i-BIND bese sihlola isimo sayo
[root @ dns ~] # systemctl qala kabusha bind9.service [root @ dns ~] # systemctl isimo bind9.service ● bind9.service - BIND Domain Name Server Loaded: packed (/lib/systemd/system/bind9.service; enabled) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Iyasebenza: iyasebenza (iyasebenza) kusukela ngeLanga 2017-02-05 07:45:03 EST; 5s ago Amadokhumenti: man: named (8) Inqubo: 1345 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 1350 (named) CGroup: /system.slice/bind9.service └─1350 / usr / sbin / named -f -u bind Feb 05 07:45:03 dns named [1350]: zone 1.f.ip6.arpa/IN: serial serial 1 Feb 05 07: 45: 03 dns eqanjwe [1350]: zone afip6.arpa/IN: serial serial 1 Feb 05 07:45:03 dns named [1350]: zone localhost / IN: serial serial 2 Feb 05 07: 45: 03 dns eqanjwe [1350]: zone test / IN: serial elayishiwe 1 Feb 05 07:45:03 dns eqanjwe [1350]: zone example / IN: serial serial 1 Feb 05 07:45:03 dns named [1350]: zone 5.efip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone bfip6.arpa/IN: serial serial 1 Feb 05 07:45:03 dns named [1350]: zone ip6.int/IN: serial serial 1 Feb 05 I-07: i-45: i-dns eqanjwe ngo- [03]: wonke amazoni alayishwe ngo-Feb 1350 05:07:45 ama-dns aqanjwe [03]: ukugijima
Uma sithola noma yiluphi uhlobo lwephutha ekukhipheni komyalo wokugcina, kufanele siqale kabusha ifayela le- igama.inkonzo bese uphinde uhlole i- Isimo. Uma amaphutha engasekho, insiza iqalwe ngempumelelo. Ngaphandle kwalokho, kufanele senze ukubuyekeza okuphelele kwawo wonke amafayela aguquliwe nadaliwe, bese siphinda inqubo.
Amasheke
Amasheke angaqhutshwa kuseva efanayo noma emshinini oxhunywe kwi-LAN. Sincamela ukukwenza kusuka eqenjini sysadmin.desdelinux.umlandeli esinikeze imvume ebonakalayo yokwenza iZones Transfers. Ifayela /etc/resolv.conf walelo qembu yilokhu okulandelayo:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Kwenziwe usesho lwe-NetworkManager desdelinux.fan nameserver 192.168.10.5 buzz@sysadmin:~$ dig desdelinux.umlandeli axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; izinketho zomhlaba jikelele: +cmd desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.umlandeli. 1 86400 3600 604800 10800 desdelinux.umlandeli. 10800 IN NS dns.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN MX 10 i-imeyili.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN TXT"DesdeLinux, Ibhulogi yakho enikezelwe ku-Free Software" ad-dc.desdelinux.umlandeli. 10800 IN A 192.168.10.3 blog.desdelinux.umlandeli. 10800 KU-A 192.168.10.7 dns.desdelinux.umlandeli. 10800 KUYA KU-192.168.10.5 iseva yefayela.desdelinux.umlandeli. 10800 KU-192.168.10.4 ftpserver.desdelinux.umlandeli. 10800 KU-imeyili ethi 192.168.10.8.desdelinux.umlandeli. 10800 KU-proxyweb engu-192.168.10.9.desdelinux.umlandeli. 10800 KU-192.168.10.6 sysadmin.desdelinux.umlandeli. 10800 KUYA KU-192.168.10.1 desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Query time: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; NINI: ILanga Feb 05 07: 49: 01 EST 2017 ;; Usayizi we-XFR: amarekhodi ayi-13 (imiyalezo 1, amabhayithi 385) buzz @ sysadmin: ~ $ bamba 10.168.192.in-addr.arpa axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr ;; izinketho zomhlaba jikelele: +cmd 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 IN NS dns.desdelinux.umlandeli. 1.10.168.192.in-addr.arpa. 10800 KU-PTR sysadmin.desdelinux.umlandeli. 3.10.168.192.in-addr.arpa. 10800 KU-PTR ad-dc.desdelinux.umlandeli. 4.10.168.192.in-addr.arpa. 10800 IN PTR fileserver.desdelinux.umlandeli. 5.10.168.192.in-addr.arpa. 10800 KU-PTR dns.desdelinux.umlandeli. 6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux.umlandeli. 7.10.168.192.in-addr.arpa. 10800 KU-PTR ibhulogi.desdelinux.umlandeli. 8.10.168.192.in-addr.arpa. 10800 IN PTR ftpserver.desdelinux.umlandeli. 9.10.168.192.in-addr.arpa. 10800 KU-PTR imeyili.desdelinux.umlandeli. 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Query time: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; NINI: ILanga Feb 05 07: 49: 47 EST 2017 ;; Usayizi we-XFR: amarekhodi ayi-11 (imiyalezo 1, amabhayithi 333) buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli buzz@sysadmin:~$ dig IN MX desdelinux.fan buzz@sysadmin:~$ dig IN TXT desdelinux.umlandeli buzz @ sysadmin: ~ $ umphathi we-proxyweb proxyweb.desdelinux.umlandeli unekheli 192.168.10.6 buzz @ sysadmin: ~ $ host ftpserver ftpserver.desdelinux.umlandeli unekheli 192.168.10.8 buzz @ sysadmin: ~ $ umsingathi 192.168.10.9 9.10.168.192.in-addr.arpa domain name pointer mail.desdelinux.umlandeli.
… Nanoma yikuphi okunye ukuhlola okudingayo.
Sifaka futhi silungiselela i-DHCP
Ku-Debian, insizakalo ye-DHCP inikezwa yiphakheji i-isc-dhcp-iseva:
izimpande @ dns: ~ # usesho lokufaneleka i-isc-dhcp i-isc-dhcp-client - iklayenti le-DHCP lokuthola ngokuzenzakalela ikheli le-IP p isc-dhcp-client-dbg - ISC DHCP iseva yokunikezwa kwekheli le-IP okuzenzakalelayo (iklayenti lokulungisa iphutha) i-isc-dhcp-common - amafayela ajwayelekile asetshenziswa yiwo wonke amaphakheji we-isc-dhcp p isc-dhcp-dbg - iseva ye-ISC DHCP yokunikezwa kwekheli le-IP okuzenzakalelayo (ukulungisa iphutha uphawu p isc-dhcp-dev - i-API yokufinyelela nokuguqula iseva ye-DHCP nombuso wamakhasimende p isc-dhcp-relay - i-ISC DHCP edluliselwe I-daemon p isc-dhcp-relay-dbg - Iseva ye-ISC DHCP yokunikezwa kwekheli le-IP okuzenzakalelayo (ukudlulisa iphutha) p isc-dhcp-server - ISC DHCP iseva yokunikezwa kwekheli le-IP okuzenzakalelayo p isc-dhcp-server-dbg - ISC DHCP iseva ye ukunikezwa kwekheli le-IP okuzenzakalelayo (ukulungisa iphutha leseva) p isc-dhcp-server-ldap - iseva ye-DHCP esebenzisa i-LDAP njengokubuyela emuva (i-imeyili ivikelwe): ~ # ukufaka ukufaneleka isc-dhcp-server
Ngemuva kokufakwa kwephakeji, i -omnipresent- i-systemd ikhala ngokuthi ayikwazi ukuqala isevisi. Ku-Debian, kufanele simemezele ngokusobala ukuthi iyiphi inethiwekhi ezoqasha amakheli e-IP futhi siphendule izicelo, i- i-isc-dhcp-iseva:
izimpande @ dns: ~ # nano / etc / default / isc-dhcp-server .... # Kukuziphi izindlela lapho iseva ye-DHCP (dhcpd) izosebenzela khona izicelo ze-DHCP? # Izikhumulo ezihlukanisiwe eziningi ezinezikhala, isb. "Eth0 eth1". IZINHLANGANO = "eth0"
Imibhalo efakiwe
izimpande @ dns: ~ # ls -l / usr / share / doc / isc-dhcp-server / inani eliphelele lama-44 -rw-r - r-- 1 impande 1235 Dec 14 2014 copyright -rw-r - r-- 1 impande 26031 Feb 13 2015 changelog.Debian.gz drwxr-xr-x 2 impande 4096 Feb 5 08 : 10 izibonelo -rw-r - r-- 1 impande impande 592 Dec 14 2014 IZINDABA.Debian.gz -rw-r - r-- 1 impande 1099 Dec 14 2014 README.Debian
Ukhiye we-TSIG "ukhiye we-dhcp"
Kunconywa ukwenziwa kokhiye I-TSIG o Isiginesha Yokuthengiselana - Tukulamula I-SIGnature, Ukufakazela ubuqiniso bezibuyekezo ezinamandla ze-DNS nge-DHCP. Njengoba sibonile esihlokweni esandulele «I-DNS ne-DHCP ku-CentOS 7«Sibheka ukuthi ukwenziwa kwalo khiye akubalulekile kangako, ikakhulukazi lapho zombili izinsiza zifakwa kuseva efanayo. Kodwa-ke, sinikeza inqubo ejwayelekile yokwenziwa kwayo okuzenzakalelayo:
izimpande @ dns: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
Ukhiye we-Kdhcp. + 157 + 11088
izimpande @ dns: ~ # ikati Kdhcp-key. +157 + 11088
Ifomethi eyimfihlo yangasese: v1.3 Algorithm: 157 (HMAC_MD5) Ukhiye: TEqfcx2FUMYBQ1hA1ZGelA == Amabhithi: AAA = Idalwe: 20170205121618 Shicilela: 20170205121618 Yenza kusebenze: 20170205121618
izimpande @ dns: ~ # nano dhcp.key
ukhiye we-dhcp-key {
I-algorithm hmac-md5;
imfihlo "TEqfcx2FUMYBQ1hA1ZGelA ==";
};
izimpande @ dns: ~ # faka -o impande -g bopha -m 0640 dhcp.key /etc/bind/dhcp.key (i-imeyili ivikelwe): ~ # ukufaka -o impande -g impande -m 0640 dhcp.key / njll / dhcp /dhcp.key izimpande @ dns: ~ # ls -l /etc/bind/*.key
-rw-r ----- 1 impande hlanganisa 78 Feb 5 08:21 /etc/bind/dhcp.key -rw-r ----- 1 bind bind 77 Feb 4 11:47 / etc / bind / rndc .ukhiye
izimpande @ dns: ~ # ls -l /etc/dhcp/dhcp.key
-rw-r ----- impande engu-1 78 Feb 5 08:21 /etc/dhcp/dhcp.key
Ukubuyekeza i-BIND Zones usebenzisa i-dhcp-key
izimpande @ dns: ~ # nano /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
include "/etc/bind/zones.rfcFreeBSD";
include "/etc/bind/dhcp.key";
// Declaración del nombre, tipo, ubicación, y permiso de actualización
// de las Zonas de Registros DNS
// Ambas Zonas son MAESTRAS
zone "desdelinux.fan" {
type master;
file "/var/lib/bind/db.desdelinux.umlandeli";
vumela-ukubuyekeza {key dhcp-key; };
}; indawo "10.168.192.in-addr.arpa" {type master; ifayela "/var/lib/bind/db.10.168.192.in-addr.arpa";
vumela-ukubuyekeza {key dhcp-key; };
};
izimpande @ dns: ~ # okuthiwa-checkconf izimpande @ dns: ~ #
Silungiselela isc-dhcp-server
izimpande @ dns: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
izimpande @ dns: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style interim;
ddns-updates on;
ddns-domainname "desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; shaya indiva izibuyekezo zeklayenti; okugunyaziwe; inketho ye-ip-forwarding off; option domain-name "desdelinux.fan";
include "/etc/dhcp/dhcp.key";
zone desdelinux.fan. {
primary 127.0.0.1;
key dhcp-key;
}
zone 10.168.192.in-addr.arpa. {
primary 127.0.0.1;
key dhcp-key;
}
shared-network redlocal {
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
option domain-name-servers 192.168.10.5;
option netbios-name-servers 192.168.10.5;
range 192.168.10.30 192.168.10.250;
}
}
# FIN dhcpd.conf
Sihlola ifayela le-dhcpd.conf
izimpande @ dns: ~ # dhcpd -t I-Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. Wonke Amalungelo Agodliwe. Ngemininingwane, sicela uvakashele ku-https: //www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid
Siqala kabusha i-BIND bese siqala isc-dhcp-server
izimpande @ dns: ~ # systemctl qala kabusha bind9.service izimpande @ dns: ~ # isimo se-systemctl bind9.service izimpande @ dns: ~ # systemctl qala isc-dhcp-server.service izimpande @ dns: ~ # isimo se-systemctl isc-dhcp-server.service ● isc-dhcp-server.service - LSB: Iseva ye-DHCP ilayishiwe: ilayishiwe (/etc/init.d/isc-dhcp-server) Iyasebenza: iyasebenza (isebenza) kusukela ngeLanga 2017-02-05 08:41:45 EST; Inqubo engu-6s edlule Inqubo: 2039 ExecStop = / etc / init.d / isc-dhcp-server stop (code = exited, status = 0 / SUCCESS) Inqubo: 2049 ExecStart = / etc / init.d / isc-dhcp-server start ( ikhodi = kuphumile, isimo = 0 / IMPUMELELO) IGroup: / uhlelo.slice/isc-dhcp-server.service └─2057 / usr / sbin / dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf / var / run / dhcpd.pid eth0 Feb 05 08: 41: 43 dns dhcpd [2056]: Wabhala izivumelwano eziyi-0 zokuqashisa ifayili. Feb 05 08:41:43 dns dhcpd [2057]: Insiza yokuqala iseva. Feb 05 08: 41: 45 dns isc-dhcp-server [2049]: Iqala iseva ye-ISC DHCP: dhcpd.
Amasheke namakhasimende
Siqale iklayenti ngohlelo lokusebenza lwe-Windows 7, enegama elithi «LAGER».
buzz @ sysadmin: ~ $ umphathi we-lager LAGER.desdelinux.umlandeli unekheli 192.168.10.30 buzz@sysadmin:~$ dig in txt lager.desdelinux.umlandeli
Sishintsha igama lalelo klayenti libe "eziyisikhombisa" bese siqala kabusha iklayenti
buzz @ sysadmin: ~ $ umphathi we-lager ;; uxhumano kuphelelwe yisikhathi; awekho amaseva angafinyelelwa buzz@sysadmin: ~ $ host eziyisikhombisa Isikhombisa.desdelinux.umlandeli unekheli 192.168.10.30 buzz @ sysadmin: ~ $ umsingathi 192.168.10.30 30.10.168.192.in-addr.arpa domain name pointer seven.desdelinux.umlandeli. buzz@sysadmin:~$ dig in txt seven.desdelinux.umlandeli
Sishintshe igama leklayenti leWindows 7 sabuyela ku- "win7"
buzz @ sysadmin: ~ $ host eziyisikhombisa ;; uxhumano kuphelelwe yisikhathi; awekho amaseva angafinyelelwa buzz @ sysadmin: ~ $ umsingathi win7 win7.desdelinux.umlandeli unekheli 192.168.10.30 buzz @ sysadmin: ~ $ umsingathi 192.168.10.30 30.10.168.192.in-addr.arpa domain name pointer win7.desdelinux.umlandeli. buzz@sysadmin:~$ dig in txt win7.desdelinux.umlandeli ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> in txt win7.desdelinux.fan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11218 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;win7.desdelinux.fan. IN TXT ;; ANSWER SECTION: win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ;; AUTHORITY SECTION: desdelinux.umlandeli. 10800 IN NS dns.desdelinux.umlandeli. ;; ISIGABA ESENGEZIWE: dns.desdelinux.fan. 10800 IN A 192.168.10.5 ;; Query time: 0 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 09:13:20 EST 2017 ;; MSG SIZE rcvd: 129 buzz@sysadmin:~$ dig desdelinux.umlandeli axfr ; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; izinketho zomhlaba jikelele: +cmd desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.umlandeli. 8 86400 3600 604800 10800 desdelinux.umlandeli. 10800 IN NS dns.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN MX 10 i-imeyili.desdelinux.umlandeli. desdelinux.umlandeli. 10800 IN TXT"DesdeLinux, Ibhulogi yakho enikezelwe ku-Free Software" ad-dc.desdelinux.umlandeli. 10800 IN A 192.168.10.3 blog.desdelinux.umlandeli. 10800 KU-A 192.168.10.7 dns.desdelinux.umlandeli. 10800 KUYA KU-192.168.10.5 iseva yefayela.desdelinux.umlandeli. 10800 KU-192.168.10.4 ftpserver.desdelinux.umlandeli. 10800 KU-imeyili ethi 192.168.10.8.desdelinux.umlandeli. 10800 KU-proxyweb engu-192.168.10.9.desdelinux.umlandeli. 10800 KU-192.168.10.6 sysadmin.desdelinux.umlandeli. 10800 KUYA KU-192.168.10.1 win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" win7.desdelinux.fan. 3600 IN A 192.168.10.30 desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 8 86400 3600 604800 10800 ;; Query time: 2 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 09:15:13 EST 2017 ;; XFR size: 15 records (messages 1, bytes 453)
Ekukhishweni okungenhla, sigqamise ku ngesibindi Los I-TTL -imizuzwana- yamakhompyutha anamakheli e-IP anikezwe insizakalo ye-DHCP lawo anesimemezelo esicacile se-TTL 3600 esinikezwe yi-DHCP. Ama-IP alungisiwe aqondiswa yi- $ TTL yamahora ama-3H -3 = 10800 amasekhondi- amenyezelwe kwirekhodi le-SOA lefayela ngalinye lendawo.
Bangabheka indawo ebuyela emuva ngendlela efanayo.
[izimpande @ dns ~] # bamba i-10.168.192.in-addr.arpa axfr
Eminye imiyalo ethakazelisa kakhulu yile:
[root@dns ~]# named-journalprint /var/lib/bind/db.desdelinux.fan.jnl i-del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 1 86400 3600 604800 10800 add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 2 86400 3600 604800 10800 add LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 add LAGER.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 2 86400 3600 604800 10800 del LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 3 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 3 86400 3600 604800 10800 del LAGER.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 4 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 4 86400 3600 604800 10800 add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 5 86400 3600 604800 10800 add seven.desdelinux.fan. 3600 IN A 192.168.10.30 add seven.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 5 86400 3600 604800 10800 del seven.desdelinux.fan. 3600 IN A 192.168.10.30 add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 6 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 6 86400 3600 604800 10800 del seven.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 7 86400 3600 604800 10800 del desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 7 86400 3600 604800 10800 add desdelinux.umlandeli. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 8 86400 3600 604800 10800 add win7.desdelinux.fan. 3600 IN A 192.168.10.30 add win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" [izimpande @ dns ~] # enegama-iphephabhuku /var/lib/bind/db.10.168.192.in-addr.arpa.jnl del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 1 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 2 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 2 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 3 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 3 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 4 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan. del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 4 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 5 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 5 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. 6 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR win7.desdelinux.umlandeli. [izimpande @ dns ~] # iphephabhuku -f
Ukuguqulwa okwenziwa ngesandla kwamafayela weZones
Ngemuva kokuthi i-DHCP ingene kumdlalo wokuvuselela ngamandla amafayela we-BIND zone, uma kwenzeka sidinga ukuguqula ifayili lendawo ngesandla, kufanele senze inqubo elandelayo, kepha hhayi ngaphambi kokwazi okuthe xaxa ngokusebenza kwendawo. rndc -indoda rndc- Ukulawulwa kwe- okuthiwa.
- i-rndc iqhwa [indawo [isigaba [ukubuka []]]], imisa isikhashana ukuvuselelwa okunamandla kwendawo. Uma eyodwa ingacacisiwe, konke kuzomisa. Umyalo uvumela ukuhlelwa okwenziwa ngesandla kwendawo efriziwe noma zonke izingxenye. Noma yikuphi ukubuyekeza okunamandla kuzokwenqatshwa ngenkathi kumisiwe.
- rndc uncibilike [zone [isigaba [buka]]], inika amandla ukuvuselelwa okunamandla kundawo efriziwe ngaphambilini. Iseva ye-DNS iphinda ilayishe ifayela lendawo kusuka kudiski, futhi izibuyekezo ezinamandla zinikwa amandla kabusha ngemuva kokuphinda kulayishwe.
Ukuqapha okufanele kuthathwe lapho sihlela ngesandla ifayili lendawo? Kuyafana nokuthi siyayakha, ngaphandle kokukhohlwa ukukhulisa inombolo ye-serial ngo-1 noma serial ngaphambi kokugcina ifayili nezinguquko zokugcina.
Simisa izindawo
Njengoba sizokwenza ushintsho Ezindaweni Eziphambili Neziphindayo ngenkathi i-DNS ne-DHCP isebenza, into enempilo kunazo zonke ongayenza ukuqandisa izindawo ze-DNS:
[izimpande @ dns ~] # rndc iqhwa
I-La Zona desdelinux.umlandeli inamarekhodi alandelayo:
[root@dns ~]# cat /var/lib/bind/db.desdelinux.umlandeli
$ORIGIN .
$TTL 10800 ; 3 hours
desdelinux.fan IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. (
8; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.desdelinux.fan.
MX 10 mail.desdelinux.fan.
TXT "DesdeLinux, su Blog dedicado al Software Libre"
$ORIGIN desdelinux.fan.
ad-dc A 192.168.10.3
blog A 192.168.10.7
dns A 192.168.10.5
fileserver A 192.168.10.4
ftpserver A 192.168.10.8
mail A 192.168.10.9
proxyweb A 192.168.10.6
sysadmin A 192.168.10.1
$TTL 3600 ; 1 hour
win7 A 192.168.10.30
TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
Masengeze iseva «shobo»Nge-IP 192.168.10.10:
root@dns:~# nano /var/lib/bind/db.desdelinux.umlandeli
$ORIGIN .
$TTL 10800 ; 3 hours
desdelinux.fan IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. (
9; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.desdelinux.fan.
MX 10 mail.desdelinux.fan.
TXT "DesdeLinux, su Blog dedicado al Software Libre"
$ORIGIN desdelinux.fan.
ad-dc A 192.168.10.3
blog A 192.168.10.7
dns A 192.168.10.5
fileserver A 192.168.10.4
ftpserver A 192.168.10.8
mail A 192.168.10.9
proxyweb A 192.168.10.6
shorewall A 192.168.10.10
sysadmin A 192.168.10.1 $ TTL 3600; 1 ihora win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
Kumele futhi siguqule indawo ebuyela emuva:
izimpande @ dns: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN .
$TTL 10800 ; 3 hours
10.168.192.in-addr.arpa IN SOA dns.desdelinux.umlandeli. impande.dns.desdelinux.fan. (
7; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.desdelinux.fan.
$ORIGIN 10.168.192.in-addr.arpa.
1 PTR sysadmin.desdelinux.fan.
3 PTR ad-dc.desdelinux.fan.
$TTL 3600 ; 1 hour
30 PTR win7.desdelinux.fan.
$TTL 10800 ; 3 hours
4 PTR fileserver.desdelinux.fan.
5 PTR dns.desdelinux.fan.
6 PTR proxyweb.desdelinux.fan.
7 PTR blog.desdelinux.fan.
8 PTR ftpserver.desdelinux.fan.
9 PTR mail.desdelinux.umlandeli.
10 PTR shorewall.desdelinux.umlandeli.
Sihlehlisa futhi sivuselele izindawo
[izimpande @ dns ~] # rndc ncibilikisa izimpande @ dns: ~ # journalctl -f -- Logs begin at dom 2017-02-05 06:27:10 EST. -- feb 05 12:00:29 dns named[1996]: received control channel command 'thaw' feb 05 12:00:29 dns named[1996]: thawing all zones: success feb 05 12:00:29 dns named[1996]: zone 10.168.192.in-addr.arpa/IN: journal file is out of date: removing journal file feb 05 12:00:29 dns named[1996]: zone 10.168.192.in-addr.arpa/IN: loaded serial 7 feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: journal file is out of date: removing journal file feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: kulayishiwe uchungechunge 9 buzz @ sysadmin: ~ $ umsingathi shorewall shorewall.desdelinux.umlandeli unekheli 192.168.10.10 buzz @ sysadmin: ~ $ umsingathi 192.168.10.10 10.10.168.192.in-addr.arpa domain name pointer shorewall.desdelinux.umlandeli. buzz@sysadmin:~$ dig desdelinux.umlandeli axfr buzz @ sysadmin: ~ $ bamba 10.168.192.in-addr.arpa axfr izimpande @ dns: ~ # journalctl -f .... feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR started feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR ended feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr.arpa/IN': AXFR started feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr.arpa/IN': AXFR ended
Isifingqo
Kuze kube manje sinesiphakeli se-Caché DNS esisebenzayo, esisekela i-Recursion, eyi-Authoritarian ye-Zone desdelinux.umlandeli, futhi lokho kuvumela i-DHCP ukuthi ivuselele i-Forward and Reverse Zones enamagama amakhompyutha ne-IP ayinikezayo.
Lo mbhalo kanye nezimbili ezedlule «I-DNS ne-DHCP kuvuliweSUSE 13.2 'Harlequin'"Y"I-DNS ne-DHCP ku-CentOS 7»Cishe eyodwa. Uzothola imiqondo ejwayelekile mayelana ne-DNS ne-DHCP, kanye nokucaciswa kokusatshalaliswa ngakunye ngakunye. Ziyi- Iphoyinti lokungena esihlokweni, kanye nesisekelo sentuthuko enzima kakhulu.
Ngeke sinqikaze ukugcizelela - futhi futhi - ngokubaluleka kokufunda imibhalo yezobuchwepheshe efakwe ngokuzenzakalela ngephakeji ngalinye, NGAPHAMBI kokulungisa noma imiphi imininingwane. Sikusho ngokuhlangenwe nakho kwethu.
Ukulethwa okulandelayo
Cishe yi- "Microsoft® Active Directory + BIND"
Yeka ucezu lwesifundo osithumele umlingani wakho, angazi ukuthi ungakanani umthamo wemininingwane nokuhleleka ezihlokweni eziyinkimbinkimbi njengalezo ezivela kuzo.
Ukuhalalisela kwami okuqotho, kuyinhlonipho ukukwazi ukukufunda
Kumele ngikutshele ukuthi ama-tutorials owashicilelayo yi-HOSTIA, ngiyabathanda.
Ngihlale ngilinde isahluko sakho esilandelayo.
Uma usuqedile, uzoyifaka ku-pdf? Kuyimibhalo ngokubona kwami ukuthi ibaluleke kakhulu, ifanelwe ukugcinwa kahle.
Ngiyabonga kakhulu nokubingelela okukhulu.
Bafo.
Bafo: Ngiyabonga kakhulu ngokuhlola kwakho nokuphawula. Umvuzo omuhle wesikhathi, umsebenzi, nomzamo engiwunikela kumfundisi ngamunye ukuphawula. Kungaba okuhle noma okungekuhle, kepha kuyisibonakaliso sokuthi kuya kungabonakali. Ngicabanga ukuthi abafundi abaningi bavele balande futhi balondoloze, noma balibhukumake. Kepha ngicabanga nje ukuthi ngokwenani lokuvakashelwa. Kubi kakhulu ukuthi ababaningi abaphawulayo, yize ngazi ukuthi izingqinamba engibhekana nazo ngokuyisisekelo ziseSysadmins. Ngiyabingelela nakuwe futhi ngizokulinda kuma-athikili ami alandelayo.
Lizard: Ngiyabonga ngokuhlola kwakho okuthembekile engizohlala ngikukhumbula njalo.
Ukucushwa kungaba kanjani uma nginezindawo ezimbili zenethiwekhi ezimweni zokubopha
Ngiyabonga futhi ngiyakuhalalisela ngale nto.
Ubuciko: Ngiyabonga ngokuphawula kwakho futhi siyakuhalalisela.
Impendulo yombuzo wakho ifanelwa i-athikili ehlukile ekusetshenzisweni kokubukwa - Ukubukwa EKUBOPHENI.
Uma kwenzeka uneZoni Ezithunyelwe ngaphansi kwesibopho sakho, futhi ufuna ukuba NESIBOPHO esisodwa ukuhambela imibuzo yangaphakathi evela kwi-LAN yakho kanye nemibuzo yangaphandle evela kwi-Intanethi -NgOKUBOPHA okuvikelwe yi-Firewall kunjalo- kuyanconywa ukusebenzisa Ukubukwa .
Ukubukwa, ngokwesibonelo, kukuvumela ukuthi wethule ukumiswa kweNethiwekhi yakho ye-SME nenye ye-Intanethi. Lapho singalungiseleli noma yikuphi ukubuka ngokusobala, i-BIND yenza ngokuphelele eyodwa ekhombisa wonke amakhompyutha ayisebenzisayo.
Njengokusetshenziswa kokubukwa ngikuthatha njengesihloko esithuthukile kungaba bese ubhala i-athikili ngakho, ngaphambi noma ngemuva kweposi elithenjisiwe elimenyezelwe ekugcineni kwalo.
Manje, uma unezindawo ezimbili zokuxhumana ezibhekene nenethiwekhi yakho ye-SME eyenziwe ngamanethiwekhi wangasese amabili- nganoma yisiphi isizathu sokwakha, ibhalansi yokulayisha, inani lezinto zokusebenza noma okunye, futhi ufuna ukwethula zonke izingxenye zakho kuwo womabili amanethiwekhi, ungawaxazulula nge isitatimende:
lalela {
I-127.0.0.1;
IP-Private-Interface1;
IP-interface-Private2;
};
Ngale ndlela, i-BIND ilalela izicelo kuzo zombili izixhumi.
Uma wonke amakhompyutha akho eku-Class C Private Network 192.168.10.0/255.255.240.0 -kufika kuma-4094 host- ngokwesibonelo, ungasebenzisa futhi isitatimende:
lalela-on {127.0.0.1; 192.168.10.0/20; };
Futhi uqhubeka ukhombisa ukubuka okukodwa kuwo wonke amakhompyutha axhunywe kwi-LAN yakho yangasese.
Ngiyethemba impendulo yami emfushane iyakusiza. Ukubingelela nempumelelo.
Siyabonga ngempendulo kungekudala. Uyabona ngisetha i-Debian Server ene-version 9 (Strech), ine-DNS, dhcp ne-squid njengommeleli, okokuhlunga okuqukethwe engizokusebenzisa i-e2guardian.
Ikhompyutha inezindawo ezimbili zokuxhumana, ezizovumela amakhompyutha akwi-LAN ukuthi aye kwi-Intanethi.
umzila: 192.168.1.1
i-eth0: 192.168.1.55 (ngokusebenzisa le interface izokuya kwi-Intanethi)
i-eth1: 192.168.100.1 (LAN)
Umqondo ngukuthi amakhompyutha angaya kwi-Intanethi ngale seva yommeleli, ezophinde inikeze ama-ips nama-dns kumakhompyutha akulenethiwekhi yangaphakathi.
Kulokhu angidingi ukuthi iseva ilalele izicelo ze-dns ngokusebenzisa isikhombimsebenzisi se-eth0 (angifuni ukwethula izindawo zami kuwo womabili amanethiwekhi, kuphela kwi-LAN yami); ngakho-ke uma ngisusa i-private-interface-IP1, ngabe lokho kuzokwanela?
Ngiyabonga futhi nokubingelela.
Isihloko esihle kakhulu mngani wami
UNESIBOPHO emithanjeni yakho, noma ngabe usho futhi ucabange ngenye indlela 🙂
Halala
Ubuciko: Susa isikhombimsebenzisi se-192.168.1.55 esitatimendeni sokulalela bese uya. Noma memezela ukulalela ku- {127.0.0.1; 192.168.100.1; }; futhi yilokho kuphela. I-BIND izolalela kuphela kulezo interface.
Ngiyabonga.
U-Eduardo: mngani wami, ngisathanda i-dnsmasq yamanethiwekhi "amancane", futhi kuzofanele sibone ukuthi angaba "makhulu" kanjani. Yize ngibona ukuthi i-BIND + isc-dhcp-server yi-BIND + isc-dhcp-server. 😉
U-Eduardo: Ngikhohliwe ukukutshela ukuthi Uchwepheshe WOKUBOPHA nguwe, Master.
Iminyaka ngisebenzisa i-BIND futhi ngiqhubeka ngifunda ngemibhalo yakho, ngiyabonga kakhulu uFederico, ngalolu chungechunge lwezifundo kuxoshwa i-sysadmin. Ngiyabuya ngiyaphinda, umqondo wokuhlanganisa lonke lolu lwazi ngefomethi ephathekayo esemthethweni awubi neze, yinikeze ikhanda lokuthi okuthile okuhle kakhulu kungavela. Ukubingelela.
Dhunter mngani: Ukuphawula kwakho kuhlala kwamukelwa kahle. Ukuhlanganisa konke kunzima futhi cishe akunakwenzeka, ngoba isihloko esisha sihlala sivela njalo. Ngezahluko, kuyahamba futhi kungenzeka. Enye i-athikili kuzodingeka ibhalwe kabusha ukuthola ukuvumelana kokulungiselelwa. Angithembisi lutho, kodwa sizobona.
sawubona federico, nayi imibono yami:
1) Ukugcizelela okubeka ku- «... funda ngaphambi kokumisa ISIBOPHO ngisho nangaphambi kokuba useshe i-Intanethi ngama-athikili ahlobene ne-BIND ne-DNS ...» ukuzifuna kukhompyutha yethu nakho konke lokhu «... ngaphandle kokushiya ikhaya ... »ukusebenzisa amagama akho.
2) Kulokhu okuthunyelwe sithola imfundiso ethe xaxa mayelana ne-DNS egcwalisa leyo enikezwe kokuthunyelwe okubili kwangaphambilini futhi ihlonishwa njalo; isibonelo: I-DNSSEC (i-Domain Name System Security Extensions) nokuthi isetshenziselwa ini; kanye ne-BIND Configuration Scheme namafayela ayo wokumisa oku-Static, Amafayela weZone wamaSeva Womsuka, kanye neZindawo Phambili Nezobuyela emuva ze-localhost eDebian.
3) KAKHULU ithiphu yokungakhubekisi ukuphinda kwenzeke (kusetshenziswa umugqa "recursion no;") bese ufaka kufayela lokumisa /etc/bind/named.conf.local, amafayili endawo / etc / bind / zones. Rfc1918 and / etc /bind/zones.rfcFreeBSD ukuvimbela noma imiphi imibuzo ephathelene nayo ekushiyeni inethiwekhi yendawo kumaseva ezimpande.
4) Ngokungafani nokuthunyelwe kwangaphambilini mayelana ne-CentOS 7, kulokhu okuthunyelwe uma ukhiye we-TSIG "dhcp-key" wenziwa ngezibuyekezo ezinamandla ze-DNS ezivela ku-DHCP; ukuyivumela kufayela /etc/bind/named.conf.local file, include "allow-update {key dhcp-key; }; » ekucushweni kwezindawo eziqondile neziphindayo zesizinda sethu.
5) Imininingwane enhle (elingana nokuthunyelwe kwangaphambilini ku-CentOS 7) yakho konke okuphathelene nokuhlolwa kokusebenza kwe-DNS, i-DHCP kanye namakhasimende.
6) KAKHULU ithiphu yokusebenzisa umyalo we- "install" (uma uwubhala kanjani, angisho inketho yegama elifanayo elisetshenziswe kweminye imiyalo), bengingazi, ngoba kuyiqiniso " Ama-3 kuma-1 "copy copy (cp), ukusungulwa kwabanikazi (chown) nezimvume (chmod).
. Ekugcineni, impendulo yakho ku-Artus mayelana nokusetshenziswa kwe-Views in BIND inhle kakhulu, eyodwa ye-LAN (inethiwekhi yangasese) nenye nge-Intanethi ukuze kuboniswane nezinsizakalo zomphakathi kuphela. Ngiyethemba ngokuhamba kwesikhathi unesikhathi sokulungiselela okuthunyelwe ngoba kuyisihloko sohlelo lokusebenza esisebenziseka kakhulu kuma-sysadmin amaningi.
Akukho lutho uFederico engiqhubeka nokuba nomdlandla ngokwengeziwe ngochungechunge lwe-PYMES futhi ngilangazelela okulandelayo "iMicrosoft Active Directory + BIND"
U-Wong: Ozakwethu nomngani, ukuphawula kwakho kugcwalisa izindatshana zami futhi kukhombisa ukuthi kuyaqondakala. Umyalo we- "install" unezinketho eziningi eziningi. Umbuzo umuntu ufake. Ngiyabonga inkulungwane ngokuphawula !!!
Angikakawafundi amazwana okwamanje, ngizokwenza lokho ngemuva kokusho imigomo yami.
Wenzile futhi uzuze okuningi, usinike isibani kepha hhayi lesi esibonakala ekugcineni »komhubhe» lapho kungekho themba + njengoba sijwayele ukusho; hhayi ukuthi nakancane, unikeze ukukhanya okugcwele ukuze ukwazi ukuthi "Ekugcineni siyabona ukuthi ngumdlalo womfana, onemiqondo eminingi ne-syntax eyindida" njengoba uchaza kokuthunyelwe.
Thumela i-TRUNK kanye neyedlule ukuthola ama-distros ambalwa adumile. Uthobele ukunwetshwa kwemiqondo kanye nemfundiso ethi ezikhathini eziningi iba nomthelela kithi. Ngifunde ngokuningiliziwe, ngomoya ophansi futhi akunakwenzeka ukuthi ngingaphawule futhi ngizizwe NGIBONGA NGOKUPHELELE ukuzinikela okunjalo nokuzinikela.
Ngaphandle kokuchitha isikhathi, sonke sikufisela impilo nokuthi uqhubeke nokufaka isandla; Siyakubonga futhi kwangathi inhlanhla, umnotho, ezempilo (sikufisela okuphindwe kabili) futhi uthando lukukhaphe (noSandra's for more, hahaha).
Ngiyazi ukuthi ukuphawula kudlulela ngalé kokuqukethwe yilokho okuthunyelwe, kuya kokwakho ngoba singabangani futhi ngiyakuthanda ukulethwa kwakho okungenabugovu. Akekho umuntu OWENZA okwenzela thina abafuna ukufunda okuningi futhi sinomthwalo wokuphatha amanethiwekhi ama-SME emahlombe ethu, hhayi umsebenzi olula.
Sl2 wonke umuntu.
I-crespo88: Ngiyabonga kakhulu ngokuhlola kwakho ngalokhu nezinye izindatshana ezishicilelwe. Abanye abafundi bangacabanga ukuthi ngizinikela ngakho konke, kanti akulona iqiniso. Ngihlala ngibhekisa kuPhoyinti Lokungena, noma ngabe izibonelo zisebenza ngokuphelele. I-BIND yi-Electronic Industry kanti iDHCP ayikude kakhulu emuva. Ukuze ubazi ngaphezu kwesilinganiso, kufanele uphase iziqu ze-postgraduate eNyuvesi yaseHelsinki, 😉
Ngithola lesi sihloko sithakazelisa futhi sibaluleke kakhulu. Nginentshisekelo kulolu cwaningo lwalokho okuphathelene nokuphathwa kwamanethiwekhi we-linux futhi ikakhulukazi amaseva: i-dns, i-dhcp enamandla ne-static kanye namanethiwekhi abonakalayo, i-bin9, i-samba, amaseva wokuphrinta, i-ldap, ukwenganyelwa kwenethiwekhi ngezinhlelo zokusebenza, imithombo yolwazi yabahleli bohlelo ' izicelo kanye ne-vlan, njll. Kungakho kubalulekile futhi lawa macebiso mahle kakhulu futhi enemikhuba nezibonelo.
Sawubona Miguel !!!
Siyabonga ngokuphawula futhi ngiyethemba ukuthi uchungechunge luzokusiza kokuthandayo. Sanibonani.
Ngiyabonga kakhulu nge-athikili uFederico, kukhombisa ukuthi uyazi nge-debian. Ukwanga.
Ngiyabonga kakhulu Jorge, ngokuphawula kwakho. Ngiyethemba ukuthi izindatshana zami zizokusiza.
Ngiyabonga kakhulu ngeposi elibhalwe kahle futhi lisinxusa ukuba sifunde, sifunde futhi sifunde futhi. Manje ngokuthunyelwe okulandelayo ozokushicilela, ngithanda ukuthi ucabangele amaphuzu wokuhlangana obekuzoba nawo:
I-Microsoft Active Directory ene-Samba4 njenge-Directory Esebenzayo
Ngaphandle kwalokho, bengifuna ukubheka okulandelayo:
Kungaba kanjani ukusetshenziswa kwe-Bind + Isc-dhcp ku-FW ku-dmz lapho isilawuli sesizinda sizoba ku-dmz nge-samba 4 AD