I-Dnsmasq ku-CentOS 7.3 - Amanethiwekhi we-SME

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani zihlobo !. Sinikela le ndatshana ku dnsmasq uhlelo olulula kakhulu olunikeza izinsizakalo DNS - DHCP usebenzisa isoftware eyodwa. Imibhalo engcono kakhulu ekhona kule software iyona efakwe nephakeji uqobo lwayo /usr/share/doc/dnsmasq-2.66/, ifayela lokumiswa ligcwele izibonelo- /etc/dnsmasq.conf, naleyo etholwe ngomyalo indoda dnsmasq. Kuyimpilo futhi ukuvakashela i- Isiza esisemthethweni.

[izimpande @ dns ~] # ls -l / usr/share/doc/dnsmasq-2.66/
ingqikithi ye-136 -rw-r-r--. Impande eyi-1 impande 18007 Apr 17 2013 UKUKOPISHA -rw-r - r--. Impande eyi-1 impande 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Impande eyi-1 impande 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. Impande eyi-5009 impande 17 Apr 2013 1 doc.html -rw-r - r--. Impande eyi-25075 impande 17 Apr 2013 1 FAQ -rw-r - r--. Impande eyi-12019 impande 17 Apr 2013 XNUMX setup.html

• Inqubo echazwe kokuthunyelwe nayo isebenza ku-Debian 8 "Jessie". Ifayela lokumiswa kwe- / etc / dnsmasq liyafana. KuJessie, mhlawumbe udinga kuphela ukufaka iphakethe lakho le-dnsmasq hhayi okunye. Ngikubhala ngoba ngikubona kungadingekile ukwenza i-athikili ehlukile ye-Dnsmasq eDebian. Ngenhlanhla, izinkomba ezihlobene nemibhalo nokucushwa ziyefana. 😉

I-Dnsmaq iyindalo ye- USimon Kelley.

Yini iDnsmasq?

Isoftware yamahhala dnsmasq iseva DNS Phambili y DHCP yamanethiwekhi amancane ekhompyutha. Isibonelo esivamile amaNethiwekhi akhona kuma-SME ethu. Kudinga izinsizakusebenza ezimbalwa zehardware ekusebenzeni kwayo futhi ingaqhutshwa kuzingxenyekazi ezahlukahlukene ezinjengeLinux, BSD, i-Android ne-OS X. Ifakiwe cishe kuwo wonke amakhosombe weLinux neBSD.

Iseva DHCP i-del dnsmasq ungaqashisa amakheli e-IP ngamandla nangokwezibalo, ngamanethiwekhi amaningi anezinhlaka ezihlukene zamakheli we-IP. Ihlanganiswe neseva DNS futhi ivumela imishini yendawo ethola ikheli le-IP ukuthi ibonakale njengebhaliswe ku-DNS ngamarekhodi ayo e-DNS, aqondile futhi ahlehlisiwe.

Indlela yendabuko yokusebenza kwe- dnsmasq ukulanda okwesikhashana amarekhodi e-DNS atholwe ngemibuzo eya kubo Abadlulisi, yehlisa umthwalo kulezi futhi ithuthukise ukusebenza okuphelele kwejubane lokuphendula emibuzweni ehlukile ye-DNS.

Isekela izindinganiso zesimanje ezifana I-IPv6 y DNSSEC, Qala - Boot ngaphezulu kwenethiwekhi ngokusekelwa kwamaphrothokholi IBHODI, I-TFTP, futhi I-PXE.

Emkhathini weLinux, iDnsmasq isetshenziswa kakhulu kumaseva weMishini ngaphandle kweHard Disk kanye neKlayenti Elincane. Ku-Microsoft® Windows, ne-software I-ARDENCE®, okulingana ne-Dnsmasq- isetshenziswa njengeseva ye-DHCP ebizwa ngokuthi E-Sayurian.

Kukusiphi isimo esingasebenzisa i-Dnsmasq?

Uma sikhipha indoda dnsmasq Ku-CentOS, sizothola ikhasi lalelo bhukwana ngolimi lwesiNgisi. Kufayela dnsmasq.8.gz - ngesiSpanish- efakwe nokusatshalaliswa kwe-Debian 8 «Jessie», kuyabonakala ncamashi Okulandelayo:

IMIKHAWULO

• Amanani wokuzenzakalelayo wemikhawulo yezinsiza ngokuvamile ayalondolozwa, futhi afanele ukusetshenziswa kumadivayisi wohlobo lomzila. kubhajwe ngama-processor slow and memory low. Ku-hardware ngaphezulu  onekhono, kungenzeka ukwandisa imingcele, futhi usekele abaningi amakhasimende. Lokhu okulandelayo kusebenza ku-dnsmasq-2.37: izinhlobo zangaphambilini azenzi bakhuphuke kahle kakhulu.
  

• I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amakhasimende. Izikhathi zokuqashisa akufanele zibe mfushane kakhulu (ngaphansi koyedwa isikhathi). Inani le -dns-forward-max lingakhushulwa: qala ngo- inani elilinganayo lamakhasimende futhi ulinyuse uma ngabe I-DNS. Qaphela ukuthi ukusebenza kwe-DNS futhi kuya ngamaseva I-DNS engenhla. Usayizi wenqolobane ye-DNS ungakhuphuka: umkhawulo Okudingekayo ngamagama ayi-10,000 futhi okuzenzakalelayo (150) kuphansi kakhulu. Ukuthumela i-SIGUSR1 ku-dnsmasq kwenza imininingwane ye-bitacore leyo ilusizo ekuhleleni kahle usayizi wenqolobane. Bona isigaba se-NOTES ukuthola imininingwane.

• Iseva ye-TFTP eyakhelwe ngaphakathi iyakwazi ukuxhasa ukudluliswa okuningi amafayela afanayo ngasikhathi sinye: umkhawulo ophelele uhlobene nenani leziphathi zefayela ezivunyelwe kwinqubo kanye nekhono le-sys‐tem call select () ukuxhasa izinombolo ezinkulu zokuphathwa kwamafayela. Uma umkhawulo usethwe waba mkhulu kakhulu nge-tftp-max uzosuswa futhi umkhawulo wangempela uzobekwa iwashi ekuqaleni. Qaphela ukuthi ukudluliswa okuningi kungenzeka uma ifayili elifanayo lithunyelwa kuthiwani lapho kudluliswa ngakunyeI-ferencia ithumela ifayela elihlukile. Kungenzeka usebenzise i-dnsmasq ukuphika ukukhangisa kweWebhu usebenzisa uhlu lwe amaseva we-banner aziwa kahle, konke kuxazululeka ku-127.0.0.1 noma 0.0.0.0 ku- / etc / Sebawoti noma kufayela elingeziwe le-Host. Uhlu lungakwazi yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Lolo sayizi wefayela lidinga i-1GHz CPU nokulinganiselwa60MB RAM.

Angizange ngibhale noma ngihlele lezi zigaba ezingenhla nhlobo. Ziyabonakala njengoba zingena ku- eyodwa ngeSpanishi kusuka dnsmasq 2.72 kusuka endaweni yokugcina ye-Debian 8.6. Kusuka kubo kanye nasenkambisweni yokusetshenziswa kwale software, singasho ukuthi kuyaqabukela - kungenzeki - ukuthola isimo kumanethiwekhi ethu ama-SME adlula inani le 1000 amaklayenti noma amakhompyutha axhunywe kwi-LAN.

• I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amaklayenti.

Ukucatshangelwa eceleni

Kuhlale kungithinta ukuthi isoftware ewine imiklomelo I-ClearOS Enterprise 5.2 SP1 izosebenzisa iDnsmasq-ehlotshaniswa ne- NTP- njengeseva yengqalasizinda ngokuzenzakalela, nokuqhubeka nokuyisebenzisa kanjalo - okungenani kuze kube yinguqulo 7.xxx- in ukukhishwa Ukhokhela ukufaka i-Active Directory® ngokususelwa ku-Samba 4. Kubi kakhulu kithina, bathandi be-Free Software, ukuthi inkampani I-clearFoundationizoyeka ukuhlinzeka ngesoftware yaleyo khwalithi kuzinguqulo ngemuva kuka-5.xxx ngenxa esobala lokuzuza okungcono kwemali. Ngicabanga ukuthi kunenkinga enkampanini uqobo.

Noma ngingu- Fan I-Debian -futhi angifuni ukwenza inkulumo-ze engizikhethele yona- Bengihlala ngincoma iNkampani I-Red Hat®, Inc. imodeli yebhizinisi lakhe eliyibeke njengomholi ongenakuphikwa weFree Software. Ngaphezu kwalokho, kunguMxhasi we-clone kanambambili we-CentOS - isoftware yamahhala engu-100% - yohlelo lwayo lwenkanyezi I-Red Hat® Enterprise Linux - i-RHEL. Kokunye kuthiwa i-CentOS iyi-RHEL engasekelwa (I.

• Ngine-a ISamba Clasic NT 4.0 Isilawuli Sesizinda Esisisekelo Sesitayela ngokususelwa ku- I-ClearOS Enterprise 5.2 SP1 iminyaka engaphezu kwengu-4 kunethiwekhi yenkampani enamakhasimende weWindows XP, 7, 8, Windows Server 2003 neWindows server 2012. Yini ekhona ukukitaza amanani wokubhalisa ambalwa weklayenti ngalinye leWindows elinenguqulo ephakeme kune-XP? Kuyiqiniso. Yini okusebenza kahle kakhulu? Kuyiqiniso futhi. Ukuthi inani lamaqembu alifiki ku-100? Futhi kuyiqiniso.

Yenza umqondo

• Yize kimi «I-Common Sense iyona ejwayelekile kakhulu kwezinzwa», zibeke wena kuqala kuZidingo Zakho bese ukhetha indawo yobuciko ngokwalokho Odinga ukukuveza nokukuxazulula ngokwe-Your Own Script.
• Ungasebenzisi umcibisholo onqamula amazwekazi ukubulala umiyane. Musa ukwenza impilo kube nzima ngokungadingekile: qala ngesixazululo esilula. Uma ungaxazululi ngalokho, phakamisa ubunzima iphuzu elilodwa, njalonjalo.
  

Masifake i-CentOS 7 ne-Dnsmasq

Ngokufakwa kohlelo lwesisekelo siqondiswa yi-athikili I-CentOS 7 Hypervisor I futhi ekukhetheni amaphakheji sibeka kuphela inketho «Ingqalasizinda Server«. Imingcele ejwayelekile esizoyisebenzisa ekulungiseleleni le ndatshana yile elandelayo:

Igama le-FQDN lomshini obonakalayo: dns.desdelinux.umlandeli
Ikheli le-IP: 10.10.10.5

I-CentOS 7 ifaka i-dnsmasq

Yebo Bafundi Abathandekayo, ku-CentOS 7 iphakethe dnsmasq ifakiwe ngenkathi kufakwa i-Infrastructure Server futhi Ngicabanga kunezinye izinketho futhi.

[izimpande @ dns ~] # yum imininingwane dnsmasq
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: dnsmasq Architecture: x86_64 Inguqulo: 2.66 Ukukhishwa: 21.el7 Usayizi: 464 k
Indawo yokugcina: ifakiwe
Kusuka endaweni yokugcina: Isifinyezo se-centos-base: I-URL ye-DNS engasindi / okulondolozwe okwesikhashana ye-URL yeseva: http://www.thekelleys.org.uk/dnsmasq/ Ilayisense: Incazelo ye-GPLv2: I-Dnsmasq ayisindi, kulula ukuyilungiselela ukudlulisa i-DNS ne-DHCP: iseva. Idizayinelwe ukuhlinzeka nge-DNS futhi, ngokuzikhethela, i-DHCP, kunethiwekhi: encane. Ingasebenza ngamagama emishini yasendaweni okuyi: engekho kwi-DNS yomhlaba. Iseva ye-DHCP ihlangana ne-DNS: iseva futhi ivumela imishini enamakheli abelwe i-DHCP ukuthi avele: kwi-DNS enamagama amisiwe kusingathi ngasinye noma kufayela le-: central configuration. I-Dnsmasq isekela ukuma okungaguquguquki nokuguqukayo: ukuqashiswa kwe-DHCP ne-BOOTP yokuqalwa kwenethiwekhi yemishini engasebenzi.

Uhlobo lwe dnsmasq Ukufaka kungu-2.66, futhi kufana nenguqulo yeCentOS:

[izimpande @ dns ~] # ikati / i-proc / inguqulo
Uhlobo lwe-Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (I-Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017

Masivumele futhi silungiselele i-dnsmasq

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1 i-localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 i-localhost localhost.localdomain localhost6 i-localhost6.localdomain6
10.10.10.5 dns.desdelinux.fan dns

[izimpande @ dns ~] # igama lomethuleli
dns
[izimpande @ dns ~] # igama lomethuleli -f
dns.desdelinux.umlandeli


[izimpande @ dns ~] # systemctl vumela i-dnsmasq
[izimpande @ dns ~] # systemctl qala dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoSat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 11:47:19 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukuziba i-nameserver I-127.0.0.1 - yendawo e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njll / abasingathi - amakheli ama-3 Iseluleko: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Ungakhohlwa isinyathelo esilandelayo:

[izimpande @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Amakheli we-IP alungisiwe

Nge-Dnsmasq, amakheli amaseva noma amakhompyutha adinga i-IP engaguquki -ombili i-IPv4 ne-IPv6- amenyezelwa kufayela / njll / amabamba:

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1 localhost localhost.isizinda sendawo4 localhost4.isizinda sendawo4 ::1 indawohostindawo yasekhaya.isizinda sendawohost6 sasekhaya6.isizinda sasekhaya6 # Amaseva 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 iseva yefayela.desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.ibhulogi yabalandeli 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 imeyili.desdelinux.imeyili yabalandeli

Masenze ifayela le /etc/dnsmasq.conf

[izimpande @ dns ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------ ------------------ # IZINKETHO EZIJWAYELEKILE # ----------------------------- ------------------------------------kudingeka isizinda # Ungadlulisi amagama ngaphandle kwesizinda ingxenye bogus-priv # Ungadlulisi amakheli esikhaleni esingakathululwa sokwandisa-abasingathi # Faka ngokuzenzakalelayo isizinda kusixhumi esibonakalayo somsingathi=eth0 # Isixhumi esibonakalayo. QAPHELA nge-Interface # except-interface=eth1 # UNGAlaleli lokhu ku-oda okuqinile kwe-NIC # Ukuhleleka lapho ubheka ifayela /etc/resolv.conf # Faka phakathi izinketho eziningi zokumisa # ngefayela noma ngokuthola # amafayela okumisa engeziwe kuhla lwemibhalo # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Ehlobene nesizinda Segama Lesizinda=desdelinux.umlandeli # Igama lesizinda # Iseva Yesikhathi ithi 10.10.10.1 ikheli=/time.windows.com/10.10.10.1 # Ithumela inketho engenalutho yenani le-WPAD. Kudingeka # Windows 7 futhi amaklayenti akamuva ukuze aziphathe kahle. ;-) dhcp-option=252,"\n" # Ifayela lapho sizomemezela khona AMA-HOSTS "azovinjelwa" addn-hosts=/etc/banner_add_hosts # --------------- ---------------------------------------------- --- # RECORDSCNAMEMXTXT # ------------------------------------------- --- -------------------- # Lolu hlobo lokubhalisa ludinga okufakiwe # kufayela /etc/hosts # ex: 10.10.0.7 blog.desdelinux.ibhulogi yabalandeli # cname=ALIAS,REAL_NAME cname=www.desdelinux.umlandeli, ibhulogi.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi le-MX elinegama "desdelinux.fan" imiselwe # ethimbeni lemeyili.desdelinux.umlandeli nokubalulekile kwe-10 mx-host=desdelinux.umlandeli,imeyili.desdelinux.fan,10 # Indawo okuyiwa kuyo ezenzakalelayo yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi le-MX elikhomba ku-mx-thagethi YAWO YONKE # imishini yendawomx # TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, Ibhulogi yakho inikezelwe Kuhlelo Lwesofthiwe Yamahhala" # ---------------------------------------- -------------------------- # ------------------------ --------------------------------------- # UHLELO NEZINKOLELO ZAKHO # --- --- --------------------------------------------------- ----------- # Ibanga le-IPv4 nesikhathi sokuqashisa # 1 ukuya ku-29 ezeseva nezinye izidingo dhcp-range=10.10.10.30,10.10.10.250,8h

dhcp-lease-max = 222 # Inani eliphakeme lamakheli okuqashisa
                        # ngokuzenzakalela kungu-150
# IPV6 Range # dhcp-range=1234::, ra-only # Izinketho zoBANGA # IZINKETHO dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER GATEWAY6,10.10.10.5, dhcp-15.dh XNUMX # Amaseva e-DNS dhcp-option=XNUMX,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # inketho ye-ip-forwarding KU-dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-DCH=40, I-NIS Domain Name # dhcp-option=41,10.10.10.5 # Iseva ye-NIS # EXTERNAL SAMBA4 WINS SERVER # # dhcp-option=44,10.10.10.5 # WINS # dhcp-option=45,10.10.10.5 SERVER #NetBIOS SERVER SAMBA4 EXTERNAL # # dhcp-option=46,8 # NetBIOS Node # dhcp-option=73,10.10.10.3 # Iseva Yeminwe I-dhcp-egunyaziwe # I-DHCP Egunyaziwe ku-subnet # -------------- - - ----------------------------------------------- - -------------------------------------------- - --------------------- # LOGINGAL /var/log/imiyalezo # ------------------- - ---------------------------------------------- imibuzo yelogi

# UKUPHELA kwefayela le /etc/dnsmasq.conf
# ----------------------------------------------------- ------------------

Ake sibheke i-syntax bese siqala kabusha insiza

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.
[root @ dns ~] # systemctl qala kabusha i-dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:48:05 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:48:05 dns dnsmasq [1288]: iqalile, inguqulo 2.66 i-cachedize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48: 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ukuziba i-nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [1288] ]: funda / njll / imikhosi - amakheli ayi-11
Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry
Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.

Qaphela ukuthi kokukhipha kwangaphambilini ifayela le- isimo se-systemctl dnsmasq ibuyisa iphutha:

Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry

ekhononda ngokuthi awukwazi ukuthola ifayili / njll / banner_add_hosts.

[izimpande @ dns ~] # ukuthinta / njll / banner_add_hosts
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service 
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:54:26 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:54:26 dns dnsmasq [1394]: iqalile, inguqulo 2.66 i-cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ukuziba nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: funda / njll / abasingathi - amakheli ayi-11 Feb 18 12:54:26 dns dnsmasq [1394]: funda / njll / banner_add_hosts - 0 amakheli Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Futhi sesivele sinezinsizakalo ze-DNS ne-DHCP ezisebenzayo.

Kubalulekile

• Uma siguqula ifayela le /etc/dnsmasq.conf, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza.
• Uma siguqula ifayili le- / etc / hosts Ukususa, ukuguqula noma ukufaka i-IP engaguquki negama layo lomethuleli ohambelana nayo, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza..
• ukulayishwa kabusha kwe-systemctl dnsmasq.service akukwazi ukusetshenziswa nale nsizakalo.

Sivula amachweba adingekayo ku-Firewall

Esihlokweni somngani wami nozakwethu uLuigys Toro -isibankwa- "Uwavula kanjani amachweba ku-Centos 7 Firewall»Inqubo okufanele siyilandele ukuvula amachweba ku-Firewall efakwa yi-CentOS ngokuzenzakalela ichazwa kahle. Angazi namanje ukuthi ngiyisebenzisa kanjani imithetho yokuqukethwe kweSelinux kusevisi ye-dnsmasq kuCentOS. Uma kukhona omaziyo, sicela usikhanyisele.

Amafayela / njll / izivumelwano y / njll / amasevisi Ziwumhlahlandlela omuhle kakhulu wokwazi ukuthi yimaphi amachweba esidinga ukuwavula ukuze izinsizakalo ze-DNS ne-DHCP ezinikezwe yi-Dnsmasq zisebenze kahle.

[izimpande @ dns ~] # firewall-cmd - izindawo ezisebenzayo
izixhumi zomphakathi: eth0

Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / udp - ehlala njalo
impumelelo

Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / udp - ehlala njalo
impumelelo

[izimpande @ dns ~] # firewall-cmd - phinda ulayishe
impumelelo

[root @ dns ~] # firewall-cmd - uhlu-konke
umphakathi (osebenzayo): amabhulokhi e-icmp: imithetho ecebile:

Kubalulekile

• Uma sizonikezela ngezinsizakalo zokuqashisa ikheli le-IPv6, kumele futhi sivule amachweba i-dhcpv6-server 547 / tcp kanye ne-dhcpv6-server 547 / udp.

Amasheke

Ake sibheke imibuzo eminingi ye-DNS ukuthi iDnsmasq yethu entsha sha esanda kusebenza isebenza kanjani. Kulokhu sikhetha iqembu elaziwayo sysadmin.desdelinux.umlandeli, futhi kusuka kuleyo khompyutha, exhunywe kwi-LAN, sizokwenza imibuzo eminingana, kepha hhayi ngaphambi kokubheka ukuthi ifayela lihlelwe kahle /etc/resolv.conf:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Kwenziwe usesho lwe-NetworkManager desdelinux.fan nameserver 10.10.10.5

Izilungiselelo zefayela /etc/resolv.conf kulungile. Ake siqale ukubonisana

buzz @ sysadmin: ~ $ umphathi we-dns
dns.desdelinuxI-.fan inekheli elithi 10.10.10.5 Host dns.desdelinux.umlandeli akatholakalanga: 5(WEQINILE) dns.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.

Ngokucushwa okuhlongozwayo, singakulahla ukukhishwa komyalo Bamba ngaphandle kwezinketho uma kukhulunywa nge-Dnsmasq, lapho kubuyiselwa imigqa efana nale elandelayo:

Isikhungo se-dns.desdelinux.umlandeli akatholakalanga: 5(WEQINILE)

Uma singafuni lolo hlobo lokukhiphayo, kufanele sisebenzise umyalo Bamba ngezinketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Bheka umuntu ophethe ukuthola eminye imininingwane:

buzz@sysadmin:~$ host -t Ku-dns.desdelinux.umlandeli
dns.desdelinux.umlandeli unekheli 10.10.10.5

[izimpande @ dns ~] # umphathi -t Ku-dns
dns.desdelinux.umlandeli unekheli 10.10.10.5

i-buzz @ sysadmin: ~ $ dig dns

buzz @ sysadmin: ~ $ umsingathi 10.10.10.5
5.10.10.10.in-addr.arpa igama lesizinda pointer dns.desdelinux.umlandeli.

I-Dnsmasq ayihloselwe uhlelo lwe-Master - Slave

buzz@sysadmin:~$ host -t AXFR desdelinux.umlandeli
"Ngiyazama"desdelinux.fan" Umsingathi desdelinux.umlandeli akatholakali: 5(WEQIWE) ; Ukudlulisa kuhlulekile.

Akuhloselwe futhi ukubuyisa amarekhodi e-NS ne-SOA

buzz@sysadmin:~$ host -t NS desdelinux.umlandeli
Host desdelinux.umlandeli akatholakalanga: 5(WEQINILE)

buzz@sysadmin:~$ host -t SOA desdelinux.umlandeli
Host desdelinux.umlandeli akatholakalanga: 5(WEQINILE)

buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli
buzz@sysadmin:~$ dig IN NS desdelinux.umlandeli

Uma isekela amarekhodi e-MX, CNAME, ne-TXT

buzz @ sysadmin: ~ $ host -t Ukuze www
www.desdelinuxI-.fan isibizo sebhulogi.desdelinux.umlandeli. Ibhulogi.desdelinux.umlandeli unekheli 10.10.10.7
buzz@sysadmin:~$ host -t MX desdelinux.umlandeli
desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli.

buzz @ sysadmin: ~ $ umphathi -t CNAME www
www.desdelinuxI-.fan isibizo sebhulogi.desdelinux.umlandeli.

buzz@sysadmin:~$ host -t Ukubloga.desdelinux.umlandeli
ibhulogi.desdelinux.umlandeli unekheli 10.10.10.7

buzz@sysadmin:~$ host -t TXT desdelinux.umlandeli
desdelinux.umbhalo ochaza abalandeli "DesdeLinux, Ibhulogi yakho inikezelwe ku-Free Software"
desdelinux.umbhalo ochazayo wabalandeli "v=spf1 a -all"

I-PTR iqopha imibuzo

buzz @ sysadmin: ~ $ umphathi -t PTR 10.10.10.7
7.10.10.10.in-addr.arpa igama lesizinda sebhulogi blog.desdelinux.umlandeli.

buzz @ sysadmin: ~ $ umsingathi 10.10.10.7
7.10.10.10.in-addr.arpa igama lesizinda sebhulogi blog.desdelinux.umlandeli.

Amaklayenti e-Microsoft® Windows

Kuphilile kakhulu ukusebenzisa ikhonsoli yeseva dns.desdelinux.umlandeli umyalo iphephabhuku -f NGAPHAMBI kokuvula umshini osebenzisa isistimu yokusebenza ye-Microsoft® Windows, ukubona inani elikhulu lemibuzo ye-DNS eliyenzayo kumasayithi ahlukene. Kuyajabulisa ngempela. 😉

Uma sifuna ukuvimba imibuzo ephathelene namanye ala masayithi ekuhambeleni kumaseva eRoots Izimpande Zeseva noma ngase Abadlulisi ukuthi simemezele kufayela /etc/resolv.conf, singalisebenzisa kahle ifayela / etc / banner_add_host, ukuyigcwalisa ngamasayithi amaningi esidinga ukuwamemezela. Isibonelo:

[izimpande @ dns ~] # nano / njll / banner_add_hosts
127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.

[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service

[root @ dns ~] # host -t Ku-spynet4.microsoft.com
ispynet4.microsoft.com inekheli 127.0.0.1

[root @ dns ~] # host -t Ku-www.download.windowsupdate.com
www.download.windowsupdate.com inekheli 127.0.0.1

• Ifomethi yefayela le- / etc / banner_add_hosts iyefana nefayela le- / etc / hosts. Khumbula ukuthi uhlu lwezizinda "zokuvimbela" lungaba lude ngangokunokwenzeka, ngokusho kwesigaba IMIKHAWULO yalesi sihloko.

Ukuhlola kusuka kuklayenti Isikhombisa.desdelinux.umlandeli enikeze ikheli le-IP:

buzz @ sysadmin: ~ $ host -t A eziyisikhombisa
Isikhombisa.desdelinux.umlandeli unekheli 10.10.10.115

senza umyalo kuklayenti leWindows uqobo cmd:

I-Microsoft Windows [Inguqulo 6.1.7601]
I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe.

C: \ Abasebenzisi \ buzz> nslookup
Iseva Ezenzakalelayo: dns.desdelinux.fan Ikheli: 10.10.10.5 > dns Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: dns.desdelinux.fan Ikheli: 10.10.10.5 > ftpserver Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: ftpserver.desdelinux.fan Ikheli: 10.10.10.8 > www Iseva: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: ibhulogi.desdelinux.Ikheli labalandeli: 10.10.10.7 Iziteketiso: www.desdelinux.fan > mail Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: imeyili.desdelinux.fan Ikheli: 10.10.10.9 > Iseva ye-sysadmin: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: sysadmin.desdelinux.Ikheli labalandeli: 10.10.10.1 > www.download.windowsupdate.com Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: www.download.windowsupdate.com Ikheli: 127.0.0.1 > yeka C:\Users\buzz>

Isifingqo

Kuze kube manje sibonile izici ezimbalwa eziyinhloko ze-Dnsmasq. ngicabanga Funda futhi ufunde amafayela ashiwo esigabeni sokuqala sale ndatshana, uma ufuna ukwazi kabanzi ngalolu hlelo oluhle kakhulu nolumangazayo. Ngokusetshenziswa kwayo singakwazi ukwenza lula izimpilo zethu.

Cishe ngo-2014 ngifunde i-athikili «Kanjani: Samba4 AD PDC + Windows XP, Vista no-7«. Umsunguli wale ndatshana umemezela ngaphandle kokuchwayiza: «Ngiyakuzonda ukubopha, ngakho-ke yi-dnsmasq ukutakula»(Sic) okusho okuncane noma okuncane okushoyo«Ngiyakuzonda ukubopha, ngakho-ke uDnsmasq uyangisiza«. Kwerekhodi, leyo nkulumo ayishongo kimi.

Ekudluliseni ngiphawula ukuthi, kuleyo ndatshana uMlobi akacacisi umsuka wamanye amarekhodi e-DNS futhi ngamagama ajwayelekile akuyona inkomba enhle yokusebenzisa i-Active Directory® esekwe kuSamba 4. Uma uthanda ngokweqile iDnsmasq.

Angikuzondi ukubopha nhlobo. Izindatshana zami ezine -4- ezidlule zikufakazela lokhu:

• I-DNS ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
• I-DNS ne-DHCP ku-CentOS 7
• I-DNS ne-DHCP ku-Debian 8 "Jessie"
• Bopha futhi Active Directory®

Njengoba ngike ngabhala ezikhathini ezedlule, cishe angikaze Ngisikisela, kodwa ngicabanga. Endabeni kaDnsmasq yebo Ngisikisela ukusetshenziswa kwayo kuma-SME Networks.

Ukulethwa okulandelayo

Isitolimende esilandelayo -ngicabanga ukuthi ngiyacabanga- Ngizoyinikela ekuhlanganisweni kweDnsmasq ne-Microsoft® Active Directory®. Kuzoba yindawo enhle yokungena ye-athikili -muy- ngokuhamba kwesikhathi lokho kuzobhekana nokuthi ungayenza kanjani i-AD-DC ngeSamba 4 neDnsmasq.