Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Sanibonani zihlobo !. Sinikela le ndatshana ku dnsmasq uhlelo olulula kakhulu olunikeza izinsizakalo DNS - DHCP usebenzisa isoftware eyodwa. Imibhalo engcono kakhulu ekhona kule software iyona efakwe nephakeji uqobo lwayo /usr/share/doc/dnsmasq-2.66/, ifayela lokumiswa ligcwele izibonelo- /etc/dnsmasq.conf, naleyo etholwe ngomyalo indoda dnsmasq. Kuyimpilo futhi ukuvakashela i- Isiza esisemthethweni.
[izimpande @ dns ~] # ls -l / usr/share/doc/dnsmasq-2.66/ ingqikithi ye-136 -rw-r-r--. Impande eyi-1 impande 18007 Apr 17 2013 UKUKOPISHA -rw-r - r--. Impande eyi-1 impande 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Impande eyi-1 impande 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. Impande eyi-5009 impande 17 Apr 2013 1 doc.html -rw-r - r--. Impande eyi-25075 impande 17 Apr 2013 1 FAQ -rw-r - r--. Impande eyi-12019 impande 17 Apr 2013 XNUMX setup.html
- Inqubo echazwe kokuthunyelwe nayo isebenza ku-Debian 8 "Jessie". Ifayela lokumiswa kwe- / etc / dnsmasq liyafana. KuJessie, mhlawumbe udinga kuphela ukufaka iphakethe lakho le-dnsmasq hhayi okunye. Ngikubhala ngoba ngikubona kungadingekile ukwenza i-athikili ehlukile ye-Dnsmasq eDebian. Ngenhlanhla, izinkomba ezihlobene nemibhalo nokucushwa ziyefana. 😉
I-Dnsmaq iyindalo ye- USimon Kelley.
Yini iDnsmasq?
Isoftware yamahhala dnsmasq iseva DNS Phambili y DHCP yamanethiwekhi amancane ekhompyutha. Isibonelo esivamile amaNethiwekhi akhona kuma-SME ethu. Kudinga izinsizakusebenza ezimbalwa zehardware ekusebenzeni kwayo futhi ingaqhutshwa kuzingxenyekazi ezahlukahlukene ezinjengeLinux, BSD, i-Android ne-OS X. Ifakiwe cishe kuwo wonke amakhosombe weLinux neBSD.
Iseva DHCP i-del dnsmasq ungaqashisa amakheli e-IP ngamandla nangokwezibalo, ngamanethiwekhi amaningi anezinhlaka ezihlukene zamakheli we-IP. Ihlanganiswe neseva DNS futhi ivumela imishini yendawo ethola ikheli le-IP ukuthi ibonakale njengebhaliswe ku-DNS ngamarekhodi ayo e-DNS, aqondile futhi ahlehlisiwe.
Indlela yendabuko yokusebenza kwe- dnsmasq ukulanda okwesikhashana amarekhodi e-DNS atholwe ngemibuzo eya kubo Abadlulisi, yehlisa umthwalo kulezi futhi ithuthukise ukusebenza okuphelele kwejubane lokuphendula emibuzweni ehlukile ye-DNS.
Isekela izindinganiso zesimanje ezifana I-IPv6 y DNSSEC, Qala - Boot ngaphezulu kwenethiwekhi ngokusekelwa kwamaphrothokholi IBHODI, I-TFTP, futhi I-PXE.
Emkhathini weLinux, iDnsmasq isetshenziswa kakhulu kumaseva weMishini ngaphandle kweHard Disk kanye neKlayenti Elincane. Ku-Microsoft® Windows, ne-software I-ARDENCE®, okulingana ne-Dnsmasq- isetshenziswa njengeseva ye-DHCP ebizwa ngokuthi E-Sayurian.
Kukusiphi isimo esingasebenzisa i-Dnsmasq?
Uma sikhipha indoda dnsmasq Ku-CentOS, sizothola ikhasi lalelo bhukwana ngolimi lwesiNgisi. Kufayela dnsmasq.8.gz - ngesiSpanish- efakwe nokusatshalaliswa kwe-Debian 8 «Jessie», kuyabonakala ncamashi Okulandelayo:
IMIKHAWULO
- Amanani wokuzenzakalelayo wemikhawulo yezinsiza ngokuvamile ayalondolozwa, futhi afanele ukusetshenziswa kumadivayisi wohlobo lomzila. kubhajwe ngama-processor slow and memory low. Ku-hardware ngaphezulu onekhono, kungenzeka ukwandisa imingcele, futhi usekele abaningi amakhasimende. Lokhu okulandelayo kusebenza ku-dnsmasq-2.37: izinhlobo zangaphambilini azenzi bakhuphuke kahle kakhulu.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amakhasimende. Izikhathi zokuqashisa akufanele zibe mfushane kakhulu (ngaphansi koyedwa isikhathi). Inani le -dns-forward-max lingakhushulwa: qala ngo- inani elilinganayo lamakhasimende futhi ulinyuse uma ngabe I-DNS. Qaphela ukuthi ukusebenza kwe-DNS futhi kuya ngamaseva I-DNS engenhla. Usayizi wenqolobane ye-DNS ungakhuphuka: umkhawulo Okudingekayo ngamagama ayi-10,000 futhi okuzenzakalelayo (150) kuphansi kakhulu. Ukuthumela i-SIGUSR1 ku-dnsmasq kwenza imininingwane ye-bitacore leyo ilusizo ekuhleleni kahle usayizi wenqolobane. Bona isigaba se-NOTES ukuthola imininingwane.
- Iseva ye-TFTP eyakhelwe ngaphakathi iyakwazi ukuxhasa ukudluliswa okuningi amafayela afanayo ngasikhathi sinye: umkhawulo ophelele uhlobene nenani leziphathi zefayela ezivunyelwe kwinqubo kanye nekhono le-sys‐tem call select () ukuxhasa izinombolo ezinkulu zokuphathwa kwamafayela. Uma umkhawulo usethwe waba mkhulu kakhulu nge-tftp-max uzosuswa futhi umkhawulo wangempela uzobekwa iwashi ekuqaleni. Qaphela ukuthi ukudluliswa okuningi kungenzeka uma ifayili elifanayo lithunyelwa kuthiwani lapho kudluliswa ngakunyeI-ferencia ithumela ifayela elihlukile. Kungenzeka usebenzise i-dnsmasq ukuphika ukukhangisa kweWebhu usebenzisa uhlu lwe amaseva we-banner aziwa kahle, konke kuxazululeka ku-127.0.0.1 noma 0.0.0.0 ku- / etc / Sebawoti noma kufayela elingeziwe le-Host. Uhlu lungakwazi yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Lolo sayizi wefayela lidinga i-1GHz CPU nokulinganiselwa60MB RAM.
Angizange ngibhale noma ngihlele lezi zigaba ezingenhla nhlobo. Ziyabonakala njengoba zingena ku- eyodwa ngeSpanishi kusuka dnsmasq 2.72 kusuka endaweni yokugcina ye-Debian 8.6. Kusuka kubo kanye nasenkambisweni yokusetshenziswa kwale software, singasho ukuthi kuyaqabukela - kungenzeki - ukuthola isimo kumanethiwekhi ethu ama-SME adlula inani le 1000 amaklayenti noma amakhompyutha axhunywe kwi-LAN.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amaklayenti.
Ukucatshangelwa eceleni
Kuhlale kungithinta ukuthi isoftware ewine imiklomelo I-ClearOS Enterprise 5.2 SP1 izosebenzisa iDnsmasq-ehlotshaniswa ne- NTP- njengeseva yengqalasizinda ngokuzenzakalela, nokuqhubeka nokuyisebenzisa kanjalo - okungenani kuze kube yinguqulo 7.xxx- in ukukhishwa Ukhokhela ukufaka i-Active Directory® ngokususelwa ku-Samba 4. Kubi kakhulu kithina, bathandi be-Free Software, ukuthi inkampani I-clearFoundationizoyeka ukuhlinzeka ngesoftware yaleyo khwalithi kuzinguqulo ngemuva kuka-5.xxx ngenxa esobala lokuzuza okungcono kwemali. Ngicabanga ukuthi kunenkinga enkampanini uqobo.
Noma ngingu- Fan I-Debian -futhi angifuni ukwenza inkulumo-ze engizikhethele yona- Bengihlala ngincoma iNkampani I-Red Hat®, Inc. imodeli yebhizinisi lakhe eliyibeke njengomholi ongenakuphikwa weFree Software. Ngaphezu kwalokho, kunguMxhasi we-clone kanambambili we-CentOS - isoftware yamahhala engu-100% - yohlelo lwayo lwenkanyezi I-Red Hat® Enterprise Linux - i-RHEL. Kokunye kuthiwa i-CentOS iyi-RHEL engasekelwa (I.
- Ngine-a ISamba Clasic NT 4.0 Isilawuli Sesizinda Esisisekelo Sesitayela ngokususelwa ku- I-ClearOS Enterprise 5.2 SP1 iminyaka engaphezu kwengu-4 kunethiwekhi yenkampani enamakhasimende weWindows XP, 7, 8, Windows Server 2003 neWindows server 2012. Yini ekhona ukukitaza amanani wokubhalisa ambalwa weklayenti ngalinye leWindows elinenguqulo ephakeme kune-XP? Kuyiqiniso. Yini okusebenza kahle kakhulu? Kuyiqiniso futhi. Ukuthi inani lamaqembu alifiki ku-100? Futhi kuyiqiniso.
Yenza umqondo
- Yize kimi «I-Common Sense iyona ejwayelekile kakhulu kwezinzwa», zibeke wena kuqala kuZidingo Zakho bese ukhetha indawo yobuciko ngokwalokho Odinga ukukuveza nokukuxazulula ngokwe-Your Own Script.
- Ungasebenzisi umcibisholo onqamula amazwekazi ukubulala umiyane. Musa ukwenza impilo kube nzima ngokungadingekile: qala ngesixazululo esilula. Uma ungaxazululi ngalokho, phakamisa ubunzima iphuzu elilodwa, njalonjalo.
Masifake i-CentOS 7 ne-Dnsmasq
Ngokufakwa kohlelo lwesisekelo siqondiswa yi-athikili I-CentOS 7 Hypervisor I futhi ekukhetheni amaphakheji sibeka kuphela inketho «Ingqalasizinda Server«. Imingcele ejwayelekile esizoyisebenzisa ekulungiseleleni le ndatshana yile elandelayo:
Igama le-FQDN lomshini obonakalayo: dns.desdelinux.umlandeli Ikheli le-IP: 10.10.10.5
I-CentOS 7 ifaka i-dnsmasq
Yebo Bafundi Abathandekayo, ku-CentOS 7 iphakethe dnsmasq ifakiwe ngenkathi kufakwa i-Infrastructure Server futhi Ngicabanga kunezinye izinketho futhi.
[izimpande @ dns ~] # yum imininingwane dnsmasq Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: dnsmasq Architecture: x86_64 Inguqulo: 2.66 Ukukhishwa: 21.el7 Usayizi: 464 k Indawo yokugcina: ifakiwe Kusuka endaweni yokugcina: Isifinyezo se-centos-base: I-URL ye-DNS engasindi / okulondolozwe okwesikhashana ye-URL yeseva: http://www.thekelleys.org.uk/dnsmasq/ Ilayisense: Incazelo ye-GPLv2: I-Dnsmasq ayisindi, kulula ukuyilungiselela ukudlulisa i-DNS ne-DHCP: iseva. Idizayinelwe ukuhlinzeka nge-DNS futhi, ngokuzikhethela, i-DHCP, kunethiwekhi: encane. Ingasebenza ngamagama emishini yasendaweni okuyi: engekho kwi-DNS yomhlaba. Iseva ye-DHCP ihlangana ne-DNS: iseva futhi ivumela imishini enamakheli abelwe i-DHCP ukuthi avele: kwi-DNS enamagama amisiwe kusingathi ngasinye noma kufayela le-: central configuration. I-Dnsmasq isekela ukuma okungaguquguquki nokuguqukayo: ukuqashiswa kwe-DHCP ne-BOOTP yokuqalwa kwenethiwekhi yemishini engasebenzi.
Uhlobo lwe dnsmasq Ukufaka kungu-2.66, futhi kufana nenguqulo yeCentOS:
[izimpande @ dns ~] # ikati / i-proc / inguqulo Uhlobo lwe-Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (I-Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017
Masivumele futhi silungiselele i-dnsmasq
[izimpande @ dns ~] # nano / etc / hosts 127.0.0.1 i-localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 i-localhost localhost.localdomain localhost6 i-localhost6.localdomain6 10.10.10.5 dns.desdelinux.fan dns [izimpande @ dns ~] # igama lomethuleli dns [izimpande @ dns ~] # igama lomethuleli -f dns.desdelinux.umlandeli [izimpande @ dns ~] # systemctl vumela i-dnsmasq [izimpande @ dns ~] # systemctl qala dnsmasq [izimpande @ dns ~] # isimo se-systemctl dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoSat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 11:47:19 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukuziba i-nameserver I-127.0.0.1 - yendawo e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njll / abasingathi - amakheli ama-3 Iseluleko: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.
Ungakhohlwa isinyathelo esilandelayo:
[izimpande @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original
Amakheli we-IP alungisiwe
Nge-Dnsmasq, amakheli amaseva noma amakhompyutha adinga i-IP engaguquki -ombili i-IPv4 ne-IPv6- amenyezelwa kufayela / njll / amabamba:
[izimpande @ dns ~] # nano / etc / hosts 127.0.0.1 localhost localhost.isizinda sendawo4 localhost4.isizinda sendawo4 ::1 indawohostindawo yasekhaya.isizinda sendawohost6 sasekhaya6.isizinda sasekhaya6 # Amaseva 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 iseva yefayela.desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.ibhulogi yabalandeli 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 imeyili.desdelinux.imeyili yabalandeli
Masenze ifayela le /etc/dnsmasq.conf
[izimpande @ dns ~] # nano /etc/dnsmasq.conf # ------------------------------------------------ ------------------ # IZINKETHO EZIJWAYELEKILE # ----------------------------- ------------------------------------kudingeka isizinda # Ungadlulisi amagama ngaphandle kwesizinda ingxenye bogus-priv # Ungadlulisi amakheli esikhaleni esingakathululwa sokwandisa-abasingathi # Faka ngokuzenzakalelayo isizinda kusixhumi esibonakalayo somsingathi=eth0 # Isixhumi esibonakalayo. QAPHELA nge-Interface # except-interface=eth1 # UNGAlaleli lokhu ku-oda okuqinile kwe-NIC # Ukuhleleka lapho ubheka ifayela /etc/resolv.conf # Faka phakathi izinketho eziningi zokumisa # ngefayela noma ngokuthola # amafayela okumisa engeziwe kuhla lwemibhalo # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Ehlobene nesizinda Segama Lesizinda=desdelinux.umlandeli # Igama lesizinda # Iseva Yesikhathi ithi 10.10.10.1 ikheli=/time.windows.com/10.10.10.1 # Ithumela inketho engenalutho yenani le-WPAD. Kudingeka # Windows 7 futhi amaklayenti akamuva ukuze aziphathe kahle. ;-) dhcp-option=252,"\n" # Ifayela lapho sizomemezela khona AMA-HOSTS "azovinjelwa" addn-hosts=/etc/banner_add_hosts # --------------- ---------------------------------------------- --- # RECORDSCNAMEMXTXT # ------------------------------------------- --- -------------------- # Lolu hlobo lokubhalisa ludinga okufakiwe # kufayela /etc/hosts # ex: 10.10.0.7 blog.desdelinux.ibhulogi yabalandeli # cname=ALIAS,REAL_NAME cname=www.desdelinux.umlandeli, ibhulogi.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi le-MX elinegama "desdelinux.fan" imiselwe # ethimbeni lemeyili.desdelinux.umlandeli nokubalulekile kwe-10 mx-host=desdelinux.umlandeli,imeyili.desdelinux.fan,10 # Indawo okuyiwa kuyo ezenzakalelayo yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi le-MX elikhomba ku-mx-thagethi YAWO YONKE # imishini yendawomx # TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, Ibhulogi yakho inikezelwe Kuhlelo Lwesofthiwe Yamahhala" # ---------------------------------------- -------------------------- # ------------------------ --------------------------------------- # UHLELO NEZINKOLELO ZAKHO # --- --- --------------------------------------------------- ----------- # Ibanga le-IPv4 nesikhathi sokuqashisa # 1 ukuya ku-29 ezeseva nezinye izidingo dhcp-range=10.10.10.30,10.10.10.250,8h dhcp-lease-max = 222 # Inani eliphakeme lamakheli okuqashisa # ngokuzenzakalela kungu-150 # IPV6 Range # dhcp-range=1234::, ra-only # Izinketho zoBANGA # IZINKETHO dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER GATEWAY6,10.10.10.5, dhcp-15.dh XNUMX # Amaseva e-DNS dhcp-option=XNUMX,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # inketho ye-ip-forwarding KU-dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-DCH=40, I-NIS Domain Name # dhcp-option=41,10.10.10.5 # Iseva ye-NIS # EXTERNAL SAMBA4 WINS SERVER # # dhcp-option=44,10.10.10.5 # WINS # dhcp-option=45,10.10.10.5 SERVER #NetBIOS SERVER SAMBA4 EXTERNAL # # dhcp-option=46,8 # NetBIOS Node # dhcp-option=73,10.10.10.3 # Iseva Yeminwe I-dhcp-egunyaziwe # I-DHCP Egunyaziwe ku-subnet # -------------- - - ----------------------------------------------- - -------------------------------------------- - --------------------- # LOGINGAL /var/log/imiyalezo # ------------------- - ---------------------------------------------- imibuzo yelogi # UKUPHELA kwefayela le /etc/dnsmasq.conf # ----------------------------------------------------- ------------------
Ake sibheke i-syntax bese siqala kabusha insiza
[izimpande @ dns ~] # dnsmasq - isivivinyo dnsmasq: isheke le-syntax KULUNGILE. [root @ dns ~] # systemctl qala kabusha i-dnsmasq [izimpande @ dns ~] # isimo se-systemctl dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:48:05 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:48:05 dns dnsmasq [1288]: iqalile, inguqulo 2.66 i-cachedize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48: 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ukuziba i-nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [1288] ]: funda / njll / imikhosi - amakheli ayi-11 Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.
Qaphela ukuthi kokukhipha kwangaphambilini ifayela le- isimo se-systemctl dnsmasq ibuyisa iphutha:
Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry
ekhononda ngokuthi awukwazi ukuthola ifayili / njll / banner_add_hosts.
[izimpande @ dns ~] # ukuthinta / njll / banner_add_hosts [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl isimo dnsmasq.service ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:54:26 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:54:26 dns dnsmasq [1394]: iqalile, inguqulo 2.66 i-cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ukuziba nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: funda / njll / abasingathi - amakheli ayi-11 Feb 18 12:54:26 dns dnsmasq [1394]: funda / njll / banner_add_hosts - 0 amakheli Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.
Futhi sesivele sinezinsizakalo ze-DNS ne-DHCP ezisebenzayo.
Kubalulekile
- Uma siguqula ifayela le /etc/dnsmasq.conf, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza.
- Uma siguqula ifayili le- / etc / hosts Ukususa, ukuguqula noma ukufaka i-IP engaguquki negama layo lomethuleli ohambelana nayo, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza..
- ukulayishwa kabusha kwe-systemctl dnsmasq.service akukwazi ukusetshenziswa nale nsizakalo.
Sivula amachweba adingekayo ku-Firewall
Esihlokweni somngani wami nozakwethu uLuigys Toro -isibankwa- "Uwavula kanjani amachweba ku-Centos 7 Firewall»Inqubo okufanele siyilandele ukuvula amachweba ku-Firewall efakwa yi-CentOS ngokuzenzakalela ichazwa kahle. Angazi namanje ukuthi ngiyisebenzisa kanjani imithetho yokuqukethwe kweSelinux kusevisi ye-dnsmasq kuCentOS. Uma kukhona omaziyo, sicela usikhanyisele.
Amafayela / njll / izivumelwano y / njll / amasevisi Ziwumhlahlandlela omuhle kakhulu wokwazi ukuthi yimaphi amachweba esidinga ukuwavula ukuze izinsizakalo ze-DNS ne-DHCP ezinikezwe yi-Dnsmasq zisebenze kahle.
[izimpande @ dns ~] # firewall-cmd - izindawo ezisebenzayo izixhumi zomphakathi: eth0
Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela»
[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / tcp - ehlala njalo impumelelo [izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / udp - ehlala njalo impumelelo
Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core»
[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / tcp - ehlala njalo impumelelo [izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / udp - ehlala njalo impumelelo [izimpande @ dns ~] # firewall-cmd - phinda ulayishe impumelelo [root @ dns ~] # firewall-cmd - uhlu-konke umphakathi (osebenzayo): amabhulokhi e-icmp: imithetho ecebile:
Kubalulekile
- Uma sizonikezela ngezinsizakalo zokuqashisa ikheli le-IPv6, kumele futhi sivule amachweba i-dhcpv6-server 547 / tcp kanye ne-dhcpv6-server 547 / udp.
Amasheke
Ake sibheke imibuzo eminingi ye-DNS ukuthi iDnsmasq yethu entsha sha esanda kusebenza isebenza kanjani. Kulokhu sikhetha iqembu elaziwayo sysadmin.desdelinux.umlandeli, futhi kusuka kuleyo khompyutha, exhunywe kwi-LAN, sizokwenza imibuzo eminingana, kepha hhayi ngaphambi kokubheka ukuthi ifayela lihlelwe kahle /etc/resolv.conf:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Kwenziwe usesho lwe-NetworkManager desdelinux.fan nameserver 10.10.10.5
Izilungiselelo zefayela /etc/resolv.conf kulungile. Ake siqale ukubonisana
buzz @ sysadmin: ~ $ umphathi we-dns dns.desdelinuxI-.fan inekheli elithi 10.10.10.5 Host dns.desdelinux.umlandeli akatholakalanga: 5(WEQINILE) dns.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.
Ngokucushwa okuhlongozwayo, singakulahla ukukhishwa komyalo Bamba ngaphandle kwezinketho uma kukhulunywa nge-Dnsmasq, lapho kubuyiselwa imigqa efana nale elandelayo:
Isikhungo se-dns.desdelinux.umlandeli akatholakalanga: 5(WEQINILE)
Uma singafuni lolo hlobo lokukhiphayo, kufanele sisebenzise umyalo Bamba ngezinketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Bheka umuntu ophethe ukuthola eminye imininingwane:
buzz@sysadmin:~$ host -t Ku-dns.desdelinux.umlandeli dns.desdelinux.umlandeli unekheli 10.10.10.5 [izimpande @ dns ~] # umphathi -t Ku-dns dns.desdelinux.umlandeli unekheli 10.10.10.5 i-buzz @ sysadmin: ~ $ dig dns buzz @ sysadmin: ~ $ umsingathi 10.10.10.5 5.10.10.10.in-addr.arpa igama lesizinda pointer dns.desdelinux.umlandeli.
I-Dnsmasq ayihloselwe uhlelo lwe-Master - Slave
buzz@sysadmin:~$ host -t AXFR desdelinux.umlandeli "Ngiyazama"desdelinux.fan" Umsingathi desdelinux.umlandeli akatholakali: 5(WEQIWE) ; Ukudlulisa kuhlulekile.
Akuhloselwe futhi ukubuyisa amarekhodi e-NS ne-SOA
buzz@sysadmin:~$ host -t NS desdelinux.umlandeli Host desdelinux.umlandeli akatholakalanga: 5(WEQINILE) buzz@sysadmin:~$ host -t SOA desdelinux.umlandeli Host desdelinux.umlandeli akatholakalanga: 5(WEQINILE) buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli buzz@sysadmin:~$ dig IN NS desdelinux.umlandeli
Uma isekela amarekhodi e-MX, CNAME, ne-TXT
buzz @ sysadmin: ~ $ host -t Ukuze www www.desdelinuxI-.fan isibizo sebhulogi.desdelinux.umlandeli. Ibhulogi.desdelinux.umlandeli unekheli 10.10.10.7 buzz@sysadmin:~$ host -t MX desdelinux.umlandeli desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umphathi -t CNAME www www.desdelinuxI-.fan isibizo sebhulogi.desdelinux.umlandeli. buzz@sysadmin:~$ host -t Ukubloga.desdelinux.umlandeli ibhulogi.desdelinux.umlandeli unekheli 10.10.10.7 buzz@sysadmin:~$ host -t TXT desdelinux.umlandeli desdelinux.umbhalo ochaza abalandeli "DesdeLinux, Ibhulogi yakho inikezelwe ku-Free Software" desdelinux.umbhalo ochazayo wabalandeli "v=spf1 a -all"
I-PTR iqopha imibuzo
buzz @ sysadmin: ~ $ umphathi -t PTR 10.10.10.7 7.10.10.10.in-addr.arpa igama lesizinda sebhulogi blog.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umsingathi 10.10.10.7 7.10.10.10.in-addr.arpa igama lesizinda sebhulogi blog.desdelinux.umlandeli.
Amaklayenti e-Microsoft® Windows
Kuphilile kakhulu ukusebenzisa ikhonsoli yeseva dns.desdelinux.umlandeli umyalo iphephabhuku -f NGAPHAMBI kokuvula umshini osebenzisa isistimu yokusebenza ye-Microsoft® Windows, ukubona inani elikhulu lemibuzo ye-DNS eliyenzayo kumasayithi ahlukene. Kuyajabulisa ngempela. 😉
Uma sifuna ukuvimba imibuzo ephathelene namanye ala masayithi ekuhambeleni kumaseva eRoots Izimpande Zeseva noma ngase Abadlulisi ukuthi simemezele kufayela /etc/resolv.conf, singalisebenzisa kahle ifayela / etc / banner_add_host, ukuyigcwalisa ngamasayithi amaningi esidinga ukuwamemezela. Isibonelo:
[izimpande @ dns ~] # nano / njll / banner_add_hosts 127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com [izimpande @ dns ~] # dnsmasq - isivivinyo dnsmasq: isheke le-syntax KULUNGILE. [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl isimo dnsmasq.service [root @ dns ~] # host -t Ku-spynet4.microsoft.com ispynet4.microsoft.com inekheli 127.0.0.1 [root @ dns ~] # host -t Ku-www.download.windowsupdate.com www.download.windowsupdate.com inekheli 127.0.0.1
- Ifomethi yefayela le- / etc / banner_add_hosts iyefana nefayela le- / etc / hosts. Khumbula ukuthi uhlu lwezizinda "zokuvimbela" lungaba lude ngangokunokwenzeka, ngokusho kwesigaba IMIKHAWULO yalesi sihloko.
Ukuhlola kusuka kuklayenti Isikhombisa.desdelinux.umlandeli enikeze ikheli le-IP:
buzz @ sysadmin: ~ $ host -t A eziyisikhombisa Isikhombisa.desdelinux.umlandeli unekheli 10.10.10.115
senza umyalo kuklayenti leWindows uqobo cmd:
I-Microsoft Windows [Inguqulo 6.1.7601] I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: \ Abasebenzisi \ buzz> nslookup Iseva Ezenzakalelayo: dns.desdelinux.fan Ikheli: 10.10.10.5 > dns Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: dns.desdelinux.fan Ikheli: 10.10.10.5 > ftpserver Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: ftpserver.desdelinux.fan Ikheli: 10.10.10.8 > www Iseva: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: ibhulogi.desdelinux.Ikheli labalandeli: 10.10.10.7 Iziteketiso: www.desdelinux.fan > mail Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: imeyili.desdelinux.fan Ikheli: 10.10.10.9 > Iseva ye-sysadmin: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: sysadmin.desdelinux.Ikheli labalandeli: 10.10.10.1 > www.download.windowsupdate.com Iseva: dns.desdelinux.Ikheli labalandeli: 10.10.10.5 Igama: www.download.windowsupdate.com Ikheli: 127.0.0.1 > yeka C:\Users\buzz>
Isifingqo
Kuze kube manje sibonile izici ezimbalwa eziyinhloko ze-Dnsmasq. ngicabanga Funda futhi ufunde amafayela ashiwo esigabeni sokuqala sale ndatshana, uma ufuna ukwazi kabanzi ngalolu hlelo oluhle kakhulu nolumangazayo. Ngokusetshenziswa kwayo singakwazi ukwenza lula izimpilo zethu.
Cishe ngo-2014 ngifunde i-athikili «Kanjani: Samba4 AD PDC + Windows XP, Vista no-7«. Umsunguli wale ndatshana umemezela ngaphandle kokuchwayiza: «Ngiyakuzonda ukubopha, ngakho-ke yi-dnsmasq ukutakula»(Sic) okusho okuncane noma okuncane okushoyo«Ngiyakuzonda ukubopha, ngakho-ke uDnsmasq uyangisiza«. Kwerekhodi, leyo nkulumo ayishongo kimi.
Ekudluliseni ngiphawula ukuthi, kuleyo ndatshana uMlobi akacacisi umsuka wamanye amarekhodi e-DNS futhi ngamagama ajwayelekile akuyona inkomba enhle yokusebenzisa i-Active Directory® esekwe kuSamba 4. Uma uthanda ngokweqile iDnsmasq.
Angikuzondi ukubopha nhlobo. Izindatshana zami ezine -4- ezidlule zikufakazela lokhu:
- I-DNS ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
- I-DNS ne-DHCP ku-CentOS 7
- I-DNS ne-DHCP ku-Debian 8 "Jessie"
- Bopha futhi Active Directory®
Njengoba ngike ngabhala ezikhathini ezedlule, cishe angikaze Ngisikisela, kodwa ngicabanga. Endabeni kaDnsmasq yebo Ngisikisela ukusetshenziswa kwayo kuma-SME Networks.
Ukulethwa okulandelayo
Isitolimende esilandelayo -ngicabanga ukuthi ngiyacabanga- Ngizoyinikela ekuhlanganisweni kweDnsmasq ne-Microsoft® Active Directory®. Kuzoba yindawo enhle yokungena ye-athikili -muy- ngokuhamba kwesikhathi lokho kuzobhekana nokuthi ungayenza kanjani i-AD-DC ngeSamba 4 neDnsmasq.
Sanibonani ekuseni !!! Ngiyaqinisekisa konke okushoyo futhi ngokweqiniso ukuthi ukusebenza kwale nethiwekhi kuze kube manje akunikezi sizathu sokukhononda. Angiseyona i-sysadmin yaleyo nethiwekhi, ngoba uyazi izinkinga ebenginazo ... kepha ngenkathi ngiphethe leyo nethiwekhi futhi kuze kube manje lapho ngixhumana nalowo ophambi kwayo, asikho isizathu sokukhononda. Okuhlangenwe nakho kwami okuhle nge-ClearOS ne-DNSmasq.
Mngani Joan, Ngiyabonga ngosizo lwakho ekuqinisekiseni engikubhalile mayelana nenkampani ene-ClearOS.
Engikuthanda kakhulu nge-dnsmasq ukuthi kungasebenziseka kanjani, kufayela elilodwa ulungiselela i-DNS ne-DHCP. Mayelana nokusebenza anginazikhalazo, esikhathini esithile esedlule ngacisha iseva ka-2003R2 eyayisebenza njenge-DC, amaklayenti amaningana e-Linux avela komasipala abakude "babelokhu belengisiwe" futhi njengoba ngangingenayo indlela yokushintsha izintandokazi zabo ze-DNS, engikwenzile ngakukhulisa uJessie onaleyo IP ne-dnsmasq balondoloze i-DNS entsha, konke kulungile.
I-athikili enhle kakhulu uFico, maqondana nami.
Ucabangani ngomkhawulo olandelanayo wokunikeza amakhompyutha afinyelela ku-1000? Nginethuba lokuqinisekisa imininingwane nomngani ozinikele ekunikezeni izinsizakalo zewebhusayithi ethi "Captive» nge-WiFi, futhi muva nje unikeze insizakalo-nge-BIND + Isc-dhcp- kuma-mobiles angaphezu kwe-1000 eKarl Marx Theatre. Ungiqashe ukuthi ngimenze iseva enokusetshenziswa okuphansi kakhulu kwezinsizakusebenza, zalowo msebenzi.
Kufanele kucace ukuthi lawa abizwa ngokuthi "imingcele" alinganiswa eminyakeni embalwa eyedlule futhi nge-hardware engaphansi kwezinga lamanje, zombili i-dnsmasq namakhasimende aguquke kakhulu, ngiyaqiniseka ukuthi izobamba umthwalo walaba abasebenzisi. Hlala ubhala futhi uvimbele imibuzo eyinkulungwane neyodwa i-Android eyenza izame ukufonela ekhaya, hehe. Jabulela
Ngizosithatha ngokungathi sína iseluleko sakho, dhunter. ngiyabona futhi
Njengoba sekuyinsakavukela kulolu chungechunge lwama-SME, lokhu okuthunyelwe ku- "DNSMASQ" kungenye indatshana enhle umlobi asinika yona ama-sysadmins ukuze sizithuthukise ngobuchwepheshe nangethiyori.
Endabeni yami siqu ngangazi ngokungacacile nge-dnsmasq ngoba ngangibeke phambili i-DNS (Bind) ne-DHCP njengezinsizakalo ezimbili ezizimele. Kimi kukhulu! Into ye-dnsmasq yokuvumela ukumisa zombili kusevisi eyodwa (ngefayela /etc/dnsmasq.conf).
Kuhle! ekwazi ukuxhasa okungenani amaklayenti ayi-1,000 XNUMX nge-DNS ne-DHCP ngaphandle kokuthinta ukusebenza kwayo.
Okunye okuhle kakhulu yi-TIP yokuthi ungayibalekela kanjani imibuzo ephathelene nama-Root Servers noma i-Forwarders esebenzisa i- / etc / banner_add_host file where we insert the "N" sites that we need to declare as if were "localhosts".
Ekugcineni futhi njengoba bekulokhu kujwayelekile kumbhali ngesigaba sakhe esithi "Okulandelayo isitolimende", manje uhlela ukuletha elinye igugu "ukuhlanganiswa kweDnsmasq ne-Microsoft® Active Directory®".
Yebo, sesivele sikulangazelele.
Bengimatasa futhi angikwazi ukulandela izindatshana zakho. Ngiphuthelwe amanye. Umbhalo wakho omusha ngamunye uyisimanga esimnandi esiqukethe izimfundiso ezintsha. Qhubeka, mngani Fico
IDnsmasq, ngibona ukusebenza kwayo nsuku zonke, kungcono kakhulu. Bengihlala ngikutshela futhi ngiphikelela ekuhlanganisweni kwe-bind9 kanye ne-isc-dhcp-server (isixazululo engisithanda kakhulu, ngoba ukuzama kaningi ngafunda futhi ngabona futhi ngathola lokho okuncane engikwaziyo nge-dns ne-dhcp, i-VIIII, bengikwazi bona ukuthi yini iMicrosoft engakuvumeli uyigcine, lokho abangafuni ukuba ukufunde futhi ikugcine egumbini elimnyama futhi elikhiyiwe, empeleni kuyizinsizakalo okwakhulunywa ngazo sengathi ziyizilo futhi zingabantu abalungile, ongabhekana nazo iqiniso), futhi ngiyabonga Kulokhu uphoqeleke ukuthi uzithuthukise nakakhulu, empeleni sesivele siyibona yonke imiphumela yalo mzamo futhi siyabonga ngekhwalithi yokuthunyelwe kwakho.
Lokhu ikakhulukazi kuphezulu, angithathi isikweletu kwabanye, NGOKUQINISEKILE HHAYI, HHAYI NOMA UCABANGA NGAYO; kodwa kungenxa yakho ngihlangane nomngani wami dnsmasq futhi inethiwekhi ye-Residence yami ihlala ngaphezu kokujabula ukuhlangana nozakwethu omusha owenziwe nguSimon Kelley. Ngiyabonga nakuye.
IWO: Ngeke ulinde isikhathi eside ngokuthunyelwe okulandelayo. Angikayiqedi okwamanje ngoba ngimatasa kakhulu nomsebenzi wami wansuku zonke. Isikhathi ... Kepha ngokuqinisekile uzoba naso ngeviki elizayo.
I-Crespo88: Angikwazi ukungeza enye into ekuphawuleni kwakho okuphelele. Futhi sengivele nginesikhathi esincane ngoba ngo-7 ntambama ngiphelelwa ukuzulazula 😉
Ngiyabonga!.
Sawubona, FICO. I-athikili enhle kakhulu.
Ngingathanda ukwazi ukuthi ungayisebenzisa kanjani i-dnsmasq kwi-baremetal (HP Proliant gen 8) ebamba imishini ebonakalayo ye-KVM.
Ngabe ukucushwa kwe-dnsmasq kufanele kwenziwe kumsingathi noma kwelinye lama-VM asebenza njengeseva ye-dnsmasq?
Ngisenkingeni.
Ukubingelela