I-Dnsmasq ku-CentOS 7.3 - Amanethiwekhi we-SME

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani zihlobo !. Sinikela le ndatshana ku dnsmasq uhlelo olulula kakhulu olunikeza izinsizakalo DNS - DHCP usebenzisa isoftware eyodwa. Imibhalo engcono kakhulu ekhona kule software iyona efakwe nephakeji uqobo lwayo /usr/share/doc/dnsmasq-2.66/, ifayela lokumiswa ligcwele izibonelo- /etc/dnsmasq.conf, naleyo etholwe ngomyalo indoda dnsmasq. Kuyimpilo futhi ukuvakashela i- Isiza esisemthethweni.

[izimpande @ dns ~] # ls -l / usr/share/doc/dnsmasq-2.66/
ingqikithi ye-136 -rw-r-r--. Impande eyi-1 impande 18007 Apr 17 2013 UKUKOPISHA -rw-r - r--. Impande eyi-1 impande 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Impande eyi-1 impande 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. Impande eyi-5009 impande 17 Apr 2013 1 doc.html -rw-r - r--. Impande eyi-25075 impande 17 Apr 2013 1 FAQ -rw-r - r--. Impande eyi-12019 impande 17 Apr 2013 XNUMX setup.html
  • Inqubo echazwe kokuthunyelwe nayo isebenza ku-Debian 8 "Jessie". Ifayela lokumiswa kwe- / etc / dnsmasq liyafana. KuJessie, mhlawumbe udinga kuphela ukufaka iphakethe lakho le-dnsmasq hhayi okunye. Ngikubhala ngoba ngikubona kungadingekile ukwenza i-athikili ehlukile ye-Dnsmasq eDebian. Ngenhlanhla, izinkomba ezihlobene nemibhalo nokucushwa ziyefana. 😉

I-Dnsmaq iyindalo ye- USimon Kelley.

Yini iDnsmasq?

Isoftware yamahhala dnsmasq iseva DNS Phambili y DHCP yamanethiwekhi amancane ekhompyutha. Isibonelo esivamile amaNethiwekhi akhona kuma-SME ethu. Kudinga izinsizakusebenza ezimbalwa zehardware ekusebenzeni kwayo futhi ingaqhutshwa kuzingxenyekazi ezahlukahlukene ezinjengeLinux, BSD, i-Android ne-OS X. Ifakiwe cishe kuwo wonke amakhosombe weLinux neBSD.

Iseva DHCP i-del dnsmasq ungaqashisa amakheli e-IP ngamandla nangokwezibalo, ngamanethiwekhi amaningi anezinhlaka ezihlukene zamakheli we-IP. Ihlanganiswe neseva DNS futhi ivumela imishini yendawo ethola ikheli le-IP ukuthi ibonakale njengebhaliswe ku-DNS ngamarekhodi ayo e-DNS, aqondile futhi ahlehlisiwe.

Indlela yendabuko yokusebenza kwe- dnsmasq ukulanda okwesikhashana amarekhodi e-DNS atholwe ngemibuzo eya kubo Abadlulisi, yehlisa umthwalo kulezi futhi ithuthukise ukusebenza okuphelele kwejubane lokuphendula emibuzweni ehlukile ye-DNS.

Isekela izindinganiso zesimanje ezifana I-IPv6 y DNSSEC, Qala - Boot ngaphezulu kwenethiwekhi ngokusekelwa kwamaphrothokholi IBHODI, I-TFTP, futhi I-PXE.

Emkhathini weLinux, iDnsmasq isetshenziswa kakhulu kumaseva weMishini ngaphandle kweHard Disk kanye neKlayenti Elincane. Ku-Microsoft® Windows, ne-software I-ARDENCE®, okulingana ne-Dnsmasq- isetshenziswa njengeseva ye-DHCP ebizwa ngokuthi E-Sayurian.

Kukusiphi isimo esingasebenzisa i-Dnsmasq?

Uma sikhipha indoda dnsmasq Ku-CentOS, sizothola ikhasi lalelo bhukwana ngolimi lwesiNgisi. Kufayela dnsmasq.8.gz - ngesiSpanish- efakwe nokusatshalaliswa kwe-Debian 8 «Jessie», kuyabonakala ncamashi Okulandelayo:

IMIKHAWULO

  • Amanani wokuzenzakalelayo wemikhawulo yezinsiza ngokuvamile ayalondolozwa, futhi afanele ukusetshenziswa kumadivayisi wohlobo lomzila. kubhajwe ngama-processor slow and memory low. Ku-hardware ngaphezulu  onekhono, kungenzeka ukwandisa imingcele, futhi usekele abaningi amakhasimende. Lokhu okulandelayo kusebenza ku-dnsmasq-2.37: izinhlobo zangaphambilini azenzi bakhuphuke kahle kakhulu.
  • I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amakhasimende. Izikhathi zokuqashisa akufanele zibe mfushane kakhulu (ngaphansi koyedwa isikhathi). Inani le -dns-forward-max lingakhushulwa: qala ngo- inani elilinganayo lamakhasimende futhi ulinyuse uma ngabe I-DNS. Qaphela ukuthi ukusebenza kwe-DNS futhi kuya ngamaseva I-DNS engenhla. Usayizi wenqolobane ye-DNS ungakhuphuka: umkhawulo Okudingekayo ngamagama ayi-10,000 futhi okuzenzakalelayo (150) kuphansi kakhulu. Ukuthumela i-SIGUSR1 ku-dnsmasq kwenza imininingwane ye-bitacore leyo ilusizo ekuhleleni kahle usayizi wenqolobane. Bona isigaba se-NOTES ukuthola imininingwane.
  • Iseva ye-TFTP eyakhelwe ngaphakathi iyakwazi ukuxhasa ukudluliswa okuningi amafayela afanayo ngasikhathi sinye: umkhawulo ophelele uhlobene nenani leziphathi zefayela ezivunyelwe kwinqubo kanye nekhono le-sys‐tem call select () ukuxhasa izinombolo ezinkulu zokuphathwa kwamafayela. Uma umkhawulo usethwe waba mkhulu kakhulu nge-tftp-max uzosuswa futhi umkhawulo wangempela uzobekwa iwashi ekuqaleni. Qaphela ukuthi ukudluliswa okuningi kungenzeka uma ifayili elifanayo lithunyelwa kuthiwani lapho kudluliswa ngakunyeI-ferencia ithumela ifayela elihlukile. Kungenzeka usebenzise i-dnsmasq ukuphika ukukhangisa kweWebhu usebenzisa uhlu lwe amaseva we-banner aziwa kahle, konke kuxazululeka ku-127.0.0.1 noma 0.0.0.0 ku- / etc / Sebawoti noma kufayela elingeziwe le-Host. Uhlu lungakwazi yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Lolo sayizi wefayela lidinga i-1GHz CPU nokulinganiselwa60MB RAM.

Angizange ngibhale noma ngihlele lezi zigaba ezingenhla nhlobo. Ziyabonakala njengoba zingena ku- eyodwa ngeSpanishi kusuka dnsmasq 2.72 kusuka endaweni yokugcina ye-Debian 8.6. Kusuka kubo kanye nasenkambisweni yokusetshenziswa kwale software, singasho ukuthi kuyaqabukela - kungenzeki - ukuthola isimo kumanethiwekhi ethu ama-SME adlula inani le 1000 amaklayenti noma amakhompyutha axhunywe kwi-LAN.

  • I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amaklayenti.

Ukucatshangelwa eceleni

Kuhlale kungithinta ukuthi isoftware ewine imiklomelo I-ClearOS Enterprise 5.2 SP1 izosebenzisa iDnsmasq-ehlotshaniswa ne- NTP- njengeseva yengqalasizinda ngokuzenzakalela, nokuqhubeka nokuyisebenzisa kanjalo - okungenani kuze kube yinguqulo 7.xxx- in ukukhishwa Ukhokhela ukufaka i-Active Directory® ngokususelwa ku-Samba 4. Kubi kakhulu kithina, bathandi be-Free Software, ukuthi inkampani I-clearFoundationizoyeka ukuhlinzeka ngesoftware yaleyo khwalithi kuzinguqulo ngemuva kuka-5.xxx ngenxa esobala lokuzuza okungcono kwemali. Ngicabanga ukuthi kunenkinga enkampanini uqobo.

Noma ngingu- Fan I-Debian -futhi angifuni ukwenza inkulumo-ze engizikhethele yona- Bengihlala ngincoma iNkampani I-Red Hat®, Inc. imodeli yebhizinisi lakhe eliyibeke njengomholi ongenakuphikwa weFree Software. Ngaphezu kwalokho, kunguMxhasi we-clone kanambambili we-CentOS - isoftware yamahhala engu-100% - yohlelo lwayo lwenkanyezi I-Red Hat® Enterprise Linux - i-RHEL. Kokunye kuthiwa i-CentOS iyi-RHEL engasekelwa (I.

  • Ngine-a ISamba Clasic NT 4.0 Isilawuli Sesizinda Esisisekelo Sesitayela ngokususelwa ku- I-ClearOS Enterprise 5.2 SP1 iminyaka engaphezu kwengu-4 kunethiwekhi yenkampani enamakhasimende weWindows XP, 7, 8, Windows Server 2003 neWindows server 2012. Yini ekhona ukukitaza amanani wokubhalisa ambalwa weklayenti ngalinye leWindows elinenguqulo ephakeme kune-XP? Kuyiqiniso. Yini okusebenza kahle kakhulu? Kuyiqiniso futhi. Ukuthi inani lamaqembu alifiki ku-100? Futhi kuyiqiniso.

Yenza umqondo

  • Yize kimi «I-Common Sense iyona ejwayelekile kakhulu kwezinzwa», zibeke wena kuqala kuZidingo Zakho bese ukhetha indawo yobuciko ngokwalokho Odinga ukukuveza nokukuxazulula ngokwe-Your Own Script.
  • Ungasebenzisi umcibisholo onqamula amazwekazi ukubulala umiyane. Musa ukwenza impilo kube nzima ngokungadingekile: qala ngesixazululo esilula. Uma ungaxazululi ngalokho, phakamisa ubunzima iphuzu elilodwa, njalonjalo.

Masifake i-CentOS 7 ne-Dnsmasq

Ngokufakwa kohlelo lwesisekelo siqondiswa yi-athikili I-CentOS 7 Hypervisor I futhi ekukhetheni amaphakheji sibeka kuphela inketho «Ingqalasizinda Server«. Imingcele ejwayelekile esizoyisebenzisa ekulungiseleleni le ndatshana yile elandelayo:

Igama lomshini we-Virtual FQDN: dns.fromlinux.fan
Ikheli le-IP: 10.10.10.5

I-CentOS 7 ifaka i-dnsmasq

Yebo Bafundi Abathandekayo, ku-CentOS 7 iphakethe dnsmasq ifakiwe ngenkathi kufakwa i-Infrastructure Server futhi Ngicabanga kunezinye izinketho futhi.

[izimpande @ dns ~] # yum imininingwane dnsmasq
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: dnsmasq Architecture: x86_64 Inguqulo: 2.66 Ukukhishwa: 21.el7 Usayizi: 464 k
Indawo yokugcina: ifakiwe
Kusuka endaweni yokugcina: Isifinyezo se-centos-base: I-URL ye-DNS engasindi / okulondolozwe okwesikhashana ye-URL yeseva: http://www.thekelleys.org.uk/dnsmasq/ Ilayisense: Incazelo ye-GPLv2: I-Dnsmasq ayisindi, kulula ukuyilungiselela ukudlulisa i-DNS ne-DHCP: iseva. Idizayinelwe ukuhlinzeka nge-DNS futhi, ngokuzikhethela, i-DHCP, kunethiwekhi: encane. Ingasebenza ngamagama emishini yasendaweni okuyi: engekho kwi-DNS yomhlaba. Iseva ye-DHCP ihlangana ne-DNS: iseva futhi ivumela imishini enamakheli abelwe i-DHCP ukuthi avele: kwi-DNS enamagama amisiwe kusingathi ngasinye noma kufayela le-: central configuration. I-Dnsmasq isekela ukuma okungaguquguquki nokuguqukayo: ukuqashiswa kwe-DHCP ne-BOOTP yokuqalwa kwenethiwekhi yemishini engasebenzi.

Uhlobo lwe dnsmasq Ukufaka kungu-2.66, futhi kufana nenguqulo yeCentOS:

[izimpande @ dns ~] # ikati / i-proc / inguqulo
Uhlobo lwe-Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (I-Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017

Masivumele futhi silungiselele i-dnsmasq

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1 i-localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 i-localhost localhost.localdomain localhost6 i-localhost6.localdomain6
I-10.10.10.5 dns.fromlinux.fan dns

[izimpande @ dns ~] # igama lomethuleli
dns
[izimpande @ dns ~] # igama lomethuleli -f
dns.fromlinux.fan


[izimpande @ dns ~] # systemctl vumela i-dnsmasq
[izimpande @ dns ~] # systemctl qala dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoSat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 11:47:19 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukuziba i-nameserver I-127.0.0.1 - yendawo e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njll / abasingathi - amakheli ama-3 Iseluleko: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Ungakhohlwa isinyathelo esilandelayo:

[izimpande @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Amakheli we-IP alungisiwe

Nge-Dnsmasq, amakheli amaseva noma amakhompyutha adinga i-IP engaguquki -ombili i-IPv4 ne-IPv6- amenyezelwa kufayela / njll / amabamba:

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # amaseva 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 .desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.fan blog 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 imeyili.desdelinux.fan imeyili

Masenze ifayela le /etc/dnsmasq.conf

[izimpande @ dns ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------- ------------------ # IZINKETHO JIKELELE # ---------------------------- - -------------------------------------- kudingeka isizinda # Ungadluli amagama ngaphandle kwesizinda ingxenye mbumbulu-ngasese # Ungadluli amakheli esikhaleni esingavinjelwe sanda-abasingathi # Faka ngokuzenzakalela isizinda kusikhungo esibonakalayo = eth0 # Interface. QAPHELA i-Interface # except-interface = eth1 # Ungalaleli le oda eqinile ye-NIC # Order lapho ubheka khona ifayela le /etc/resolv.conf # Faka izinketho eziningi zokumisa # ngefayela noma ngokuthola ukucushwa # amafayela angeziwe enkombeni # conf-file = / etc / dnsmasq.more.conf conf-dir = / etc / dnsmasq.d # Okuhlobene ne-Domain Name domain = desdelinux.fan # Igama le-Domain # I-Time Server ingu-10.10.10.1. address = / time.windows.com / 10.10.10.1 # Ithumela inketho engenalutho yenani le-WPAD. Kuyadingeka kuma # Windos 7 nakamuva amaklayenti ukuthi aziphathe kahle. ;-) dhcp-option = 252, "\ n" # Ifayela lapho sizomemezela khona IZIMPAHLA ezizo "vinjelwa" i-addn-hosts = / etc / banner_add_hosts # -------------- --- --------------------------------------------------- --- # REGISTROSCNAMEMXTXT # -------------------------------------------- --- -------------------- # Lolu hlobo lokubhalisa ludinga ukungena # kufayela le- / etc / hosts # isib. blog # cname = ALIAS, REAL_NAME cname = www.desdelinux.fan, blog.desdelinux.fan # MX RECORDS # Returns a MX record with the name "desdelinux.fan" with destination # to the mail.desdelinux.fan computer and priority of 10.10.0.7 mx- host = desdelinux.fan, mail.desdelinux.fan, 10 # Indawo okuyiwa kuyo ngokuzenzakalela yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target = mail.desdelinux.fan # Ibuyisa irekhodi le-MX likhomba mx- okubhekiswe KONKE # imishini yendawo localmx # TXT amarekhodi. Singamemezela futhi irekhodi le-SPF txt-record = desdelinux.fan, "v = spf10 a -all" txt-record = desdelinux.fan, "FromLinux, your Blog dedicated to Free Software" # -------- - ------------------------------------------------- - -------- # -------------------------------------- - ----------- --- -------------------------------------------------- # Ibanga le-IPv1 nesikhathi sokuqashisa # 4 kuye ku-1 ngeseva nezinye izidingo dhcp-range = 29h

dhcp-lease-max = 222 # Inani eliphakeme lamakheli okuqashisa
                        # ngokuzenzakalela kungu-150
# IPV6 Range # dhcp-range = 1234 ::, ra-only # Izinketho zeRANGE # OPTIONS dhcp-option = 1,255.255.255.0 # NETMASK dhcp-option = 3,10.10.10.253 # ROUTER GATEWAY dhcp-option = 6,10.10.10.5. 15 # DNS Servers dhcp-option = 19,1, from linux.fan # DNS Domain Name dhcp-option = 28,10.10.10.255 # option ip-forwarding ON dhcp-option = 42,10.10.10.1 # BROADCAST dhcp-option = 40. 41,10.10.10.5 # NTP # dhcp-option = 4, DCH # NIS Igama Lesizinda # dhcp-option = 44,10.10.10.5 # NIS Server # NGAPHANDLE SAMBA45,10.10.10.5 WINS SERVER # # dhcp-option = 4 # WINS # dhcp-option = 46,8 # I-NetBIOS Datagrams # Yangaphandle SAMBA73,10.10.10.3 WINSERVER # # dhcp-option = XNUMX # NetBIOS Node # dhcp-option = XNUMX # Finger Server dhcp-authoritative # DHCP Authoritative in the subnet # - ------------------------------------------------------ ---------------- # ------------------------------------- --------------- ------------------------------------------------------ ---------- imibuzo yelogi

# UKUPHELA kwefayela le /etc/dnsmasq.conf
# ----------------------------------------------------- ------------------

Ake sibheke i-syntax bese siqala kabusha insiza

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.
[root @ dns ~] # systemctl qala kabusha i-dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:48:05 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:48:05 dns dnsmasq [1288]: iqalile, inguqulo 2.66 i-cachedize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48: 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ukuziba i-nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [1288] ]: funda / njll / imikhosi - amakheli ayi-11
Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry
Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.

Qaphela ukuthi kokukhipha kwangaphambilini ifayela le- isimo se-systemctl dnsmasq ibuyisa iphutha:

Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry

ekhononda ngokuthi awukwazi ukuthola ifayili / njll / banner_add_hosts.

[izimpande @ dns ~] # ukuthinta / njll / banner_add_hosts
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service 
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:54:26 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:54:26 dns dnsmasq [1394]: iqalile, inguqulo 2.66 i-cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ukuziba nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: funda / njll / abasingathi - amakheli ayi-11 Feb 18 12:54:26 dns dnsmasq [1394]: funda / njll / banner_add_hosts - 0 amakheli Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Futhi sesivele sinezinsizakalo ze-DNS ne-DHCP ezisebenzayo.

Kubalulekile

  • Uma siguqula ifayela le /etc/dnsmasq.conf, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza.
  • Uma siguqula ifayili le- / etc / hosts Ukususa, ukuguqula noma ukufaka i-IP engaguquki negama layo lomethuleli ohambelana nayo, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza..
  • ukulayishwa kabusha kwe-systemctl dnsmasq.service akukwazi ukusetshenziswa nale nsizakalo.

Sivula amachweba adingekayo ku-Firewall

Esihlokweni somngani wami nozakwethu uLuigys Toro -isibankwa- "Uwavula kanjani amachweba ku-Centos 7 Firewall»Inqubo okufanele siyilandele ukuvula amachweba ku-Firewall efakwa yi-CentOS ngokuzenzakalela ichazwa kahle. Angazi namanje ukuthi ngiyisebenzisa kanjani imithetho yokuqukethwe kweSelinux kusevisi ye-dnsmasq kuCentOS. Uma kukhona omaziyo, sicela usikhanyisele.

Amafayela / njll / izivumelwano y / njll / amasevisi Ziwumhlahlandlela omuhle kakhulu wokwazi ukuthi yimaphi amachweba esidinga ukuwavula ukuze izinsizakalo ze-DNS ne-DHCP ezinikezwe yi-Dnsmasq zisebenze kahle.

[izimpande @ dns ~] # firewall-cmd - izindawo ezisebenzayo
izixhumi zomphakathi: eth0

Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / udp - ehlala njalo
impumelelo

Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / udp - ehlala njalo
impumelelo

[izimpande @ dns ~] # firewall-cmd - phinda ulayishe
impumelelo

[root @ dns ~] # firewall-cmd - uhlu-konke
umphakathi (osebenzayo): amabhulokhi e-icmp: imithetho ecebile:

Kubalulekile

  • Uma sizonikezela ngezinsizakalo zokuqashisa ikheli le-IPv6, kumele futhi sivule amachweba i-dhcpv6-server 547 / tcp kanye ne-dhcpv6-server 547 / udp.

Amasheke

Ake sibheke imibuzo eminingi ye-DNS ukuthi iDnsmasq yethu entsha sha esanda kusebenza isebenza kanjani. Kulokhu sikhetha iqembu elaziwayo sysadmin.fromlinux.fan, futhi kusuka kuleyo khompyutha, exhunywe kwi-LAN, sizokwenza imibuzo eminingana, kepha hhayi ngaphambi kokubheka ukuthi ifayela lihlelwe kahle /etc/resolv.conf:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Kwenziwe ukusesha kwe-NetworkManager kusuka ku-linux.fan nameserver 10.10.10.5

Izilungiselelo zefayela /etc/resolv.conf kulungile. Ake siqale ukubonisana

buzz @ sysadmin: ~ $ umphathi we-dns
dns.desdelinux.fan inekheli elithi 10.10.10.5 Host dns.desdelinux.fan ayitholakalanga: 5 (REFUSED) dns.desdelinux.fan mail isingathwa nge-mail eyodwa 1.desdelinux.fan.

Ngokucushwa okuhlongozwayo, singakulahla ukukhishwa komyalo Bamba ngaphandle kwezinketho uma kukhulunywa nge-Dnsmasq, lapho kubuyiselwa imigqa efana nale elandelayo:

Umsingathi dns.desdelinux.fan akatholakali: 5 (REFUSED)

Uma singafuni lolo hlobo lokukhiphayo, kufanele sisebenzise umyalo Bamba ngezinketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Bheka umuntu ophethe ukuthola eminye imininingwane:

buzz @ sysadmin: ~ $ host -t Ukuze dns.fromlinux.fan
dns.fromlinux.fan inekheli 10.10.10.5

[izimpande @ dns ~] # umphathi -t Ku-dns
dns.fromlinux.fan inekheli 10.10.10.5

i-buzz @ sysadmin: ~ $ dig dns

buzz @ sysadmin: ~ $ umsingathi 10.10.10.5
5.10.10.10.in-addr.arpa igama lesizinda pointer dns.fromlinux.fan.

I-Dnsmasq ayihloselwe uhlelo lwe-Master - Slave

buzz @ sysadmin: ~ $ host -t AXFR kusuka ku-linux.fan
Ukuzama i- "desdelinux.fan" I-Host desdelinux.fan ayitholakali: 5 (YALAWA); Ukudlulisa kwehlulekile.

Akuhloselwe futhi ukubuyisa amarekhodi e-NS ne-SOA

buzz @ sysadmin: ~ $ host -t NS kusuka ku-linux.fan
Ukusingathwa okuvela ku-linux.fan akutholakalanga: 5 (REFUSED)

buzz @ sysadmin: ~ $ host -t SOA kusuka ku-linux.fan
Ukusingathwa okuvela ku-linux.fan akutholakalanga: 5 (REFUSED)

buzz @ sysadmin: ~ $ dig IN SOA kusuka ku-linux.fan
buzz @ sysadmin: ~ $ dig IN NS kusuka ku-linux.fan

Uma isekela amarekhodi e-MX, CNAME, ne-TXT

buzz @ sysadmin: ~ $ host -t Ukuze www
www.desdelinux.fan kuyinto alias for blog.desdelinux.fan. blog.desdelinux.fan unekheli 10.10.10.7
buzz @ sysadmin: ~ $ host -t MX kusuka ku-linux.fan
Imeyili ye-desdelinux.fan isingathwa nge-imeyili eyi-10.desdelinux.fan.

buzz @ sysadmin: ~ $ umphathi -t CNAME www
www.desdelinux.fan kuyinto alias for blog.desdelinux.fan.

buzz @ sysadmin: ~ $ host -t Ukubloga.fromlinux.fan
blog.desdelinux.fan unekheli 10.10.10.7

buzz @ sysadmin: ~ $ host -t TXT kusuka ku-linux.fan
desdelinux.fan umbhalo ochazayo "FromLinux, i-Blog yakho inikezelwe ku-Free Software" umbhalo ochazayo we-desdelinux.fan "v = spf1 a -all"

I-PTR iqopha imibuzo

buzz @ sysadmin: ~ $ umphathi -t PTR 10.10.10.7
7.10.10.10.in-addr.arpa isizinda segama lesikhombi blog.desdelinux.fan.

buzz @ sysadmin: ~ $ umsingathi 10.10.10.7
7.10.10.10.in-addr.arpa isizinda segama lesikhombi blog.desdelinux.fan.

Amaklayenti e-Microsoft® Windows

Kuphilile kakhulu ukusebenzisa ikhonsoli yeseva dns.fromlinux.fan umyalo iphephabhuku -f NGAPHAMBI kokuvula umshini osebenzisa isistimu yokusebenza ye-Microsoft® Windows, ukubona inani elikhulu lemibuzo ye-DNS eliyenzayo kumasayithi ahlukene. Kuyajabulisa ngempela. 😉

Uma sifuna ukuvimba imibuzo ephathelene namanye ala masayithi ekuhambeleni kumaseva eRoots Izimpande Zeseva noma ngase Abadlulisi ukuthi simemezele kufayela /etc/resolv.conf, singalisebenzisa kahle ifayela / etc / banner_add_host, ukuyigcwalisa ngamasayithi amaningi esidinga ukuwamemezela. Isibonelo:

[izimpande @ dns ~] # nano / njll / banner_add_hosts
127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.

[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service

[root @ dns ~] # host -t Ku-spynet4.microsoft.com
ispynet4.microsoft.com inekheli 127.0.0.1

[root @ dns ~] # host -t Ku-www.download.windowsupdate.com
www.download.windowsupdate.com inekheli 127.0.0.1
  • Ifomethi yefayela le- / etc / banner_add_hosts iyefana nefayela le- / etc / hosts. Khumbula ukuthi uhlu lwezizinda "zokuvimbela" lungaba lude ngangokunokwenzeka, ngokusho kwesigaba IMIKHAWULO yalesi sihloko.

Ukuhlola kusuka kuklayenti eziyisikhombisa enikeze ikheli le-IP:

buzz @ sysadmin: ~ $ host -t A eziyisikhombisa
seven.desdelinux.fan inekheli 10.10.10.115

senza umyalo kuklayenti leWindows uqobo cmd:

I-Microsoft Windows [Inguqulo 6.1.7601]
I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe.

C: \ Abasebenzisi \ buzz> nslookup
I-Default Server: dns.desdelinux.fan Ikheli: 10.10.10.5> dns Server: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: dns.desdelinux.fan Ikheli: 10.10.10.5> ftpserver Server: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: ftpserver.desdelinux.fan Ikheli: 10.10.10.8> www Server: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: blog.desdelinux.fan Ikheli: 10.10.10.7 Ama-aliases: www.desdelinux.fan> imeyili Iseva: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: mail.desdelinux.fan Ikheli: 10.10.10.9> sysadmin Server: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: sysadmin.desdelinux.fan Ikheli: 10.10.10.1 > www.download.windowsupdate.com Server: dns.desdelinux.fan Ikheli: 10.10.10.5 Igama: www.download.windowsupdate.com Ikheli: 127.0.0.1> yeka C: \ Abasebenzisi \ buzz>

Isifingqo

Kuze kube manje sibonile izici ezimbalwa eziyinhloko ze-Dnsmasq. ngicabanga Funda futhi ufunde amafayela ashiwo esigabeni sokuqala sale ndatshana, uma ufuna ukwazi kabanzi ngalolu hlelo oluhle kakhulu nolumangazayo. Ngokusetshenziswa kwayo singakwazi ukwenza lula izimpilo zethu.

Cishe ngo-2014 ngifunde i-athikili «Kanjani: Samba4 AD PDC + Windows XP, Vista no-7«. Umsunguli wale ndatshana umemezela ngaphandle kokuchwayiza: «Ngiyakuzonda ukubopha, ngakho-ke yi-dnsmasq ukutakula»(Sic) okusho okuncane noma okuncane okushoyo«Ngiyakuzonda ukubopha, ngakho-ke uDnsmasq uyangisiza«. Kwerekhodi, leyo nkulumo ayishongo kimi.

Ekudluliseni ngiphawula ukuthi, kuleyo ndatshana uMlobi akacacisi umsuka wamanye amarekhodi e-DNS futhi ngamagama ajwayelekile akuyona inkomba enhle yokusebenzisa i-Active Directory® esekwe kuSamba 4. Uma uthanda ngokweqile iDnsmasq.

Angikuzondi ukubopha nhlobo. Izindatshana zami ezine -4- ezidlule zikufakazela lokhu:

Njengoba ngike ngabhala ezikhathini ezedlule, cishe angikaze Ngisikisela, kodwa ngicabanga. Endabeni kaDnsmasq yebo Ngisikisela ukusetshenziswa kwayo kuma-SME Networks.

Ukulethwa okulandelayo

Isitolimende esilandelayo -ngicabanga ukuthi ngiyacabanga- Ngizoyinikela ekuhlanganisweni kweDnsmasq ne-Microsoft® Active Directory®. Kuzoba yindawo enhle yokungena ye-athikili -muy- ngokuhamba kwesikhathi lokho kuzobhekana nokuthi ungayenza kanjani i-AD-DC ngeSamba 4 neDnsmasq.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-12, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UJoan Hernandez kusho

    Sanibonani ekuseni !!! Ngiyaqinisekisa konke okushoyo futhi ngokweqiniso ukuthi ukusebenza kwale nethiwekhi kuze kube manje akunikezi sizathu sokukhononda. Angiseyona i-sysadmin yaleyo nethiwekhi, ngoba uyazi izinkinga ebenginazo ... kepha ngenkathi ngiphethe leyo nethiwekhi futhi kuze kube manje lapho ngixhumana nalowo ophambi kwayo, asikho isizathu sokukhononda. Okuhlangenwe nakho kwami ​​okuhle nge-ClearOS ne-DNSmasq.

  2.   frederico kusho

    Mngani Joan, Ngiyabonga ngosizo lwakho ekuqinisekiseni engikubhalile mayelana nenkampani ene-ClearOS.

  3.   isihlibhi kusho

    Engikuthanda kakhulu nge-dnsmasq ukuthi kungasebenziseka kanjani, kufayela elilodwa ulungiselela i-DNS ne-DHCP. Mayelana nokusebenza anginazikhalazo, esikhathini esithile esedlule ngacisha iseva ka-2003R2 eyayisebenza njenge-DC, amaklayenti amaningana e-Linux avela komasipala abakude "babelokhu belengisiwe" futhi njengoba ngangingenayo indlela yokushintsha izintandokazi zabo ze-DNS, engikwenzile ngakukhulisa uJessie onaleyo IP ne-dnsmasq balondoloze i-DNS entsha, konke kulungile.
    I-athikili enhle kakhulu uFico, maqondana nami.

    1.    frederico kusho

      Ucabangani ngomkhawulo olandelanayo wokunikeza amakhompyutha afinyelela ku-1000? Nginethuba lokuqinisekisa imininingwane nomngani ozinikele ekunikezeni izinsizakalo zewebhusayithi ethi "Captive» nge-WiFi, futhi muva nje unikeze insizakalo-nge-BIND + Isc-dhcp- kuma-mobiles angaphezu kwe-1000 eKarl Marx Theatre. Ungiqashe ukuthi ngimenze iseva enokusetshenziswa okuphansi kakhulu kwezinsizakusebenza, zalowo msebenzi.

      1.    isihlibhi kusho

        Kufanele kucace ukuthi lawa abizwa ngokuthi "imingcele" alinganiswa eminyakeni embalwa eyedlule futhi nge-hardware engaphansi kwezinga lamanje, zombili i-dnsmasq namakhasimende aguquke kakhulu, ngiyaqiniseka ukuthi izobamba umthwalo walaba abasebenzisi. Hlala ubhala futhi uvimbele imibuzo eyinkulungwane neyodwa i-Android eyenza izame ukufonela ekhaya, hehe. Jabulela

  4.   frederico kusho

    Ngizosithatha ngokungathi sína iseluleko sakho, dhunter. ngiyabona futhi

  5.   IWO kusho

    Njengoba sekuyinsakavukela kulolu chungechunge lwama-SME, lokhu okuthunyelwe ku- "DNSMASQ" kungenye indatshana enhle umlobi asinika yona ama-sysadmins ukuze sizithuthukise ngobuchwepheshe nangethiyori.
    Endabeni yami siqu ngangazi ngokungacacile nge-dnsmasq ngoba ngangibeke phambili i-DNS (Bind) ne-DHCP njengezinsizakalo ezimbili ezizimele. Kimi kukhulu! Into ye-dnsmasq yokuvumela ukumisa zombili kusevisi eyodwa (ngefayela /etc/dnsmasq.conf).
    Kuhle! ekwazi ukuxhasa okungenani amaklayenti ayi-1,000 XNUMX nge-DNS ne-DHCP ngaphandle kokuthinta ukusebenza kwayo.
    Okunye okuhle kakhulu yi-TIP yokuthi ungayibalekela kanjani imibuzo ephathelene nama-Root Servers noma i-Forwarders esebenzisa i- / etc / banner_add_host file where we insert the "N" sites that we need to declare as if were "localhosts".
    Ekugcineni futhi njengoba bekulokhu kujwayelekile kumbhali ngesigaba sakhe esithi "Okulandelayo isitolimende", manje uhlela ukuletha elinye igugu "ukuhlanganiswa kweDnsmasq ne-Microsoft® Active Directory®".
    Yebo, sesivele sikulangazelele.

  6.   isikejana inflatable kusho

    Bengimatasa futhi angikwazi ukulandela izindatshana zakho. Ngiphuthelwe amanye. Umbhalo wakho omusha ngamunye uyisimanga esimnandi esiqukethe izimfundiso ezintsha. Qhubeka, mngani Fico

  7.   crespo88 kusho

    IDnsmasq, ngibona ukusebenza kwayo nsuku zonke, kungcono kakhulu. Bengihlala ngikutshela futhi ngiphikelela ekuhlanganisweni kwe-bind9 kanye ne-isc-dhcp-server (isixazululo engisithanda kakhulu, ngoba ukuzama kaningi ngafunda futhi ngabona futhi ngathola lokho okuncane engikwaziyo nge-dns ne-dhcp, i-VIIII, bengikwazi bona ukuthi yini iMicrosoft engakuvumeli uyigcine, lokho abangafuni ukuba ukufunde futhi ikugcine egumbini elimnyama futhi elikhiyiwe, empeleni kuyizinsizakalo okwakhulunywa ngazo sengathi ziyizilo futhi zingabantu abalungile, ongabhekana nazo iqiniso), futhi ngiyabonga Kulokhu uphoqeleke ukuthi uzithuthukise nakakhulu, empeleni sesivele siyibona yonke imiphumela yalo mzamo futhi siyabonga ngekhwalithi yokuthunyelwe kwakho.
    Lokhu ikakhulukazi kuphezulu, angithathi isikweletu kwabanye, NGOKUQINISEKILE HHAYI, HHAYI NOMA UCABANGA NGAYO; kodwa kungenxa yakho ngihlangane nomngani wami dnsmasq futhi inethiwekhi ye-Residence yami ihlala ngaphezu kokujabula ukuhlangana nozakwethu omusha owenziwe nguSimon Kelley. Ngiyabonga nakuye.

  8.   frederico kusho

    IWO: Ngeke ulinde isikhathi eside ngokuthunyelwe okulandelayo. Angikayiqedi okwamanje ngoba ngimatasa kakhulu nomsebenzi wami wansuku zonke. Isikhathi ... Kepha ngokuqinisekile uzoba naso ngeviki elizayo.

  9.   frederico kusho

    I-Crespo88: Angikwazi ukungeza enye into ekuphawuleni kwakho okuphelele. Futhi sengivele nginesikhathi esincane ngoba ngo-7 ntambama ngiphelelwa ukuzulazula 😉
    Ngiyabonga!.

  10.   i-caesareli kusho

    Sawubona, FICO. I-athikili enhle kakhulu.
    Ngingathanda ukwazi ukuthi ungayisebenzisa kanjani i-dnsmasq kwi-baremetal (HP Proliant gen 8) ebamba imishini ebonakalayo ye-KVM.
    Ngabe ukucushwa kwe-dnsmasq kufanele kwenziwe kumsingathi noma kwelinye lama-VM asebenza njengeseva ye-dnsmasq?
    Ngisenkingeni.
    Ukubingelela